Privacy Policy

Effective: March 21, 2026 · Version 1.0

1. Overview

CardioCommand ("we," "our," "us") is a personal health intelligence platform designed to help individuals track, understand, and share their cardiometabolic health data. This Privacy Policy describes how we collect, use, store, and protect your information.

2. Information We Collect

Account Information: Email address, display name, username, and authentication credentials.

Health Data: Glucose readings, blood pressure, medications, lab results, body composition, dietary logs, exercise data, and other health metrics you choose to enter.

Usage Data: Actions taken within the platform, feature usage patterns, and session information for product improvement.

Device Data: Browser type, operating system, and IP address for security and functionality.

3. How We Use Your Information

  • Provide personalized health tracking, insights, and reports
  • Generate trend analysis and pattern recognition from your data
  • Create reports for sharing with your healthcare providers (only when you choose)
  • Improve platform functionality and user experience
  • Maintain security and prevent unauthorized access

4. De-Identified & Aggregate Data

We may use de-identified, aggregate data — data that has been stripped of all personally identifiable information — for the following purposes:

  • Improving intelligence engines: Demographic health trends (age groups, condition types, regional patterns) help us deliver more relevant and accurate insights, food guidance, exercise recommendations, and health signals to all users.
  • Pattern recognition: Aggregate trends across similar health profiles (e.g., how users managing diabetes + CKD respond to certain foods) allow our AI to provide better personalized recommendations without exposing any individual's data.
  • Product improvement: Understanding which features are most useful for different health conditions helps us prioritize development.
  • Research insights: Aggregate, anonymized health trends may be used for general health research purposes. No individual user can be identified from this data.

What this means: Your personal data is never shared, sold, or exposed. Only anonymized patterns — like “users in this age group with these conditions tend to benefit from X” — are used to make the system smarter for everyone. You can opt out of aggregate data contribution in Settings at any time.

5. Data Sharing

We do not sell your personal health data. Your health information is shared only:

  • With your explicit consent — when you choose to share data with healthcare providers through our clinician sharing features
  • For platform operations — with service providers (Firebase/Google Cloud) who process data on our behalf under strict data protection agreements
  • When required by law — in response to valid legal process

6. Data Storage & Security

Your data is stored in Google Cloud / Firebase infrastructure with encryption at rest and in transit. Access to your data is controlled through role-based access controls and audit logging. All clinician access to patient data requires explicit consent authorization.

7. Your Rights

  • Access: You can view all data we hold about you through the platform
  • Export: You can export all your data at any time from Settings > Data
  • Deletion: You can delete your account and all associated data from Settings > Data
  • Consent withdrawal: You can withdraw data sharing consent at any time

8. Privacy & Security Practices

CardioCommand is designed with healthcare privacy principles in mind. We implement administrative, physical, and technical safeguards including access controls, audit logging, encryption, and minimum necessary data access principles. CardioCommand is not a certified electronic health record system and has not been independently audited for regulatory compliance.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you through the platform and request re-acceptance. Previous versions are retained for your records.

10. Contact

For questions about this Privacy Policy or your data, contact us at privacy@cardiocommand.dev.