Privacy Policy

1. Introduction

This Privacy Policy describes how CardioAI ("we," "us," or "our") collects, uses, and protects information when you use the CardioAI mobile application and website (collectively, the "Service"). This policy applies to all users of the Service, including guests (no account) and registered users.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account information (registered users only): Full name, email address, password (hashed — never stored in plain text), medical specialty, country, and optional NPI number and license number.
• Clinical context (optional, per-session): Patient age range, sex, presenting complaint, medications, and prior ECG availability. This information is provided at your discretion and is used solely to improve interpretation accuracy for that session.
• ECG images: Images you upload for interpretation.

2.2 Automatically Collected Information

• Device identifier: A persistent device ID is generated and stored securely on your device to manage free trial allocation. On iOS, this is stored in the iOS Keychain. On Android, the Android device ID is used. This identifier is associated with your usage records but does not identify you personally.
• Usage data: Basic server logs including IP address, request timestamps, and API endpoints accessed, for security monitoring and rate limiting. Logs are retained for 90 days.
• Payment metadata: If you purchase scan packs, we receive confirmation of payment (transaction reference, amount, provider) from our payment processors. We do not store your full card number, CVV, or bank details — these are handled entirely by the payment processor.

3. ECG Images and PHI De-identification

All uploaded ECG images are processed through an automated HIPAA Safe Harbor de-identification pipeline before any further use:

1. The image is analyzed using Optical Character Recognition (OCR) to identify text regions.
2. Detected text is scanned for all 18 categories of Protected Health Information (PHI) defined by HIPAA Safe Harbor, including names, dates, geographic information, phone numbers, email addresses, medical record numbers, device identifiers, and other identifiers.
3. PHI regions are permanently redacted (overwritten with black rectangles) in the image.
4. EXIF metadata (which may contain camera, location, or timestamp data) is stripped from the image.
5. Only the resulting de-identified image is sent to the AI model and stored in our cloud infrastructure.
6. The original unredacted image is never stored or transmitted to any external system.

De-identified images are stored securely in encrypted cloud storage (Supabase Storage) and are accessible only via your authenticated account or device ID.

You are responsible for ensuring that you have appropriate authorization to upload the ECG images you submit to the Service under applicable law, including HIPAA where applicable.

4. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service;
• Process ECG images and generate AI interpretations;
• Manage your account, trial balance, and scan credits;
• Process payments and prevent fraud;
• Verify professional credentials (NPI verification for US physicians via the free NPI Registry API);
• Communicate with you about your account, purchases, or support requests;
• Monitor and improve the security and performance of the Service;
• Comply with applicable legal obligations;
• Maintain audit logs for security and compliance purposes.

We do not use your data to train AI models, sell data to third parties, or target you with advertising.

5. How We Share Your Information

We do not sell, trade, or rent your personal information. We share information only in the following limited circumstances:

5.1 AI Model Providers

De-identified ECG images (never original images) and optional clinical context you provide are transmitted to our AI model providers (Anthropic, Inc. and/or Google) for the purpose of generating interpretations. These transmissions occur under the providers' enterprise API terms, which include data protection obligations.

5.2 Payment Processors

Payment transactions are processed by Stripe, Inc. and/or Paystack, Inc. When you make a purchase, you interact directly with their payment infrastructure. We receive only payment confirmation data (reference, status, amount). Please review the applicable processor's privacy policy: Stripe Privacy Policy | Paystack Privacy Policy.

5.3 NPI Verification

If you provide an NPI number during registration, we query the free U.S. National Plan and Provider Enumeration System (NPPES) API operated by the Centers for Medicare & Medicaid Services (CMS) to verify your credentials. Only the NPI number and your last name are transmitted in this query.

5.4 Legal Requirements

We may disclose information if required to do so by law, regulation, court order, or governmental authority, or to protect the rights, property, or safety of CardioAI, our users, or the public.

5.5 Business Transfers

If CardioAI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

6. HIPAA Notice

CardioAI is designed with HIPAA Safe Harbor de-identification as a core feature. However, CardioAI does not operate as a Covered Entity or Business Associate under HIPAA with respect to the Service as currently offered. The Service is a technology tool — you, as the healthcare professional using it, are responsible for ensuring your use complies with HIPAA and any other applicable privacy laws.

If your organization requires a Business Associate Agreement (BAA) before using any software that processes PHI-containing materials, please contact us at support@cardioai.fit to discuss options.

7. Device Identifier and Trial Management

A persistent device identifier is stored on your device to manage free trial allocation and prevent abuse of the free trial system. This identifier is:

• Stored locally on your device (iOS Keychain / Android device ID);
• Transmitted to our servers when you use the Service to check trial eligibility;
• Associated with your usage records and, if you register, linked to your account;
• Not used for advertising, analytics, or any purpose other than trial management and usage tracking.

This identifier is designed to persist across application reinstalls to prevent circumvention of the free trial limit.

8. Data Retention

• ECG records and interpretations: Retained for the duration of your account and for up to 2 years after account deletion, unless you request earlier deletion.
• Account information: Retained for the life of your account and deleted within 30 days of a confirmed deletion request.
• Payment records: Retained for 7 years as required by U.S. financial record-keeping requirements.
• Audit logs: Retained for 1 year.
• Server logs: Retained for 90 days.

9. Data Security

We implement reasonable and appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

• All data in transit is encrypted using TLS 1.2 or higher;
• Data at rest is encrypted by our cloud infrastructure provider;
• Passwords are hashed using bcrypt with a high work factor before storage;
• Authentication is handled via short-lived JSON Web Tokens (JWTs);
• Access to production systems is strictly controlled;
• PHI de-identification occurs before any image leaves your local network.

No security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete personal information;
• Delete your account and associated data (subject to legal retention requirements);
• Export your interpretation history in a portable format;
• Object to certain processing of your personal data.

To exercise any of these rights, please contact us at support@cardioai.fit. We will respond to verifiable requests within 30 days.

11. Children's Privacy

The Service is intended for licensed healthcare professionals and is not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us immediately at support@cardioai.fit.

12. California Privacy Rights (CCPA)

California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a CCPA request, contact us at support@cardioai.fit.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last updated" date at the top of this page and, where required, notify you through the application. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

CardioAI — Privacy Inquiries
Email: support@cardioai.fit
Website: www.cardioai.fit

We aim to respond to all privacy-related inquiries within 5 business days.