Privacy Policy

Effective Date: November 21, 2022
Last Reviewed On: November 15, 2022
This privacy statement (“Privacy Policy”) explains the privacy practices of Hello Heart Inc., a company with offices at 545 Middlefield Road, Menlo Park, CA, USA (“Hello Doctor” or “Hello Heart”, “us”, “our”, “we”). This Privacy Policy explains how we collect, use, and share your personal information as you use our mobile application (the “Application”) or otherwise in the course of our business (collectively, the “Service”). In this Privacy Policy, “you” or “your” refers to the individual accessing or using the Service.

Hello Heart’s Commitment to Privacy

Hello Heart respects your right to privacy. Your ability to make informed choices about the uses of your information is important to us. This privacy statement explains Hello Heart’s policy regarding the collection, use, disclosure and protection of Personal Information. The terms of this privacy statement apply to information collected from you, including from the blood pressure monitor that connects to the Application, unless different terms are specified as part of a special offer or in another form or contract we provide you. Hello Heart stores medical tests results, physician summaries, prescriptions and any other medical information (“Personal Medical Documents”) you decide to upload or you consent or authorize to be uploaded on to the Application. Hello Heart is not a health care provider and the Service does not provide health care services of any type.


Personal Information We Collect

“Personal Information” is information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. You are not legally required to provide Personal Information, but if you refuse to provide certain Personal Information we may not be able to register you to use the Service. By using the Service you agree to the use (including transfer) of Personal Information (including Personal Medical Documents) as described in this Privacy Policy.

If you upload or use Personal Information which relates to someone other than you, you represent to us that you have that person’s legally binding consent to the use of the information as described herein or that you are legally authorized to consent on their behalf. You may provide Hello Heart with Personal Information or Personal Medical Documents only if you are resident in the United States and otherwise eligible to use the Services under the Terms and Conditions.

We collect or obtain the following categories of personal data about you. Please see How We Use and Share Personal Information for more information about why we collect the categories of information below.

Category
Examples of information we collect
Identifiers.

We collect names, addresses, phone numbers, and email addresses (“Contact Information”) of users to provide our services, respond to product inquiries, and for the other business purposes listed below. We may automatically collect your Internet Protocol address when you visit us to improve our products and communications (see More About Cookies below).

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

We collect names, Contact Information, employment, and insurance information about users to provide and promote our products and services and for the other business purposes listed below. We collect medical information when you or your doctor provide it to us, such as when you add Personal Medical Documents to your medical portfolio on the Application.

Protected classification characteristics under California or federal law.

We obtain information about patients’ age and gender to improve our product quality and safety and for the other business purposes listed below.

Commercial information.

We obtain transactional data pertaining to our products to comply with our legal obligations, to improve our products, and for the other business purposes described below.

Biometric information.

While we do not collect information about biometric identifiers of users, some of the health tracking information we collect (such as blood pressure or steps) may contain identifying information. We collect this information to provide our services to you and for the other business purposes listed below.

Internet or other similar network activity.

We collect information about how visitors browse or search our website, for our brand, or for our products. We use these tools to analyze how our products perform and improve our services. (See More About Cookies below.)

Professional or employment-related information.

We obtain information about the employer you work for in order to integrate our Service with employers and for the other business purposes described below.

Category








We do not collect:

  • Geolocation data.
  • Sensory data.
  • Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
  • Profiles or inferences drawn from other personal information.

The “personal information” listed above does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information. Company may use or disclose deidentified or aggregated information (that is no longer personally identifiable) for any lawful purpose. We may share this aggregate data with our affiliates, agents, advertisers, manufacturers and business partners. We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners and to other third parties for other lawful purposes.
  • Information covered by sector-specific privacy laws like the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
  • Information about our contractors, employees, or candidates for employment—if you are a Company contractor, employee, or candidate, please see the Company’s Contractor/Employee Privacy Notice for more information.

Sources of Personal Information

We may obtain all of the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms you complete or products and services you use and/or purchase.
  • Indirectly from you. For example, from third parties with your consent or authorization, or from observing your actions on our Websites using cookies.
  • From third-party service providers.

More About Cookies

Hello Heart may use cookies, web beacons or other similar technologies in order to improve the Service. A cookie is a small piece of text that is sent to your browser. The browser provides this piece of text to your device when you return to the Application. Hello Heart uses cookies to help personalize your Hello Heart experience and for the other business purposes listed below. A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the

Application, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the application.

How We Use and Share Personal Information

We may use or disclose the Personal Information we collect for one or more of the following business purposes:

  • To fulfill or meet the reason you provided the information.
  • To provide information to your clinics or providers for treatment purposes.
  • To provide, support, personalize, and develop our Service (for example, to send you notifications and reminders regarding scheduled appointments with physicians).
  • To create, maintain, customize, and secure your account with us.
  • To process your requests, purchases, transactions, and payments, to confirm and communicate with you about appointments and products, and to prevent transactional fraud.
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
  • To personalize your Application or Website experience and to deliver content and product and service offerings relevant to your interests. By registering with Hello Heart you consent to receiving email communications to tell you about Hello Heart’s services. If you prefer not to receive promotional information from us, we make it easy for you to let us know. You can contact us at any time to decline promotional information (see Your Rights and Choices About Your Personal Information below).
  • To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business, or to enforce our rights or resolve disputes.
  • For testing, research, analysis, and product development, including to develop and improve our Service.
  • To respond to law enforcement requests, as required by applicable law, court order, or governmental regulations; to monitor our compliance with those obligations; to respond to any claims, or to protect the rights, property, or personal safety of Hello Heart, our customers, or the public.
  • As described to you when collecting your personal information.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred.

Disclosures of Personal Information for a Business Purpose

In the preceding 12 months, we have disclosed the following categories of personal information to our third-party service providers for the business purposes described above:

  • Identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
  • Protected classification characteristics under California or federal law.
  • Commercial information.
  • Internet or other similar network activity.
  • Professional or employment-related information.

Under applicable law, we are permitted to disclose personal information to service providers in accordance with written contracts requiring our service providers to keep the information confidential. We may provide Personal Information to third party vendors or service providers who assist us or our affiliates in administering and managing our sites, products, services or business (such as third parties providing hosting services). For the full list of service providers and the purpose, please see Appendix A. These recipients of Personal Information enter agreements with Hello Heart governing the privacy and security of Personal Information. These recipients of Personal Information are not authorized to use the information we share with them for any other purpose. By providing such information, you expressly consent to such transfer and use, including transfers outside of the jurisdiction in which the information was provided.

In addition to third-party service providers, we share all of the categories of personal information we collect with government entities (if required by law or reasonably necessary to avoid harm). We may also share your personal information, at your request, to business partners that provide services selected by you.

If you receive access to Hello Heart through your health plan, we may share limited information about you (for example, the fact that you registered for Hello Heart or information related to your use of Hello Heart) to the plan sponsor or plan’s third party administrator (for example to wellness program vendors) for payment purposes, operational purposes, or as permitted or required by law. You may choose to send a physician or other third party the Personal Medical Documents using the email or Fax options in the application. The system is not designed to enable access by physicians and/or third parties to your Personal Medical Information.

Sales of Personal Information

In the preceding twelve 12 months, we have not sold personal information. Our policy is that we do not and will not sell your personal information, unless you give us your consent or direct us to do so. Hello Heart does not sell, rent, share, or disclose Personal Information and/or Personal Medical Documents to third parties,

except to its vendors, partners, contractors or agents to the extent necessary to provide Hello Heart’s services.

Aggregate Information

Personal Information does not include “aggregate” information. Aggregate information is data we collect about a group or category of services or users, from which individual customer identities have been removed. In other words, information about how you use a service, or the results of such use, may be collected and combined with similar information to others, but no Personal Information will be included in the resulting data. Hello Heart can extract statistical data from your content in order to provide it to other users or partners without connecting it to any data that identifies you, such as name or email address. Aggregate data helps us understand trends and user needs so that we can better consider new products and services, and tailor existing products and services to customer desires. You understand that we may commercialize aggregate information by any and all means, and that you will receive no payment or other consideration in respect of such use. We will not use or disclose to third parties user data gathered from the HealthKit API or from health-related human subject research for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research.


Third Party Tools

Hello Heart uses third party tracking tools like Google Analytics,, Iterable and HelloFax. If you wish to opt-out from our third party services, please follow their links: Mixpanel, Iterable, Google Analytics, HelloFax. If you choose to send out a fax, you agree to the HelloFax terms of use accessible at HelloFax. Hello Heart uses Human API to connect your online clinic data. By using online clinic access, you are consenting to Human API’s privacy policy and terms of service.


Protection of Personal Information

Hello Heart has put into place security measures in an effort to protect Personal Information from loss, misuse or alteration while it is under our control. Personal Information we collect is stored in a cloud electronically and may be combined with other membership information. We use technical, contractual, administrative and physical measures in an effort to protect against unauthorized access. These include Secured servers, SSL and encryption. Although we take measures we believe are appropriate to safeguard against unauthorized disclosures of Personal Information, “perfect security” does not exist on the Internet. We cannot ensure or warrant the security of any Personal Information you transmit to us, and you transmit such information at your own risk. To allow you to securely view your account and registration information you will be required to submit a username and password upon registration to the Application. To protect the confidentiality of Personal Information, you must keep your password confidential and not disclose it to any other person. If other people have access to your email, they may be able to obtain access to your password and obtain Personal Information about you (such as your credit card information), or change information about your user profile. You

may not want to use an email account operated by an employer because many employers have the legal right to access such email accounts.

Your Rights and Choices About Your Personal Information

Promotional Communications

If at any time you wish to stop receiving promotional information from Hello Heart, you may opt out by emailing us at contact@helloheart.com.

Your California Privacy Rights

If you are a California resident, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, we will provide two separate lists disclosing:
    • a. sales, identifying the personal information categories that each category of recipient purchased; and
    • b. disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
  • We do not currently respond to “do not track” signals.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct any service providers with whom we have shared personal information to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.), or other data privacy or security laws.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at privacy@helloheart.com or using our Contact us form.

Only you, or (if you are a California resident) a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may update, review or correct your on-line account information at any time online by accessing your password-protected registration page on the Application.

Use of the Service by Children

Online Links to Other Sites

If any part of the Application links you to websites or enables the download of third party software, those websites, software or related services are not subject to this Privacy Policy. Any Personal Information you provide on the linked pages is provided directly to that third-party and is subject to that third party’s provider’s privacy policy. Except as described above, Hello Heart is not responsible for the content or privacy practices of websites to which we link. Links from our site to third parties or other websites are provided for your convenience. We encourage

you to learn about the privacy practices of each web site before providing them with Personal Information.

Additional California Disclosures

California "Shine the Light" Law

California law, known as the “Shine the Light” law, allows California residents to request and obtain from us a list of the Personal Information (if any) that we disclosed to third parties for direct marketing purposes. We will never disclose your Personal Information to third parties for direct marketing purposes without your consent, but if you would like to make a request for information under this law, please send an email message to support@helloheart.com with "Request for California Privacy Information" in the subject line of your message.

California Non-Discrimination Disclosure

We will not discriminate against you for exercising any of your California privacy rights under the California Consumer Privacy Act. For example, if you exercise your California privacy rights, we may not, on that basis:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Questions or Concerns

If you have any questions or concerns about this privacy statement or would like to contact us for any reason, you can contact us at contact@helloheart.com.

Changes to this Statement

Hello Heart reserves the right to change this privacy statement at any time, but will alert you that changes have been made by indicating at the top of the privacy statement the date it was last updated. We encourage you to review our privacy statement to make sure you understand how your information will be used. If there is ever a material change to how we use your information and the new uses are unrelated to uses we disclose in this statement, we will communicate the changes

in advance as described above, and such changes will apply following the date of such change.

Appendix A

Processing to make the App run

In some situations, we engage other companies to process your Personal Data on our behalf. We refer to these companies as “processors.”

Processors are companies that help us run the Services, support our communication with you or perform other App-related activities. They may process certain Personal Data on our behalf to accomplish the goals related to the App functions and associated activities. We remain responsible for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.

Here is the list of our main processors upon which we rely:

Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Infrastructure and security
AWS - Server and Database environment
https://aws.amazon.com/privacy/
All Personal Data
Storage of all Personal Data when you use the App
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Shared Health Data System
HumanAPI - Health Data Integration Platform
https://www.humanapi.co/privacy-policy
All Personal Data
Option for additional information regarding your health from your providers
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Patient Payment Platform
Waystar
https://www.waystar.com/privacy-policy/
-
Processing payments
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Infrastructure and security
Google Workspace
https://policies.google.com/privacy?hl=en-US
All Personal Data
Storage of provided information
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Email Communications
Iterable
https://iterable.com/trust/privacy-policy/
Name, Address, Email Address
User marketing to improve engagement with the system
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
User Support
Zendesk (Zendesk Inc. USA)
https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
Name, Email Address, Phone Number, Content of emails, Address
To process and sort all emails received from you

Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Prospecting & Marketing
Zoom Info
https://www.zoominfo.com/about-zoominfo/privacy-policy
IP Address and location
Analyzing the organizations that re visiting our website
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
SMS Communications
Twillio
https://www.twilio.com/legal/privacy
Phone Number
Communicating with users via text messaging
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
User Support
Forethought AI
https://forethought.ai/privacy-policy
Name, email address, phone number
When you request support, we will use this information to contact you and troubleshoot any issues you are having
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
User Support
ShyftOff
https://www.shyftoff.com/archive/information/privacy-policy
Name, email address, phone number
When you request support, we will use this information to contact you and troubleshoot any issues you are having
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Inventory Management and Logistics
Rush Order
https://rushorder.com/privacy-policy/
Name & Address
Storing & shipping BP monitors and printing and mailing marketing material
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Analytics
Google Analytics
https://policies.google.com/privacy?hl=en-US
Session statistics, approximate geolocation, browser & device information
Understand how visitors are interacting with the Hello Heart website
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Business to Business Marketing
Pardot
https://www.salesforce.com/company/privacy/
IP Address
Connecting our team to organizations looking into our services
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Business to Business Marketing
Salesloft
https://salesloft.com/privacy-notice/
IP Address
Connecting our team to organizations looking into our service
Type
Processor
Processor's Privacy Policy
Data Collected
Purpose
Business to Business Marketing
Wistia
https://wistia.com/privacy
IP Address & Cookie Information
Connecting with people viewing our marketing videos and podcasts