Health Keeper Privacy Policy

Effective Date: November 26, 2025

1. Introduction

1.1. About This Policy

This Privacy Policy ("Policy") governs your use of the Health Keeper mobile application (the "App"). It describes the types of information Health Keeper ("we," "us," or "our") collects from you, how we use it, with whom we may share it, and the choices you have regarding your information.

1.2. Scope of Services

The App provides health and wellness tracking features for adult users, including but not limited to: heart rate measurement, blood pressure and blood sugar recording, water intake tracking, and step counting.

1.3. Not for Children

The App and its services are not directed to children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take all reasonable steps to delete it immediately. Please contact us at [email protected] if you believe a child under 13 has provided us with data.

1.4. Your Acknowledgement

By downloading, accessing, or using the App, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our App.

2. Information We Collect

We collect information that you provide directly, automatically when you use the App, and from third parties, as described below.

2.1. Information You Provide Directly

• Health and Profile Data: This includes health metrics you measure or record, such as heart rate, blood pressure, blood sugar values, and water intake logs. It also includes optional profile information like your age, weight, and height. Please note: Age, weight, and height are used for local BMI calculation on your device and are not transmitted to our servers.

2.2. Information Collected Automatically

• Device Information: When you use the App, we automatically collect certain information about your device, including your Advertising ID (for device-specific functionality and analytics, as further described in Section 4), device model, operating system version, and network type.
• Usage Data: We collect anonymous information about your interactions with the App, such as which features you use and your session duration, to help us understand and improve user experience.
• On-Device Health Data: The App uses your device's sensors (e.g., camera for heart rate) to collect health metrics like heart rate and step count. This data is processed and stored exclusively on your device ("on-device only") and is not transmitted to our servers. In the future, if we introduce cloud sync features, we will seek your explicit opt-in consent before transferring any such data to our servers.

2.3. Information from Third Parties

We may receive limited, non-health data from trusted third-party service providers (e.g., for analytics and crash reporting, as detailed in Section 4). We require these partners to adhere to strict data protection obligations. Under our current operations, we do not receive personally identifiable health data from any third party.

3. Purposes and Legal Basis for Processing Your Information

We process your personal information only for specified, explicit, and legitimate purposes, and we rely on a valid legal basis for each processing activity, as required by applicable data protection laws.

3.1. To Provide Our Core Services

We process your health data (such as heart rate, blood pressure, and blood sugar) and the profile information you enter (like age, weight, and height) to deliver the fundamental functionalities of the App. This includes measuring, displaying, and allowing you to track your health metrics. The legal basis for this processing is the performance of the contract between you and us, as it is necessary to provide the services you have requested.

3.2. For Analytics and Service Improvement

We process pseudonymized usage data and device information (such as feature interaction and device model) to analyze how the App is used, identify and fix crashes, and improve our overall service. For this purpose, we rely on your explicit consent as the legal basis. You may withdraw this consent at any time by emailing us at [email protected], without any impact on your access to the core health-tracking services.

3.3. For Security and Fraud Prevention

We process device identifiers and related log data to maintain the security of our App, prevent fraud, and protect against misuse. This processing is based on our legitimate interests in ensuring the integrity and safety of our service and our users. We have balanced these interests against your privacy rights and believe they do not override your fundamental freedoms.

4. Data Sharing and Disclosure

We do not sell your personal information. We only share your data in the following limited circumstances.

4.1. Service Providers

We may share your data with our service providers to achieve the purposes described in this Privacy Policy.

• Google Firebase: https://policies.google.com/privacy
• Google Analytics: https://policies.google.com/privacy

4.2. Legal Obligations and Safety

We may disclose your information if we are required to do so by law, or if we believe in good faith that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of users of the App or the public, or (d) protect against legal liability.

5. Security

We are committed to protecting the security of your personal data. We work hard to implement administrative, technical, and physical safeguards designed to protect your data from unauthorized access, alteration, disclosure, or destruction.

6. Your Data Rights

Depending on your location, you may have certain rights over your personal data.

• If you are in the UK or European Economic Area, you have rights under the GDPR to access, correct, or delete your data; restrict or object to processing; receive your data in a portable format; withdraw consent; and lodge a complaint with your local data protection authority.
• If you reside in California, you have rights under the CCPA/CPRA to know what personal information we collect, request deletion, opt out of the “sharing” of your data (for example, device identifiers used in analytics), and not be discriminated against for exercising these rights. To opt out, email us at [email protected] with the subject line “CCPA Opt-Out.”
• Users in Virginia have rights under the VCDPA to confirm whether we process their data, access and correct it, delete data they provided, and appeal decisions about automated processing.
• In Australia, the Privacy Act grants you the right to access and correct your personal information, request anonymity where practicable, and complain if you believe your data was mishandled. We commit to investigating all complaints promptly.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days, or up to 90 days for complex requests, with notice.

How We Process Your Requests

• Verifiable Request: We are required by law to verify your identity before processing most rights requests. We will use the information you provide in your request to match it with the information we hold.
• Handling On-Device Data: Please note that if your health data is stored locally, you can access, correct, and delete this data directly within the App at any time. Uninstalling the App will permanently delete this local data.
• Response Time: We will respond to your verifiable request within 45 days. If we require more time (up to an additional 45 days), we will inform you of the reason and the extension period.

7. Data Retention

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. International Data Transfers

If your data is transferred outside your country—for example, to Firebase servers located in the United States—we implement appropriate safeguards. These include Standard Contractual Clauses approved by the European Commission for users in the EEA, and reliance on Google’s commitments under the EU-U.S. Data Privacy Framework.

9. Policy Updates

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. Additionally, we may let you know via email and/or a prominent notice in our app. If you use the app after we have updated this policy, you agree with those changes.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or believe your data has been mishandled, please contact us at:
Email: [email protected]

We are committed to addressing your concerns in good faith and in a timely manner.