Date of last revision: April 28, 2017
Your privacy matters to us. Whether you are new to AliveCor or a long-time user of Kardia, you can learn about our privacy practices below, and contact us at firstname.lastname@example.org if you have any questions.
- What information we collect and why we collect it.
- How we use and share that information.
Your rights and choices regarding your information.
Our compliance to HIPAA.
1. What information we collect and why we collect it
We may collect the following types of information from you when you visit or use our Service. The information may be stored on the device you use to access the Service and on our servers.
- Account and Profile Information. When you register to use the Service or create a Kardia account, we may collect your name and all other information provided to us (information such as your email address, password, date of birth, gender, height and weight, and whether you are a smoker or non-smoker). We also collect any information uploaded or otherwise input by you while using the Service, including, but not limited to, information related to medications you are taking and other health-related information about you. You may optionally add information to your profile such as your Patient ID, and information about your activity level, medical conditions, and medications. When you create a Kardia Pro account, we may ask you to provide information, such as your name, email address, password, and your National Provider Identifier (NPI) number.
- Notes, Tags, and Voice Memos. You can add notes or tags to an electrocardiogram (“ECG”) recording, including information such as symptoms, activities, and diet that are relevant to heart health. You may speak your symptoms or activities aloud and they will be included as transcribed notes with the applicable ECG recording.
- Monitoring and Usage Data. We collect certain information through your use of the AliveCor devices connected to the Service, such as human ECG data, including the ECG measurement itself, mobile device accelerometer data, average heart rate, the location on the body where the ECG recording was taken (e.g. hand or chest), local time, time zone and geographic location of ECG acquisition. We may also collect such information from patients through Kardia Pro when initiated by a Kardia Pro user.
- Kardia Pro. When a health care provider records and submits a patient’s ECG information using Kardia Pro, the provider may also submit patient profile information, including name, email address, telephone number, date of birth, sex, and medical record number. Such information, any monitoring and usage data described above collected from a patient through Kardia Pro, and notes, tags, and voice memos submitted by a provider, may be connected to the patient’s Kardia account, if the provider and patient agree to the connection.
- Third-Party Devices and Services. If you choose to connect the Service to third-party devices or services, such as Google Fit or Apple Health, we may request your permission to access health-related information from them, such as heart rate BPM (beats per minute), step count, activity sample, distance, active energy, blood glucose, oxygen saturation, resting energy, sleep analysis, diastolic blood pressure, systolic blood pressure, flights climbed, weight, and workouts. The third parties may offer you tools to limit which data that we access.
- Clinical Interpretation Service. If you use the Clinical Interpretation Service, as defined in the AliveCor Terms of Service, the Clinical Interpretation Service will send to AliveCor its analysis of your data, which we make available to you through the Service.
- Mobile Device Information. When you use our Service, we receive information about your device, such as its model and operating system version.
- Customer Support Inquiries. If you contact us directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide. Contact us at email@example.com if you have any questions.
- Payment Information. When you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
- Cookies and Related Technologies. When you visit our Service or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may link this data to your profile. You may be able to change browser settings to block and delete cookies when you access the Sites through a web browser. However, if you do that, the Sites may not work properly. Our ad networks and analytics service providers may also collect information about your use of other websites and online services over time, if those websites and online services also use the same service providers. We currently use Google Analytics and MixPanel to collect and process certain website usage data. To learn more about Google Analytics and how to opt out, please visit google.com/policies/privacy/partners/. To learn more about MixPanel, please visit https://mixpanel.com/privacy/.
2. How We Use the Information We Collect
We may use the information we collect for the following purposes and as permitted in any other agreements we have with you:
- To Provide and Improve the Service. We use information to provide, evaluate, and improve the Service, including to provide you with the ECG analysis service and reports based on the analysis of your health-related information, including your ECG data, data collected via your use of AliveCor devices, and data from third-party devices and services, including Google Fit and/or Apple Health, if connected to the Service; to analyze our products and their usage to enhance and improve our existing Service; to develop new products and services; manage our communications; and perform accounting, auditing and other internal functions.
- To Communicate with You. We may send you emails, text messages, and push notifications to your mobile device if they are enabled, to verify your account and for informational and operational purposes, such as account management, instructions, alerts, reminders, customer service, system maintenance, and other Service-related purposes. We may also permit users, such as health care providers, to use the Service to send you emails, text messages, and push notifications.
- Process Payments. We use your information to facilitate transactions, deliveries, and payments with our third-party service providers.
- Marketing. To the extent permitted by applicable law, we may use information to provide online advertising on the Service and to send you newsletters, offers, surveys, and other promotional information related to AliveCor products and services, including, but not limited to, the Service (” Promotional Emails“). Where required under applicable law, we will obtain appropriate consent to send you marketing communications. You may opt out of email marketing by using the unsubscribe link in a marketing email, or by contacting us at firstname.lastname@example.org.
- Data Analysis. We analyze the information we collect to provide our products and services, such as providing reports to you. To the extent permitted by law and our partner agreements, we may also de-identify and/or aggregate information, and use and disclose it for business purposes (for example, to perform research and provide statistical information and data regarding trends to AliveCor affiliates and our partners).
- Compliance with Legal and Other Requirements and to Protect Rights. We may use information to protect against, identify, and prevent fraud and other unlawful activity, claims and other liabilities. We also may use information to comply with and enforce applicable legal requirements, relevant industry standards, and our policies.
3. How We Share the Information We Collect
- We May Share Information Collected through Kardia with Your Physician or Healthcare Provider through our Physician Facing Service. If you use the Service as a Kardia user, you may be able to email information to your physician or healthcare provider, such as
- your profile information (including name, date of birth, gender, height, weight, and whether you are a smoker or non-smoker);
- ECG and other information collected through the Service;
- any accompanying notes or tags you have added;
- data from third-party devices and services, including Google Fit or Apple Health, if connected to the Service;
- any health analysis reports associated with your account; and
- any other physiological and health-related information (e.g. blood pressure data) added to your user profile.
If your physician or healthcare provider uses a Kardia Pro account, you may also choose to connect to your physician or healthcare provider through the Service. If you connect to your physician or healthcare provider through the Service, we may share any of the information listed above through the Service with them. We do not share historical ECG information collected by the Service prior to the date you permitted the healthcare provider to access your information, although you may independently send historical ECG information to your healthcare provider.
- We May Share Information Available through Kardia with Our Clinical Interpretation Service Partners. If you use Kardia to receive the Clinical Interpretation Service, as defined in the AliveCor Terms of Service, we will share information with AliveCor’s Clinical Interpretation Service Partners. This information includes your profile information, your ECG recordings, and any other data from third-party devices and services, including Google Fit or Apple Health data, if connected to the Service; and any accompanying notes or tags you have provided (including transcribed notes you provided through voice memos). AliveCor will also share your name, date of birth, gender, height, weight, and whether you are a smoker or non-smoker.
- We May Share Information collected through Kardia Pro among Physicians and Staff at a Healthcare Practice or Group. Physicians and staff using Kardia Pro as part of a health care practice or group have access to patient information stored by Kardia Pro for that practice or group. This permits physicians and staff to access information in Kardia Pro when patients see different physicians and staff at the practice or group.
- Vendors and Service Providers. We may share any information we receive with vendors and service providers we use to help us provide the Service. Examples of these vendors and service providers include entities that process credit card payments, fulfill orders, and provide analytics and web hosting services. We require our vendors and service providers by contract to only use or disclose the information they process on our behalf as necessary to perform certain services on our behalf or comply with legal requirements.
- Members of our Group. We may share your informationwith any members of our group, which includes our affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the above-mentioned information processing purposes.
- Third-Party Devices and Services. If you permit the Service to integrate with or connect to third-party devices and services, such as Google Fit or Apple Health, with your permission we will share some health-related information with them, such as your heart rate BPM, height, and weight. Such third-party devices and services may provide additional controls to limit the information the Service provide to them. If you connect your AliveCor account to a third-party device or service, you may be asked to share your information with that application. We will not share your information without your permission.
- Advertising Partners. We do not rent, sell, or share personal information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. We may work with third party advertising partners to show ads for our Service that we think may interest you after you visit our Service. These third-party partners collect information from you when you visit our Service and other online services. Where required under applicable law, we will request your consent to such collection and use of your information. You may be able to opt out of receiving personalized advertisements from us and our advertising partners who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations. Links to those sites are here:
- Legal and Similar Disclosures. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; comply with the law, or protect your, our, or others’ rights, property, or safety.
- Other Disclosures. We may disclose information in other ways when we have consent to do so, such as provided in other agreements we may have with patients and providers.
4. Your Rights and Choices Regarding Your Information
We offer you certain choices in connection with the information we collect about you.
- Subject to applicable law, you may have the right to request access to and be informed about the information we maintain about you, update and correct inaccuracies in your information, and have the information blocked or deleted, as appropriate. If you wish to request access or an update to the information that we have concerning you, please email us at email@example.com. Your rights to your information may be limited in some circumstances by local legal requirements. You also have the right to withdraw your consent to the collection of your information. Note however that if you exercise your right of blocking or deletion, if you decline to share certain information with us, or if you withdraw your consent, we may not be able to provide to you some of the features and functionalities of the Service.
- If you receive Promotional Emails from us, you may unsubscribe at any time by following the opt-out instructions contained within the message. Even after you opt-out of receiving promotional messages from us, you may continue to receive administrative messages from us regarding the Service. You may turn off push notifications through your device settings.
Kardia users may also contact us to:
- Stop the sharing of your information with a specific provider;
- Request information about any disclosures of your information that we have made;
- Update your email preferences or ask us to remove your information from our mailing lists; or
- Submit another type of request.
We will retain information (1) submitted by a Kardia Pro user or (2) provided to a physician or healthcare provider from a Kardia user, in accordance with any agreements we have with such healthcare provider or physician. When a Kardia user terminates his/her Kardia account, we will delete the user’s information that was not otherwise provided to a physician or healthcare provider. When we delete any information, it will be deleted from the active database, but may remain in our archives. You may terminate your account at any time by following the procedures detailed on the Service or by contacting customer support at firstname.lastname@example.org.
We will continue to use de-identified and/or aggregated information, as permitted under applicable law and to comply with our legal obligations, agreements with physicians and healthcare providers, resolve disputes, enforce our rights, or similar purposes. You may delete the App to remove information stored on your device.
5. Compliance to HIPAA
6. International Data Transfers
We may transfer information we collect about you to countries other than the country in which the information was originally collected. If you are in the European Economic Area (EEA) or other region with laws governing data collection and use that differ from those of the United States, please note that your information may be transferred to countries located outside the EEA, in particular to the United States, where we are headquartered and where some of our service providers are located. Those countries may not have the same level of protection as the country in which you initially provided that information. When we transfer your information, we will protect it as described in this Policy.
7. Security of Your Information
We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while AliveCor uses reasonable efforts to protect your information, AliveCor cannot guarantee its absolute security.
8. Children’s Privacy
Our Service is not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please contact us at email@example.com.
9. Links to Other Websites and Applications
The Service may provide links to other websites and applications for your convenience and information. These websites and applications may operate independently from us. Linked sites and applications may have their own privacy policies, which we strongly suggest you review. To the extent any linked websites or applications are not owned or controlled by us, we are not responsible for the sites’ or applications’ content, any use of the sites or applications, or the privacy practices of the sites or applications.
12. How to Contact Us
444 Castro Street, Suite 600
Mountain View, CA 94041
If you are located in the EEA, the entity responsible for the collection, use and processing of your personal information is:
58 Herschel Street
00PL01 Rev. 10 | April 28, 2017