Imprint & Data Privacy (EU)

Data Privacy (EU)

1) Data we collect

• Account information, such as your email address and account-related identifiers, to create and manage access to your account.
• User ID and internal identifiers used to keep your sessions, reports, and account content separate from other users.
• Health-related information you choose to provide in chat sessions, questionnaires, and other inputs.
• User content, including chat text and optional document, image, or PDF uploads you choose to submit.
• Extracted text and processed content derived from documents or images you upload for the purpose of generating requested summaries.
• Purchase and payment status, such as whether payment succeeded; we do not store full payment card numbers.
• Security, diagnostic, and operational logs needed to operate, troubleshoot, and protect the service.

2) How we collect data

• Directly from you when you create an account, sign in, respond to questions, enter chat content, request a report, contact support, or upload files, images, or PDFs.
• Automatically through app operation when our systems create technical logs, service metadata, and security records needed to provide the service.
• From processing steps you request when uploaded files or images are converted into text or other structured content for report generation.

3) How we use data

• To authenticate users and provide secure account access.
• To operate chat sessions, questionnaires, optional uploads, and related app features.
• To generate, store, and deliver the educational wellness summaries and reports you request.
• To process payments and confirm eligibility for requested paid services.
• To maintain service security, prevent misuse, troubleshoot issues, and comply with legal obligations.
• To provide customer support and respond to account or deletion requests.

4) AI processing and disclosure

heartcheckapp includes AI-powered features used to generate educational wellness summaries requested by the user. To provide these features, heartcheckapp may send selected user-provided content to Amazon Web Services (AWS), including Amazon Bedrock, for processing on our behalf.

• Data that may be sent for AI processing can include chat responses, uploaded document text, extracted health-related content, language preference, and related service metadata necessary to generate the requested summary.
• Before any such data is sent for AI processing, users are presented with a clear, dedicated consent screen within the app and must explicitly agree before processing occurs.
• Before AI processing, the workflow is designed to remove direct personal identifiers where feasible. However, submitted content may still include health-related information.
• AWS and Amazon Bedrock act solely as service providers processing data on our behalf and do not use this data for their own independent purposes.
• This data is used only to provide the requested app functionality, including generation of the educational wellness summary, and is not used for advertising, marketing, or tracking.

5) Third-party service providers / processors

• Amazon Web Services (AWS), including hosting, storage, security, infrastructure, and Amazon Bedrock for AI processing related to requested app functionality.
• Stripe for payment processing. We do not receive or store your full payment card number.
• CookieYes for EU website consent management.
• Google Tag Manager for consent-based analytics and website measurement on the EU marketing website only.

We use service providers to operate heartcheckapp on our behalf and require them to handle personal data in accordance with applicable contractual, security, and legal requirements.

6) What we do not do

• No tracking across apps or websites for advertising or advertising measurement in the app/service.
• No advertising networks in the app/service.
• We do not sell personal data.

7) Uploads, reports, retention, and website cookies

• Uploads are optional. You can use core parts of the service without uploading documents.
• Uploaded documents stored for processing are deleted automatically after approximately 24 hours.
• Generated wellness reports may be retained as part of the service so they can be delivered to the user and accessed as part of the requested functionality, subject to applicable retention, security, and deletion practices.
• Wellness reports are designed to minimize direct identifiers where feasible.
• On this EU marketing website, CookieYes records and manages consent preferences, and Google Tag Manager may run consent-based website measurement tags. This is separate from the heartcheckapp app/service experience.

8) Your rights and choices

Subject to applicable law, you may request access, correction, or deletion by contacting office@cardivai.com or support@heartcheckapp.com.

AI processing consent is requested in the app before any data is sent for AI processing. You may decline this consent; however, AI-generated wellness report features will not be available unless consent is provided.