Privacy Policy
This Privacy Policy describes how we collect, use, disclose, and protect personal data when you use the Blood Pressure Scanner mobile application and any related services (together, the "Service"). It applies to all users of the Service, regardless of where you reside.
This Policy has been prepared to meet the substantive requirements of:
- the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR");
- the UK General Data Protection Regulation and the Data Protection Act 2018 ("UK GDPR");
- the Swiss Federal Act on Data Protection ("FADP");
- the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), and the comprehensive privacy laws of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other US states with equivalent statutes;
- the Children's Online Privacy Protection Act ("COPPA"); and
- other applicable privacy laws in jurisdictions where the Service is offered.
Where the protections afforded by your local law differ from those set out below, the more protective standard applies to your data.
1. Who we are
The controller responsible for your personal data is:
EU and UK residents may exercise data-subject rights at the contact address above. California residents may exercise CCPA/CPRA rights at the same address.
2. The personal data we collect
We collect only what is needed to provide the Service. The categories below describe what we receive and why. Specific technical implementations may change over time without altering the substance of our collection.
| Category | Description | Purpose |
|---|---|---|
| Account identifiers | Your email address and an authentication credential | To create, secure, and authenticate access to your account |
| Health-related data | Blood pressure readings (systolic, diastolic, pulse), the date and time you recorded them, and any notes you choose to add | The core function of the Service: maintaining your personal record of readings |
| Photographic data | Images you capture or upload through the in-app scan feature | To extract numeric values from your blood pressure monitor's display, and (if you choose to save them) to attach a low-resolution reference image to a saved reading |
| Subscription metadata | Your subscription tier, billing period, renewal status, and entitlement state | To confirm your access level. We do not receive, process, or store your payment-card details — payment is handled entirely by the app store and our subscription-management provider |
| Technical and diagnostic data | Pseudonymised event logs, error codes, model identifiers, and approximate response times associated with the scan feature | To detect and resolve service errors, monitor operational health, and identify cost drift |
We do not collect or process your precise location, your contacts, your photo library beyond images you actively select for use with the Service, advertising identifiers, biometric identifiers (as defined under applicable law), or activity from other apps or websites you use.
3. Special-category (sensitive) data
The blood pressure readings we hold constitute health data and are treated as a special category of personal data under GDPR Article 9 and equivalent provisions of UK GDPR, Swiss FADP, and CCPA/CPRA (which defines health information as "sensitive personal information").
We process this data on the lawful basis of your explicit consent, which you provide when you create an account and record your first reading, and which you may withdraw at any time by deleting your account. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
4. How we use your data
We use personal data only for the following purposes, each tied to a specific lawful basis under GDPR (and equivalent under UK GDPR and FADP):
| Purpose | Lawful basis |
|---|---|
| Operating the Service: storing, displaying, exporting, and synchronising your readings across your devices | Performance of a contract (Art. 6(1)(b)) and your explicit consent for health data (Art. 9(2)(a)) |
| Authenticating your account and protecting it from unauthorised access | Performance of a contract (Art. 6(1)(b)) and our legitimate interest in security (Art. 6(1)(f)) |
| Detecting abuse, fraud, and infrastructure misuse | Our legitimate interest in maintaining service integrity (Art. 6(1)(f)) |
| Processing your subscription and confirming entitlements | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional email (account confirmation, password reset, important security or service notices) | Performance of a contract (Art. 6(1)(b)) |
| Complying with legal obligations, including responding to lawful requests from authorities | Legal obligation (Art. 6(1)(c)) |
We do not use your data for advertising, behavioural profiling, marketing communications from third parties, or any other purpose not described in this Policy.
5. Automated processing of scan images
When you use the scan feature to capture a photograph of your blood pressure monitor, the image is transmitted to an automated image-recognition service operated by Google (located in the United States) to extract the displayed numeric values. That service operates under data-processing terms that prohibit it from using your image for its own purposes and does not retain the image after the request completes.
To monitor and improve the accuracy of our reading-recognition feature, we may retain a copy of the scanned image on our own systems. Any image retained for this purpose is held in access-restricted storage available only to authorised personnel; is stored separately from your account, without your name or account identifier attached; is used solely to evaluate and improve recognition accuracy; and is never used for advertising, nor sold, nor shared with third parties for their own purposes. These images are retained only for as long as necessary for that purpose (see Section 8) and cease to be associated with you when your account is deleted. This is optional and off by default — we retain images for this purpose only if you opt in (you are asked when you create your account), and you can turn it off at any time in the app's settings, which stops any further retention.
This processing involves an international transfer of personal data outside the European Economic Area. See Section 7.
Under GDPR Article 22 and equivalent provisions, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. The values extracted by the scan feature are always presented to you for confirmation before any reading is saved; the Service does not make any consequential decision about your health on the basis of automated extraction alone, and the scan feature is optional — you can always enter readings manually.
6. Recipients of your data
We share personal data only with the following categories of recipients, each bound by contractual obligations to process your data only as we instruct and only for the purposes described:
- Our infrastructure provider — provides authentication, database, storage, and serverless function services. Data is hosted within the European Union (Republic of Ireland).
- The automated image-recognition service described in Section 5 — receives scan images for value extraction only.
- Our transactional email provider — delivers account-related email to you.
- Our subscription-management provider — receives subscription-event data from app stores and relays entitlement status to the Service.
- App-store operators (currently Google Play; in future, Apple) — process subscription payments and provide platform integrity signals.
- Abuse-prevention service providers — receive limited signals (such as device-integrity attestations) for the sole purpose of distinguishing legitimate users from automated abuse.
- Legal, regulatory, and law-enforcement authorities — where we are legally required to disclose data in response to valid legal process, or where disclosure is necessary to protect our rights or the safety of others.
We do not sell or share your personal data within the meaning of the CCPA/CPRA, and we do not use it for cross-context behavioural advertising. No financial or other consideration is exchanged for access to your data.
7. International data transfers
The Service is offered globally. Personal data may be processed in jurisdictions outside the one in which you reside:
- Primary storage of account and health data is in the European Union (Ireland).
- The image-recognition service described in Section 5 is operated from the United States.
- Certain other service providers may operate from the United States or other jurisdictions.
Where personal data is transferred outside the European Economic Area, the United Kingdom, or Switzerland, we rely on transfer mechanisms approved under the applicable law, including:
- the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914);
- the United Kingdom International Data Transfer Addendum to the EU SCCs;
- the safeguards approved by the Swiss Federal Data Protection and Information Commissioner for transfers from Switzerland; and
- for transfers to the United States, participating processors' commitments under the EU–US Data Privacy Framework, the UK Extension to the Data Privacy Framework, and the Swiss–US Data Privacy Framework, where the recipient is certified to those frameworks.
You may request a copy of the relevant safeguards by writing to us at the address in Section 13.
8. Retention
We retain personal data only for as long as necessary for the purposes set out in this Policy:
- Account and health data — for as long as your account remains active. When you delete your account (in-app or by written request), the underlying data is deleted within thirty (30) days, except where a longer period is required by law.
- Reference images attached to readings — stored alongside the relevant reading and deleted at the same time the reading is deleted.
- Images retained to improve recognition accuracy (Section 5) — held separately from your account, without your account identifier attached, for as long as necessary to evaluate and improve the scan feature. Because they are not linked to your account, they are not removed automatically when an individual reading is deleted, but they cease to be associated with you when your account is deleted.
- Abuse-prevention records (e.g. hashed identifiers and limited network metadata associated with abuse signals) — retained for up to twelve (12) months after collection, to identify repeat abuse patterns.
- Technical and diagnostic logs — retained for up to ninety (90) days in identifiable form.
- Records of consent, data-subject requests, and complaints — retained for the period required by applicable law (typically up to six (6) years for financial or tax-related records; otherwise for the limitation period applicable to claims arising from the Service).
9. Security
We implement administrative, technical, and organisational measures appropriate to the nature of the data and the risks involved, including: encryption of personal data in transit using TLS; encryption at rest; access controls limiting access to personnel with a legitimate need; segregation of administrative credentials; logging and monitoring of administrative actions; and procedures for assessing and responding to suspected personal-data breaches.
No system can be guaranteed completely secure. If we become aware of a personal-data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within seventy-two (72) hours of becoming aware of the breach (under GDPR Art. 33) and, where required, you, in accordance with the timeframes prescribed by applicable law.
10. Your rights
Depending on the law applicable to you, you have the following rights regarding your personal data. You may exercise any of them by writing to support@bloodpressure.my from the email address associated with your account. We will respond within the timeframe required by applicable law (one (1) month under GDPR, extendable by two (2) further months for complex requests; forty-five (45) days under CCPA/CPRA, extendable by a further forty-five (45) days on notice).
We may need to verify your identity before processing certain requests. We will request only the minimum information necessary for that purpose and we will not use it for any other purpose.
Under GDPR, UK GDPR, and Swiss FADP
- Right of access — to obtain confirmation of whether we process personal data about you and, if so, a copy of that data and information about how it is processed.
- Right to rectification — to have inaccurate personal data corrected and incomplete data completed.
- Right to erasure ("right to be forgotten") — to have your personal data deleted in defined circumstances.
- Right to restriction of processing — to limit how we process your data in defined circumstances.
- Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible.
- Right to object — to object to processing carried out on the basis of legitimate interest, including profiling based on those grounds.
- Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right not to be subject to solely automated decisions producing legal or similarly significant effects.
- Right to lodge a complaint with your local supervisory authority. Our lead supervisory authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information). UK residents may complain to the Information Commissioner's Office (ICO); Swiss residents to the Federal Data Protection and Information Commissioner (FDPIC); and residents of other Member States to their respective national authorities.
Under CCPA/CPRA and other US state privacy laws
If you reside in California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, or another US state with a comprehensive privacy law:
- The right to know what categories of personal information we collect, the sources, the purposes of collection, the categories of recipients, and the specific pieces of personal information we hold about you.
- The right to delete personal information we hold about you, subject to defined statutory exceptions.
- The right to correct inaccurate personal information.
- The right to opt out of sale or sharing of personal information. We do not sell or share personal information as those terms are defined under CCPA/CPRA; see Section 6.
- The right to limit the use and disclosure of sensitive personal information. Your health data is "sensitive personal information" under CPRA; we use it only for the limited purposes described in Section 4.
- The right to non-discrimination for exercising any of these rights. We will not deny service, charge different prices, or provide a different level or quality of service because you exercised a privacy right.
You may submit verifiable consumer requests through the contact address above.
11. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under that age.
If you are a parent or guardian and you believe that a child has provided us with personal data, please contact us at the address in Section 13 and we will delete the account and the associated data without undue delay.
In jurisdictions where a lower age threshold applies under sectoral law (for example, age 13 under the United States Children's Online Privacy Protection Act), the higher of the applicable thresholds is the operative standard for our purposes.
12. Changes to this Policy
We may update this Policy from time to time to reflect changes in the Service, applicable law, or our practices. Material changes will be communicated through the Service or by email to the address associated with your account, with at least thirty (30) days' advance notice where required by law. The "Last updated" date at the top of this Policy will always reflect the most recent revision.
Your continued use of the Service after a material change takes effect constitutes acceptance of the revised Policy. If you do not agree, you may delete your account before the effective date of the change.
13. Contact
For questions, requests, or concerns about this Policy or about how we handle your personal data:
You also have the right to lodge a complaint with the supervisory authority of your country of residence; in Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, www.datenschutz-berlin.de.