AliveCor Privacy Policy

Date of last revision: April 28, 2017

Your privacy matters to us. Whether you are new to AliveCor or a long-time user of Kardia, you can learn about our privacy practices below, and contact us at privacy@alivecor.com if you have any questions.

This Privacy Policy describes how AliveCor, Inc. and its subsidiaries and affiliates (collectively ” AliveCor ,” ” we ,” ” us“) collects, processes, uses, discloses, and secures information we collect from users of our website, located at www.alivecor.com, (the ” Site“), our software applications (” Software ,” ” App“), and services provided through the Site or Software (together, the ” Service“). The term “you” refers to the person visiting or using the Service.

Our Privacy Policy explains:

  • What information we collect and why we collect it.
  • How we use and share that information.
  • Your rights and choices regarding your information.

  • Our compliance to HIPAA.

1. What information we collect and why we collect it

We may collect the following types of information from you when you visit or use our Service. The information may be stored on the device you use to access the Service and on our servers.

  • Account and Profile Information. When you register to use the Service or create a Kardia account, we may collect your name and all other information provided to us (information such as your email address, password, date of birth, gender, height and weight, and whether you are a smoker or non-smoker). We also collect any information uploaded or otherwise input by you while using the Service, including, but not limited to, information related to medications you are taking and other health-related information about you. You may optionally add information to your profile such as your Patient ID, and information about your activity level, medical conditions, and medications. When you create a Kardia Pro account, we may ask you to provide information, such as your name, email address, password, and your National Provider Identifier (NPI) number.
  • Notes, Tags, and Voice Memos. You can add notes or tags to an electrocardiogram (“ECG”) recording, including information such as symptoms, activities, and diet that are relevant to heart health. You may speak your symptoms or activities aloud and they will be included as transcribed notes with the applicable ECG recording.
  • Monitoring and Usage Data. We collect certain information through your use of the AliveCor devices connected to the Service, such as human ECG data, including the ECG measurement itself, mobile device accelerometer data, average heart rate, the location on the body where the ECG recording was taken (e.g. hand or chest), local time, time zone and geographic location of ECG acquisition. We may also collect such information from patients through Kardia Pro when initiated by a Kardia Pro user.
  • Kardia Pro. When a health care provider records and submits a patient’s ECG information using Kardia Pro, the provider may also submit patient profile information, including name, email address, telephone number, date of birth, sex, and medical record number. Such information, any monitoring and usage data described above collected from a patient through Kardia Pro, and notes, tags, and voice memos submitted by a provider, may be connected to the patient’s Kardia account, if the provider and patient agree to the connection.
  • Third-Party Devices and Services. If you choose to connect the Service to third-party devices or services, such as Google Fit or Apple Health, we may request your permission to access health-related information from them, such as heart rate BPM (beats per minute), step count, activity sample, distance, active energy, blood glucose, oxygen saturation, resting energy, sleep analysis, diastolic blood pressure, systolic blood pressure, flights climbed, weight, and workouts. The third parties may offer you tools to limit which data that we access.
  • Clinical Interpretation Service. If you use the Clinical Interpretation Service, as defined in the AliveCor Terms of Service, the Clinical Interpretation Service will send to AliveCor its analysis of your data, which we make available to you through the Service.
  • Mobile Device Information. When you use our Service, we receive information about your device, such as its model and operating system version.
  • Customer Support Inquiries. If you contact us directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide. Contact us at support@alivecor.com if you have any questions.
  • Payment Information. When you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
  • Cookies and Related Technologies. When you visit our Service or open our emails, we and our third-party service providers may collect certain information by automated means, such as cookies, web beacons and web server logs. The information collected in this manner includes IP address, browser characteristics, device IDs and characteristics, operating system version, language preferences, referring URLs, and information about the usage of our Service. We may link this data to your profile. You may be able to change browser settings to block and delete cookies when you access the Sites through a web browser. However, if you do that, the Sites may not work properly. Our ad networks and analytics service providers may also collect information about your use of other websites and online services over time, if those websites and online services also use the same service providers. We currently use Google Analytics and MixPanel to collect and process certain website usage data. To learn more about Google Analytics and how to opt out, please visit google.com/policies/privacy/partners/. To learn more about MixPanel, please visit https://mixpanel.com/privacy/.

2. How We Use the Information We Collect

We may use the information we collect for the following purposes and as permitted in any other agreements we have with you:

  • To Provide and Improve the Service. We use information to provide, evaluate, and improve the Service, including to provide you with the ECG analysis service and reports based on the analysis of your health-related information, including your ECG data, data collected via your use of AliveCor devices, and data from third-party devices and services, including Google Fit and/or Apple Health, if connected to the Service; to analyze our products and their usage to enhance and improve our existing Service; to develop new products and services; manage our communications; and perform accounting, auditing and other internal functions.
  • To Communicate with You. We may send you emails, text messages, and push notifications to your mobile device if they are enabled, to verify your account and for informational and operational purposes, such as account management, instructions, alerts, reminders, customer service, system maintenance, and other Service-related purposes. We may also permit users, such as health care providers, to use the Service to send you emails, text messages, and push notifications.
  • Process Payments. We use your information to facilitate transactions, deliveries, and payments with our third-party service providers.
  • Marketing. To the extent permitted by applicable law, we may use information to provide online advertising on the Service and to send you newsletters, offers, surveys, and other promotional information related to AliveCor products and services, including, but not limited to, the Service (” Promotional Emails“). Where required under applicable law, we will obtain appropriate consent to send you marketing communications. You may opt out of email marketing by using the unsubscribe link in a marketing email, or by contacting us at privacy@alivecor.com.
  • Data Analysis. We analyze the information we collect to provide our products and services, such as providing reports to you. To the extent permitted by law and our partner agreements, we may also de-identify and/or aggregate information, and use and disclose it for business purposes (for example, to perform research and provide statistical information and data regarding trends to AliveCor affiliates and our partners).
  • Compliance with Legal and Other Requirements and to Protect Rights. We may use information to protect against, identify, and prevent fraud and other unlawful activity, claims and other liabilities. We also may use information to comply with and enforce applicable legal requirements, relevant industry standards, and our policies.

3. How We Share the Information We Collect

We may disclose the information we collect about you as described in this Privacy Policyand as permitted in any other agreements we have with you.

  • We May Share Information Collected through Kardia with Your Physician or Healthcare Provider through our Physician Facing Service. If you use the Service as a Kardia user, you may be able to email information to your physician or healthcare provider, such as
    • your profile information (including name, date of birth, gender, height, weight, and whether you are a smoker or non-smoker);
    • ECG and other information collected through the Service;
    • any accompanying notes or tags you have added;
    • data from third-party devices and services, including Google Fit or Apple Health, if connected to the Service;
    • any health analysis reports associated with your account; and
    • any other physiological and health-related information (e.g. blood pressure data) added to your user profile.

If your physician or healthcare provider uses a Kardia Pro account, you may also choose to connect to your physician or healthcare provider through the Service. If you connect to your physician or healthcare provider through the Service, we may share any of the information listed above through the Service with them. We do not share historical ECG information collected by the Service prior to the date you permitted the healthcare provider to access your information, although you may independently send historical ECG information to your healthcare provider.

Your physician or healthcare provider will handle any data it receives through the Service in accordance with their/its own privacy policies. We encourage you to read your health care provider’s privacy policy. We are not responsible for providers’ activities with respect to the information they receive through the Service.

  • We May Share Information Available through Kardia with Our Clinical Interpretation Service Partners. If you use Kardia to receive the Clinical Interpretation Service, as defined in the AliveCor Terms of Service, we will share information with AliveCor’s Clinical Interpretation Service Partners. This information includes your profile information, your ECG recordings, and any other data from third-party devices and services, including Google Fit or Apple Health data, if connected to the Service; and any accompanying notes or tags you have provided (including transcribed notes you provided through voice memos). AliveCor will also share your name, date of birth, gender, height, weight, and whether you are a smoker or non-smoker.
  • We May Share Information collected through Kardia Pro among Physicians and Staff at a Healthcare Practice or Group. Physicians and staff using Kardia Pro as part of a health care practice or group have access to patient information stored by Kardia Pro for that practice or group. This permits physicians and staff to access information in Kardia Pro when patients see different physicians and staff at the practice or group.
  • Vendors and Service Providers. We may share any information we receive with vendors and service providers we use to help us provide the Service. Examples of these vendors and service providers include entities that process credit card payments, fulfill orders, and provide analytics and web hosting services. We require our vendors and service providers by contract to only use or disclose the information they process on our behalf as necessary to perform certain services on our behalf or comply with legal requirements.
  • Members of our Group. We may share your informationwith any members of our group, which includes our affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the above-mentioned information processing purposes.
  • Third-Party Devices and Services. If you permit the Service to integrate with or connect to third-party devices and services, such as Google Fit or Apple Health, with your permission we will share some health-related information with them, such as your heart rate BPM, height, and weight. Such third-party devices and services may provide additional controls to limit the information the Service provide to them. If you connect your AliveCor account to a third-party device or service, you may be asked to share your information with that application. We will not share your information without your permission.
  • Advertising Partners. We do not rent, sell, or share personal information about you with other people or nonaffiliated companies for their direct marketing purposes, unless we have your permission. We may work with third party advertising partners to show ads for our Service that we think may interest you after you visit our Service. These third-party partners collect information from you when you visit our Service and other online services. Where required under applicable law, we will request your consent to such collection and use of your information. You may be able to opt out of receiving personalized advertisements from us and our advertising partners who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt-out sections on the websites of each of those organizations. Links to those sites are here:

Network Advertising Initiative: http://www.networkadvertising.org/choices/
Digital Advertising Alliance: http://www.aboutads.info/choices/

  • Legal and Similar Disclosures. We may access, preserve, and disclose collected information, if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; respond to your requests; comply with the law, or protect your, our, or others’ rights, property, or safety.
  • Merger, Sale, or Other Asset Transfers. In the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), such assets likely will include the data we retain. We will use reasonable efforts to direct the transferee to use information you have provided to us in a manner that is consistent with this Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your information with any inquiries concerning the processing of that information.
  • Other Disclosures. We may disclose information in other ways when we have consent to do so, such as provided in other agreements we may have with patients and providers.

4. Your Rights and Choices Regarding Your Information

We offer you certain choices in connection with the information we collect about you.

  • Subject to applicable law, you may have the right to request access to and be informed about the information we maintain about you, update and correct inaccuracies in your information, and have the information blocked or deleted, as appropriate. If you wish to request access or an update to the information that we have concerning you, please email us at privacy@alivecor.com. Your rights to your information may be limited in some circumstances by local legal requirements. You also have the right to withdraw your consent to the collection of your information. Note however that if you exercise your right of blocking or deletion, if you decline to share certain information with us, or if you withdraw your consent, we may not be able to provide to you some of the features and functionalities of the Service.
  • If you receive Promotional Emails from us, you may unsubscribe at any time by following the opt-out instructions contained within the message. Even after you opt-out of receiving promotional messages from us, you may continue to receive administrative messages from us regarding the Service. You may turn off push notifications through your device settings.

You may contact us as indicated in the ‘How to Contact Us’ section of this Privacy Policy to exercise your rights and choices to your information. If we provide you with access to information, we may require you to pay a fee to meet our costs.

Kardia users may also contact us to:

  • Stop the sharing of your information with a specific provider;
  • Request information about any disclosures of your information that we have made;
  • Update your email preferences or ask us to remove your information from our mailing lists; or
  • Submit another type of request.

We will retain information (1) submitted by a Kardia Pro user or (2) provided to a physician or healthcare provider from a Kardia user, in accordance with any agreements we have with such healthcare provider or physician. When a Kardia user terminates his/her Kardia account, we will delete the user’s information that was not otherwise provided to a physician or healthcare provider. When we delete any information, it will be deleted from the active database, but may remain in our archives. You may terminate your account at any time by following the procedures detailed on the Service or by contacting customer support at support@alivecor.com.

We will continue to use de-identified and/or aggregated information, as permitted under applicable law and to comply with our legal obligations, agreements with physicians and healthcare providers, resolve disputes, enforce our rights, or similar purposes. You may delete the App to remove information stored on your device.

5. Compliance to HIPAA

Notwithstanding anything in this Privacy Policy to the contrary, to the extent we create, receive, maintain, or transmit (collectively, “Process”) “protected health information” (as such term is defined in 45 C.F.R 160.103) in providing the Service, we shall only use and disclose that information in accordance with the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”). HIPAA also requires us to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the protected health information we Process. Under HIPAA, the covered entity on whose behalf we Process your protected health information is generally required to provide or make available to you a Notice of Privacy Practices (“NPP”). The NPP is intended to provide notice on how the covered entity may use and share your protected health information and inform you about your health privacy rights.

6. International Data Transfers

We may transfer information we collect about you to countries other than the country in which the information was originally collected. If you are in the European Economic Area (EEA) or other region with laws governing data collection and use that differ from those of the United States, please note that your information may be transferred to countries located outside the EEA, in particular to the United States, where we are headquartered and where some of our service providers are located. Those countries may not have the same level of protection as the country in which you initially provided that information. When we transfer your information, we will protect it as described in this Policy.

7. Security of Your Information

We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while AliveCor uses reasonable efforts to protect your information, AliveCor cannot guarantee its absolute security.

8. Children’s Privacy

Our Service is not directed to children, and we do not knowingly collect personal information from children under 13. If we find out that a child under 13 has given us personal information, we will take steps to delete that information. If you believe that a child under the age of 13 has given us personal information, please contact us at privacy@alivecor.com.

9. Links to Other Websites and Applications

The Service may provide links to other websites and applications for your convenience and information. These websites and applications may operate independently from us. Linked sites and applications may have their own privacy policies, which we strongly suggest you review. To the extent any linked websites or applications are not owned or controlled by us, we are not responsible for the sites’ or applications’ content, any use of the sites or applications, or the privacy practices of the sites or applications.

10. Changes to Our Privacy Policy

This Privacy Policy may be updated periodically and without prior notice to you to reflect changes to our information practices. We will post a prominent notice on our Service to notify you of any significant changes to our Privacy Policy and indicate at the top of the notice when it was most recently updated. Where required by law, we will seek your explicit consent to specific changes. You agree that AliveCor will reserve the right to occasionally notify you via email of any important changes to this Privacy Policy and/or service agreements.

11. Disputes

AliveCor is committed to resolving complaints about your privacy and our collection or use of your information. If you have any inquiries or complaints regarding this Privacy Policy please contact AliveCor at: privacy@alivecor.com.

12. How to Contact Us

AliveCor welcomes your comments or questions regarding this Privacy Policy and any request you may have to access, correct or delete your information. Please contact us at the following email address: privacy@alivecor.com. You also may write to:

AliveCor, Inc.
Privacy Officer
444 Castro Street, Suite 600
Mountain View, CA 94041
USA

If you are located in the EEA, the entity responsible for the collection, use and processing of your personal information is:

AliveCor, Ltd.
Herschel House
58 Herschel Street
Slough
SL1 1PG
United Kingdom

00PL01 Rev. 10 | April 28, 2017