- "HeartCloud:" the web application residing at https://heartcloud.io
- "HeartCloud Account:" a registered user account on https://heartcloud.io, representing an individual, natural person
- "HeartCloud for Health Practices Accounts:" a registered account on https://practices.heartcloud.io, which includes at least one physician representing their own practice (or a healthcare provider) where that physician is licensed to practice medicine and, potentially, other individuals (e.g., staff members or agents) associated with each physician and/or an employing healthcare provider
- "Service:" collectively, HeartCloud, HeartCloud Sync, and HeartCloud for Health Practices.
- "Company:" HeartCloud, Inc., which makes available the Services
- "User:" A customer of HeartCloud who has a HeartCloud User Account
- "Apple Health Export File:" a file named "export.zip" that is created from the Apple Health app’s option to export all data from HealthKit
- "Data Protection Representative:" HeartCloud, Inc.’s representative for purposes of data protection and privacy is Alex Podobas, JD ((424) 222-9470 and [email protected])
- The iOS app, which is limited to iPhone devices, named "HeartCloud Sync"
- https://heartcloud.io or https://www.heartcloud.io and any subdomains on either (referred to herein as "HeartCloud.io")
- https://www.heartcloud.io or https://www.practices.heartcloud.io and any subdomains on either (referred to herein as "HeartCloud for Health Practices")
How Information is Collected
There are multiple ways in which the Service "collects" different types of information:
- First, HeartCloud Sync collects data available on a User’s iPhone that resides in Apple’s HealthKit platform (see https://developer.apple.com/healthkit/). This data includes what is listed here (as of 9/8/19): https://developer.apple.com/documentation/healthkit/data_types?language=objc. As the HealthKit documentation is updated from time to time, the types of data available for HeartCloud will be updated.
- Second, HeartCloud allows a User to upload data to their HeartCloud Account by creating an Apple Health Export File and subsequently importing that ZIP file into HeartCloud once authenticated. The Company encourages Users to upload data in this fashion if they have Apple Watch-collected electrocardiogram (ECG) readings available through the Health App on their iPhone, as ECG readings cannot be collected by the HeartCloud Sync iOS app.
- Third, HeartCloud for Health Practices does not collect any information directly from a User’s iPhone. There is no ability for any user of a HeartCloud for Health Practices account to exercise any control or invoke any functionality on a User’s iPhone.
What Information Is Collected
Information Natively Collected from HealthKit:
Data and metadata collected by the Apple Watch and third party (non-Apple, Inc.) digital health devices, including, but not necessarily limited to blood pressure cuffs, glucometers, spirometers, and weight scales (which may include both body mass (weight) and BMI, in either pounds, stone, or kilograms)
|HealthKit Data Type
||Details About Information That Is Or May Be Collected By The Service
|Data Related to Heart Rate:
- Raw Heart Rate (Beats Per Minute)
- Resting Heart Rate
- Walking Heart Rate Average
- Heart Rate Variability (Including Millisecond Beats)
- Measurement Unit(s) (e.g., BPM)
- Instances of Apple-calculated High and Low Heart Rate Events (iOS 12.2 and later)
- Instances of Apple-calculated Irregular Heart Rhythms (iOS 12.2 and later)
|Data From Apple Watch Series 4 Electrocardiograms:
- Recording Date and Time
- Type of Lead (Apple Watch Series 4 is Comparable to a Single Lead ECG)
- Classification (Sinus Rhythm, Atrial Fibrillation, Or Inconclusive (Including, If Applicable, The Reason for the Inconclusive Reading))
- Any Symptoms You Noted After the ECG Reading On Your Apple Watch
- Numeric Electrical Voltage Values
- Measurement Unit(s)
|Data Related To Daily Activities:
- Resting (Basal) Calories Burned
- Active Calories Burned
- Exercise (Active Minutes)
- Step Count
- Move Distance (Walking/Running)
- Move Distance (Cycling)
- Move Distance (Swimming)
- Move Distance (Downhill snow sports, such as skiiing or snowboarding)
- Daily Activity Goals and Progress Made or Completed Toward Each
- Measurement Unit(s) (e.g., Steps, Feet, Etc.)
|Data Related to Blood Pressure:
- Brand of the 3rd HealthKit Device Used (e.g., Qardio) And The Blood Pressure Cuff's Device Name And Version
- Date and Time of the Blood Pressure Reading
- Blood Pressure (Systolic)
- Blood Pressure (Diastolic)
- Measurement Unit(s) (e.g., mmhg)
|Data Related to Blood Glucose:
- Brand of the 3rd HealthKit Device Used (e.g., Dexcom or Medtronic) And The Glucometer's Device Name And Version
- Date and Time of the Glucometer Reading
- Glucose Level
- Measurement Unit(s) (e.g., mg/dL)
|Data Related to Weight And Body Mass Index (BMI)
- Brand of the 3rd HealthKit Device Used (e.g., Qardio or Nokia) And The Weight Scale's Device Name And Version
- Date and Time of the Weight Scale Reading
- Measurement Unit(s) (e.g., pounds or kilograms)
|Data Related to Lung and Breathing Physiology Based On Spirometer Readings:
- Brand of the 3rd HealthKit Device Used (e.g., Qardio or Nokia) And The Spirometer's Device Name And Version
- Date and Time of the Weight Scale Reading
- FEV1, FVC, PEF and FEV1/FVC raw values and/or ratios
- Measurement Unit(s)
|Data Related to VO2 (Volumetric Oxygen) Max:
- Date and Time of the VO2 (Volumetric Oxygen) Max Calculation
- Apple's HealKit Classification Of the Calculation (Max, SubMax, etc.)
- Measurement Unit(s)
|Data Related to Workout Sessions:
- In general, all data related to that which is collected by various types of workout sessions as available through Apple's HealthKit platform (see: https://developer.apple.com/documentation/healthkit/hkworkouttype), which may include, but is not limited to, GPS location data (which includes latitude and longitude, speed, altitude, accuracy measurements related to vertical and horizontal positioning), distance traversed (whether by running, walking, hiking, swimming, cycling, or downhill snow sports), the number of swimming strokes and the quantity of each, and significant events taken during the workout (such as certain distance segments and when a workout was paused and resumed, if at all).
- Date and Time of the Workout
- Type of Workout
- Workout GPS Data (Latitude and Longitude)
- Workout Route
- Swimming laps, stroke counts, and pool lap lengths
- Calculated, aggregated, or incremental distances moved by you during the course of your workout session
- Calculated, aggregated, or incremental calories exerted by you during the course of your workout session
Information Added By HeartCloud
Depending on the context, the Company may utilize various data listed above under "Information Natively Collected from HealthKit" to acquire data from third party services. Currently, the following data is utilized for the following purposes:
- The Company uses Dark Sky (see https://darksky.net/dev) to obtain historical weather conditions at a particular date, time, and GPS coordinates (longitude and latitude) associated with a User’s workout session captured by their Apple Watch. Any historical weather data result(s) are stored along with the workout session.
- The Company uses LocationIQ (see https://locationiq.com/) to obtain geopolitical location information associated with a latitude and longitude (such as a country, city, postal code, which is generally known as "reverse geocoding") to update a User’s workout session with information about where exactly that workout session started and ended. This may include geolocation information, political designation of a place (e.g., township, hamlet, unincorporated, etc.), city, state, country, postal code, type of terrain, and other characteristics about a place.
- The Company uses Mapbox, Leaflet, and Apple Maps to provide visualizations of location and route data on different styles of maps associated with a User’s workout session (if GPS data were collected during that workouts session).
In addition to information collected from HealthKit or subsequently added by HeartCloud, individual, natural persons may manually input data into the Service.
- A HeartCloud User may input their first name last name, height, weight, units of weight and height, whether they are a smoker, any health conditions or medications that they are taking, and notes on their workout sessions.
- A HeartCloud for Health Practices user may view all information provided by a HeartCloud User if that user has consented to sharing their data with that HeartCloud for Health Practices account. Subsequently, a HeartCloud for Health Practices user may enter notes on a patient's data, add ICD-10 diagnosis data or medication data from the U.S. National Library of Medicine's Clinical Table Search Service.
What We Do With the Information Collected
Once a User has synchronized data into their HeartCloud account through the iOS app or imported it manually through the HeartCloud website, their health, fitness, and activity data is stored in various database tables and linked to their User Account through one or more unique identifiers.
Each ECG reading’s data is contained within a single CSV file in the ZIP file exported from a User’s Health app on their iPhone. After ECG data has been processed and stored into HeartCloud’s database and associated with a User Account for the logged in account which uploaded one or more ECG readings, each CSV file is promptly deleted by HeartCloud.
Given the extraordinary sensitivity of User data uploaded to the Service, the Company does not make data available to third parties, with one important exception: that third party is a HeartCloud for Health Practices Account and a physician-patient relationship has been established between (1) a User and (2) a healthcare provider using a HeartCloud for Health Practices Account.
The Company does not utilize the Service or User data for any advertising purposes, nor does the Company allow third parties to utilize the Service or User data for any advertising purposes. The Company is aware of the extraordinarily sensitive nature of the data uploaded to, or made accessible through, the Service by means of the functionality offered by HeartCloud Sync, HeartCloud, and HeartCloud for Health Practices. The Company does not permit or otherwise facilitate third party access to User data on the Service, nor does the company facilitate any such access, with one exception: that third party is a physician or healthcare provider organization that has been explicitly authorized by a HeartCloud User under a physician-patient relationship.
From time to time, the Company may need to consult with its outside counsel (attorneys who do not work directly for the Company, but rather practice independently, such as at a law firm) regarding specific uses of User data in light of changes to statutory law, common law, regulations, or various types of government requests. The Company may also have its data reviewed from time to time by U.S. government officials (e.g., from the Food and Drug Administration) for compliance with U.S. law and regulations.
Where We Store Your Information
The Company does not use its iOS app to make or to store separate copies of information shown in Apple’s iOS Health and Activity apps. HeartCloud Sync stores a limited amount of information on a user’s iPhone:
HeartCloud Sync (iOS App):
- An authentication token. This changes each time you log into your HeartCloud User Account from HeartCloud Sync.
- Once signed into a HeartCloud User Account, the HeartCloud Sync app will ask HeartCloud for the date and time of the chronologically last result for a particular data type (for example, the date and time of the most recent synchronized heart rate). If a result is returned that contains a date and time result, then both the date and time and the type of data it relates to are stored on a User’s iPhone. This data may be overwritten should HeartCloud inform HeartCloud Sync that a more recent result is available.
- HeartCloud and HeartCloud for Health Practices: Data synced to HeartCloud by HeartCloud Sync or uploaded to HeartCloud manually from an Apple Health Export File is stored in a database and associated, through the use of one or more unique identifiers, with a User and their HeartCloud Account. That database physically resides within the borders of the United States of America in various data centers in at least one state.
- Backups: From time to time, authorized personnel at the Company may create and encrypt backups of the contents of HeartCloud databases, which are then subsequently stored on external, physical storage media within one or more digital containers, each of which may be encrypted and protected by other authentication mechanisms.
To Modify Or Delete Your Data
A User can make changes to their name and other medically-informative information by signing into HeartCloud and then clicking or tapping the "Me" link on the sidebar.
A User can delete their data from the HeartCloud by signing into HeartCloud and then clicking or tapping the "Manage My Data" link under the settings page of their account to delete data which they have uploaded to their HeartCloud Account.
Each jurisdiction has its own laws and regulations regarding the duration for which data created as a result of, made available under, or otherwise associated with a physician-patient relationship must be held. Therefore, a healthcare provider with which you are currently, or have in the past, shared your HeartCloud Account data with may be required to retain data as part of their patient record-keeping requirements, even if you have made a request of the Company to delete such information or have deleted that information yourself from your own HeartCloud Account.