Privacy Policy

Last Updated: 29th of April, 2025

1. Introduction

Welcome to The Heart Wellness App (hereinafter referred to as "the App", "we", "us", or "our"). We are committed to protecting and respecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK privacy laws.

This Privacy Policy outlines how we collect, use, store, and protect your personal data when you use our heart monitoring web application. By accessing or using the App, you agree to the terms outlined in this policy.

2. Data We Collect

2.1 Personal Identification Information

  • Full name
  • Date of birth
  • Email address
  • Username
  • Password (stored securely using encryption)

2.2 Payment Information

  • Limited transaction details (e.g., payment amount, date, and reference)
  • Payment processing is handled securely by Stripe, our third-party payment processor. We do not store full payment card details.

2.3 Health & Wellness Data (Optional)

  • If you choose to input heart rate or wellness-related data, this information is stored securely and processed only for the purposes of providing the App's functionality.

2.4 Two-Factor Authentication (2FA) Data

  • To enhance account security, we offer Two-Factor Authentication (2FA).
  • If enabled, we may collect and store a verified phone number or authentication app linkage solely for security verification.
  • This data is encrypted and used exclusively for login verification.

3. How We Use Your Data

We process your personal data for the following lawful bases under UK GDPR:

  • Contractual Necessity: To create and manage your account, provide services, and process payments.
  • Legitimate Interests: To improve the App, prevent fraud, and ensure security.
  • Legal Compliance: To meet regulatory and tax obligations.
  • Consent (where applicable): For optional features such as health data tracking and 2FA.

4. Data Storage & Security

  • All personal data is stored on UK-based servers with robust encryption (AES-256 or equivalent).
  • Access to personal data is restricted to authorised personnel only.
  • We implement industry-standard security measures, including:
    • Two-Factor Authentication (2FA) (optional for users)
    • Firewalls and intrusion detection systems
    • Regular security audits and penetration testing
  • Despite our best efforts, no online transmission or storage is 100% secure. Users are encouraged to:
    • Use strong, unique passwords
    • Enable Two-Factor Authentication (2FA) for enhanced security

5. Data Sharing & Third Parties

We do not sell or rent your personal data. However, we may share it with:

  • Stripe (for payment processing) - Stripe's privacy policy applies to their handling of payment data.
  • IT & Cloud Service Providers (for hosting and maintenance) - All providers are GDPR-compliant.
  • Legal & Regulatory Authorities - Only if required by law (e.g., court orders, tax compliance).

6. Data Retention

We retain personal data only for as long as necessary:

  • Account data - Until you request deletion or for up to 6 years for legal/tax purposes.
  • Transaction records - Retained for 7 years for financial compliance.
  • Inactive accounts - Deleted after 2 years of inactivity.
  • 2FA-related data - Removed immediately upon disabling 2FA or account deletion.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Access - Request a copy of your data.
  • Rectification - Correct inaccurate data.
  • Erasure - Request deletion (subject to legal obligations).
  • Restriction - Limit processing under certain conditions.
  • Data Portability - Receive your data in a structured format.
  • Objection - Opt out of processing based on legitimate interests.

To exercise these rights, contact us at [email protected].

8. Changes to This Privacy Policy

We reserve the right to amend, modify, or void this Privacy Policy at any time without prior notice. Changes will be effective immediately upon posting on the App. Continued use constitutes acceptance of the revised policy.

9. Contact Us

For privacy-related inquiries, complaints, or data requests, contact:

Email: [email protected]
Address: Heart Wellness Ltd, 123 Health Lane, London, UK, SW1A 1AA

This Privacy Policy is governed by the laws of England and Wales.