Hello Heart Application Privacy Policy

Versión Español
Effective Date: April 29, 2026
Last Reviewed April 29, 2026

Hello Heart, Inc. (“Hello Heart,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information.  This Application Privacy Policy describes how we collect, use, disclose, and protect information when you use our mobile application and related services (“Services”).

This Application Privacy Policy covers all personal information collected through the Hello Heart app. For information specifically about how we handle Protected Health Information (PHI) under HIPAA, please also review our HIPAA Notice of Privacy Practices

1. Information We Collect

We collect information in the following categories. We do not collect personal information beyond what is described in this Application Privacy Policy.

A. Health Information

This includes information such as:

  • Blood pressure readings
  • Medications 
  • Heart health data
  • Health insights and recommendations
  • Information you input related to your health

This information is treated as Protected Health Information (PHI) and handled in accordance with our HIPAA Notice of Privacy Practices.

B. Personal Information
  • Name
  • Email address
  • Date of Birth
  • Account credentials
  • Customer support communications
C. Device and Usage Information
  • Device type, operating system
  • App usage and interactions
  • Log data and diagnostics (e.g., crash reports)
  • IP address and approximate location (if applicable)
D. Information from Connected Devices

If you connect a compatible device (e.g., blood pressure monitor), we collect data transmitted from that device to provide our Services.

E. Information from Third Parties

We may receive information from:

  • Employers, health plans, or program sponsors
  • Service providers supporting our platform
F. Data Linkage

The personal information we collect is generally linked to your account or device to provide the Services. We do not collect anonymized data for independent resale or unrelated purposes.


2. How We Use Information

A. PHI

We use and disclose PHI in accordance with our HIPAA Notice of Privacy Practices, including for treatment, payment, and healthcare operations.  

B. Non-PHI Personal Information

We use other personal information to:

  • Create and manage your account
  • Provide app functionality
  • Communicate with you
  • Provide customer support
  • Maintain security and prevent fraud
  • Analyze and improve app performance


3. How We Share Information

A. PHI

PHI may be shared only as described in our HIPAA Notice of Privacy Practices.

B. Non-PHI Personal Information

We may share non-PHI information with service providers and partners solely to support the operation of our Services, including hosting, analytics, customer support, security, and infrastructure.

These service providers may collect and process information on our behalf in accordance with our instructions.

All such parties are required to protect your information.

C. Legal and Safety Disclosures

We may disclose information when required by law or to:

  • Protect rights and safety
  • Prevent fraud or abuse
  • Comply with legal obligations


4. Tracking and Advertising

We do not track users across third-party apps or websites for advertising purposes.

We do not use third-party advertising SDKs.

We do not use personal information for cross-app behavioral advertising.

Any analytics we use are not used for advertising purposes.


5. Permissions and Device Access

We request device permissions only as necessary to provide core app functionality. For example:

  • Bluetooth – to connect to health devices
  • Camera (if applicable) – for device setup or support
  • Notifications – to provide reminders and updates

You can manage permissions in your device settings.


6. Data Retention & Deletion

A. Retention

We retain your information for the following periods:

  • Account and profile information: Retained for the duration of your account and for up to 2 years following account closure or deletion, unless a longer period is required by law.
  • Health information (PHI): Retained as required under HIPAA and applicable state medical record retention laws, which generally require retention for a minimum of ten (10) years from the date of creation or last effective date.
  • Device and usage data: Retained for up to 12 months for analytics and service improvement purposes, then deleted or de-identified.
  • Customer support communications: Retained for indefinitely following resolution.

When information is no longer needed and no legal obligation requires its retention, we securely delete or de-identify it.

B. Deletion

You may request deletion of your account and associated personal information at any time by:

  • Using the account deletion option within the app which can be found through your Profile → Settings → Delete Account (near the Log Out button)[describe path, e.g., Settings > Account > Delete Account]; or
  • Submitting a request at support@helloheart.com; or
  • Contacting us at privacy@helloheart.com

Upon receiving a verified deletion request, we will delete your account and associated personal information within thirty (30) days, except where retention is required by law. Where we are required to retain certain information (for example, health records under HIPAA or state medical record retention laws), we will inform you of the specific data retained and the legal basis for retention.

Deleting the Hello Heart app from your device does not delete your account or data. You must submit a deletion request through one of the methods above.


7. Your Privacy Rights

A. PHI Rights

Your rights regarding your health information (PHI), including access, correction, and restrictions, are described in our HIPAA Notice of Privacy Practices.  

B. Other Privacy Rights

Depending on your location, you may have rights to:

  • Access your personal information
  • Request correction
  • Request deletion
  • Opt out of certain data uses

To exercise these rights, contact us at: privacy@helloheart.com

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale or sharing of personal information. We do not sell your personal information. To exercise your rights, contact us at privacy@helloheart.com.


8. Security

We implement administrative, technical, and physical safeguards designed to protect your information.

In the event of a breach involving PHI, we will notify you as required by law.  


9. Children’s Privacy

Our Services are not intended for children under 18, and we do not knowingly collect personal information from children.


10. Changes to This Policy

We may update this Application Privacy Policy from time to time. Updates will be posted within the app and on our website.


11. Contact Us

Hello Heart, Inc.
545 Middlefield Rd., Suite 220
Menlo Park, CA 94025
📧 privacy@helloheart.com
📞 1-800-767-3471