Privacy Policy

Last updated: January 1, 2024

1. Introduction

CardioMood SA ("CardioMood," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you provide directly to us, including:

  • Name, email address, phone number
  • Account credentials
  • Billing and payment information
  • Company name and job title (for business accounts)
  • Communications with us

2.2 Health Data

When you use our Services, we collect health-related data, including:

  • Heart rate and heart rate variability (HRV) measurements
  • Sleep data and patterns
  • Activity and movement data
  • Stress and readiness scores
  • Biofeedback session data

2.3 Device and Usage Information

We automatically collect certain information when you use our Services:

  • Device identifiers and hardware information
  • Operating system and browser type
  • IP address and location data
  • App usage statistics and preferences
  • Log data and analytics

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process transactions and send related information
  • Generate personalized health insights and recommendations
  • Communicate with you about products, services, and updates
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage trends and preferences
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

4. Legal Basis for Processing (EEA/UK)

If you are in the European Economic Area or UK, our legal bases for processing are:

  • Contract: Processing necessary to perform our contract with you
  • Consent: Where you have given explicit consent for health data processing
  • Legitimate interests: For business purposes that don't override your rights
  • Legal obligation: Where processing is required by law

5. Information Sharing

We may share your information in the following circumstances:

  • With your consent: When you authorize sharing with third parties
  • Service providers: With vendors who assist in providing our Services
  • Business transfers: In connection with mergers, acquisitions, or sales
  • Legal requirements: To comply with laws, regulations, or legal processes
  • Protection: To protect the rights and safety of CardioMood and others

We do not sell your personal health data to third parties.

6. Data Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption for data at rest and in transit
  • Secure server infrastructure with access controls
  • Regular security audits and penetration testing
  • Employee training on data protection
  • Incident response procedures

7. Data Retention

We retain your data for as long as necessary to provide our Services and fulfill the purposes described in this policy. You can request deletion of your data at any time, subject to legal retention requirements.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we use your data
  • Objection: Object to certain processing activities
  • Withdrawal: Withdraw consent at any time

To exercise these rights, contact us at privacy@cardiomood.com or use the controls in your account settings.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

Our Services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. You can control cookies through your browser settings. For more information, see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy and updating the effective date. Your continued use of our Services constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or our data practices, contact:

CardioMood SA
Data Protection Officer
Chemin du Pré-Fleuri 5
1228 Plan-les-Ouates
Geneva, Switzerland
Email: privacy@cardiomood.com

You also have the right to lodge a complaint with your local data protection authority.