Privacy Policy

Last updated: January 2025

1. Introduction

Welcome to Cardio Analytics ("we," "our," or "us"). Your privacy is fundamental to our design philosophy. This privacy policy explains our privacy-first approach and how we handle your health data.

Core principle: Your health data stays on your device. Always.

2. Data Collection and Storage

2.1 Health Data (Stored Locally on Your Device)

Cardio Analytics reads the following cardiovascular and mobility metrics from Apple HealthKit with your explicit permission:

  • Heart rate (resting, walking, and current)
  • Blood pressure (systolic and diastolic)
  • Heart rate variability (SDNN and RMSSD)
  • Oxygen saturation (SpO₂)
  • Body weight and BMI
  • ECG recordings and atrial fibrillation burden
  • VO₂ Max (cardio fitness)
  • Walking speed, walking asymmetry, and stair ascent speed

All health data is processed and stored exclusively on your iPhone. We have no servers, databases, or cloud infrastructure to receive your data.

2.2 What We Do NOT Collect

  • ❌ No email addresses or account information (no accounts required)
  • ❌ No personal identifying information
  • ❌ No usage analytics or tracking data
  • ❌ No location data
  • ❌ No advertising identifiers
  • ❌ No crash reports containing personal data

3. How We Use Your Health Data

Your health data is used exclusively on your device to:

  • Display cardiovascular and mobility metrics in the app dashboard
  • Generate trend visualizations and analytics
  • Provide evidence-based alerts when metrics fall outside guideline ranges
  • Correlate medications with health outcomes
  • Create exportable PDF and CSV reports when you choose to generate them

All processing happens locally on your iPhone. No data is transmitted to external servers.

4. Data Sharing

We do not share, sell, or transmit your health data. Ever.

Cardio Analytics has no capability to access your data because all processing is on-device. You control data sharing:

  • HealthKit permissions: You choose which metrics Cardio Analytics can read. Revoke permissions anytime in iOS Settings → Privacy → Health.
  • Export reports: Only when you explicitly generate and share a PDF or CSV report does data leave your device. You control who receives it.
  • Write-back to HealthKit: Manual entries (weight, blood pressure) can be written to Apple Health for consistency across apps. This is optional and controlled by HealthKit permissions.

5. Data Security

Your health data is protected by iOS security features:

  • HealthKit encryption: Apple encrypts HealthKit data at rest on your device
  • No cloud exposure: Data never leaves your device except when you explicitly export reports
  • iOS sandboxing: Cardio Analytics can only access data with your explicit HealthKit permissions
  • No third-party services: We use no analytics SDKs, crash reporters, or advertising networks that could access your data

6. Your Rights and Control

You have complete control over your health data:

  • Granular permissions: Choose exactly which health metrics to share with Cardio Analytics
  • Revoke access anytime: Change HealthKit permissions in iOS Settings → Privacy → Health → Cardio Analytics
  • Delete all data: Uninstalling Cardio Analytics removes all app data from your device
  • Export your data: Generate PDF or CSV reports to share with your healthcare provider
  • No vendor lock-in: Your data lives in HealthKit and is accessible to other apps you authorize

7. Third-Party Services

Cardio Analytics uses no third-party services that access your data.

We do not integrate:

  • Analytics platforms (Google Analytics, Firebase, etc.)
  • Crash reporting services
  • Advertising networks
  • Cloud storage providers
  • Social media integrations

8. Children's Privacy

Cardio Analytics is a general wellness app suitable for all ages. We do not knowingly collect personal information from anyone, including children, because we collect no personal information at all. All health data remains on the user's device.

9. Changes to This Policy

We may update this privacy policy to reflect changes in iOS features or HealthKit capabilities. Any changes will be posted in the app and on this website. Continued use of Cardio Analytics after changes constitutes acceptance of the updated policy.

Our core commitment will never change: Your health data stays on your device, and we cannot access it.

10. Contact Us

If you have questions about this privacy policy, please contact us at: info@onmedic.com

However, please note: Because we cannot access your health data, we cannot help with data-related questions. For HealthKit permission issues, consult iOS Settings → Privacy → Health.

11. Regulatory Compliance

Cardio Analytics is designed to comply with privacy regulations:

  • GDPR (EU): No personal data is collected or processed by us. Health data processing is entirely on-device.
  • CCPA (California): We have no personal information to sell or share.
  • HIPAA: Cardio Analytics is not a covered entity. Users control all data sharing with healthcare providers.

Note: Cardio Analytics is a wellness app, not a medical device. It does not diagnose, treat, or prevent any disease.