Last Revised: June 7, 2016

Cardiogram Privacy Policy

Cardiogram, Inc. (“we” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, store, use and distribute information through our software, website, documentation, and related services (together, the “Services”).

Consent

By using the Services, you consent to the use of your Personal Information as described in this Privacy Policy. You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using some or all of the Services.

Intended Users

The Services are directed solely to persons 18 years of age or older, and we do not knowingly gather Personal Information from visitors who are under 18. If we become aware that we have gathered Personal Information from a person under 18, then we will attempt to delete such information as soon as possible. If you believe that we have gathered Personal Information from a person under 18, please contact us at [email protected].

Collection of Information

Personal Information. By their nature, the Services track certain data that may be used to identify you individually. Currently, such information consists of your (i) Biometric Information, (ii) SNS Information, and (iii) mobile device data such as your phone’s unique device id number. When registering to use the Services and creating an account (“Cardiogram Account”), we may also ask you to provide certain information about yourself, such as your name, email address, social media username, and user name and password (“Personal Contact Information”). Your Personal Contact Information, together with any other information we gather through the Services that may be used to identify, contact, or locate you individually, is collectively referred to herein as your “Personal Information.”

Data, Diagnostic & Login Information. You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as “Data”). Some of this Data may be stored and maintained on our servers. If you run into technical errors in the course of using the Services, we may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version, and your email address, if provided. Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process (“Login Information”).

Biometric Information. Certain features of the Services may actively record biometric information about yourself as you use the Services. This tracking is accomplished through integration with your mobile device’s health tracking technology, such as Apple’s HealthKit API or Google Fit. Such information is referred to as “Biometric Information.”

Information You Provide to Social Networking Sites. You can link your Cardiogram Account to your accounts on Social Networking Sites (“SNS”) such as Facebook when using the Services. By linking your Cardiogram Account with your account on Facebook or another SNS, you are allowing us to access your information on that SNS. The information that we collect from your SNS account may depend on the privacy settings you have with that SNS. Therefore, you may be able to control the information that we collect from your SNS account by adjusting your privacy settings on that SNS. You can also de-link your SNS account from the Services at any time via your Cardiogram Account settings. The information we collect from your SNS account(s) is referred to as “SNS Information.”

Usage and Analytics Information. As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, and Web beacons. Such Information may include information regarding your mobile device (such as your device model and unique device id number), browser type, browser language, Operating System, Internet Protocol (“IP”) address, and the actions you take on our web site (such as the web pages viewed and the links clicked) or while using the Services. Collectively, this information is referred to as “Usage and Analytics Information.”

Geo-Location Information. We do not collect any information regarding your real-time geo-location while using the Services. However, we may do so at some point in the future. We will request your permission before collecting such information.

Use of Information

Information Collected Use
Personal Information & SNS Information

We use your Personal Information and SNS Information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or request feedback, for identification and authentication purposes, to send you administrative notifications (such as security, support or maintenance advisories), for service improvement, and to address issues like malicious use of the Services.

We may also use your Personal Information (excluding Biometric information) to notify you about new features in the Services, and to send you general information about us and/or our partners.

We do not actively collect Personal Information or SNS Information for the purpose of sale of such information in a way that specifically identifies the individual (i.e. we don’t sell customer lists).

Data, Diagnostic Information and Login Information We use this information for the purpose of administering and improving our Services to you.
Biometric Information

We use this information to administer and improve our Services to you, such as by providing you with health-related feedback. We may also use your Biometric Information in a de-identified, aggregated, and anonymous way to monitor and analyze use of the Services, to increase the Services’ functionality and user-friendliness, and for the purpose of medical research.

We do not disclose to third parties user data gathered from the HealthKit APIs or from health-related human subject research for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research. We do not use or disclose to third parties your Biometric Information for the purpose of advertising or marketing in any way.

We do not share user data acquired via the HealthKit or CareKit APIs with third parties without user consent.

Usage and Analytics Information We use this information to administer and improve our Services to you. We may also use your Usage and Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.

If we plan to use your Personal Information in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled “Amendment of this Privacy Policy”.

Disclosures & Transfers

We have put in place contractual and other organizational safeguards with our agents to ensure a proper level of protection of your Personal Information (see further “Security” below). In addition to those measures, we will not disclose or transfer your Personal Information to third parties without your permission, except as specified in this Privacy Policy.

Our service providers

From time to time we may need to employ third parties to help us provide the Services. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to provide the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is absolutely necessary to assist us in providing the Services.

Law and Order

We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; © prevent fraud or abuse of us or our users; or (d) protect our property rights.

Successors and Assignees

We may disclose your Personal Information in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Privacy Policy by the entity acquiring the information.

Non-US Users

These Services are hosted in the United States and are intended primarily for visitors located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you may be transferring your Personal Information outside of those regions to the United States for storage and processing. By providing your Personal Information through the Services, you consent to such transfer, storage, and processing.

Security

The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.

For any security-related issues, please email us at [email protected].

Sharing Information with Third Parties

You may be able to share Personal Information with third parties through use of the Services. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.

The Services allow you to post content to SNS’s (e.g., Facebook or Twitter). If you choose to do this, we will provide information to such SNS’s in accordance with your elections. You acknowledge and agree that you are solely responsible for your use of those websites and that it is your responsibility to review the terms of use and privacy policy of the third party provider of such SNS’s. We will not be responsible or liable for: (i) the availability or accuracy of such SNS’s; (ii) the content, products or services on or availability of such SNS’s; or (iii) your use of any such SNS’s.

Retention

We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy. Please note that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all of your Personal Information due to technological and legal constraints.

Amendment of this Privacy Policy

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on http://cardiogr.am/privacy or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

Access and Accuracy

You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: [email protected].

HIPAA

We are not an entity that is covered by the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA privacy rules apply to health plans, health care clearinghouses, to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA and their service providers. This means that the information that you provide to us is not protected by the HIPAA privacy rules and regulations.

Contact Us

You can help by keeping us informed of any changes such as a change of your Personal Contact Information. If you would like to access your information, if you have any questions, comments or suggestions of if you find any errors in our information about you, please contact us at [email protected]. If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures.