Privacy Policy

Last updated: 25 Mar 2026

HeartShare ("we", "our", or "the App") respects your privacy and is committed to protecting it through compliance with this Privacy Policy, which outlines how we collect, use, and protect your Personal Data when you use our app available on iOS, watchOS and Android (hereinafter "Service").

The data controller of Personal Data collected on the App is individual entrepreneur Paraniuk Roman (hereinafter "Data Controller"), registered in accordance with the laws of Ukraine

1. Personal Data we process

While using our Services, we may ask you to provide us with certain personal data that can be used to identify you ("Personal Data"). We respect your privacy and aim to limit the Personal Data that we collect from you to the amount which is strictly necessary to fulfil the purposes of processing.

We may ask you to provide only limited personal data, specifically:

  • Account information: email address and password.
  • Health data: heart rate.
  • Subscription and billing information is handled securely by the App Store and Google Play. The App does not store or process payment details.

2. How we collect your data

When you join HeartShare, you can quickly create an account using your existing Apple or Google credentials.

  • Sign in with Apple: If you choose this method, HeartShare exchanges certain information with Apple, such as device data, IP address, and basic account info. You control what information you share with Apple through your Apple ID settings.
  • Sign in with Google: By choosing this method, you authorize us to collect basic info, such as your email address and name. You can manage these permissions at any time within your Google account settings.
  • Heart rate data (biometric/health-related data) collected from compatible devices with your consent (e.g., Apple Watch, Xiaomi Mi Band 10, Garmin HRM, Garmin Watches, Whoop, and other BLE-enabled wearables and heart-rate sensors). Heart rate may be collected:
    • via Bluetooth Low Energy (BLE) connections to supported devices;
    • via Apple HealthKit, when you connect Apple Watch/Health permissions (Apple platforms only).
  • The App may allow you to share your heart rate data with another user (for example, a trainer/coach) if you choose to enable that feature and select the recipient. You control whether and with whom you share.

3. Why we process your data

Our mission is to keep improving the App and bring you enjoyable experiences. To do this, we use your information for these main purposes:

  • To make our service available - we use the details you provide, functional data, and automatically collected information to make all the App's features and services available to you.
  • To show you more relevant ads and content - we may use automatically collected information for marketing purposes — such as displaying ads or other content that better matches your interests and preferences. However, we never use Health Data (heart rate) or data collected via Apple HealthKit for marketing or advertising purposes.
  • For peer-to-peer sharing - to facilitate the transmission of heart rate data to your designated Coach/Trainer at your explicit request.
  • To stay in touch with you - we use your contact details to send you newsletters, marketing updates, requests for feedback about your experience with the App, and important notices about our policies or terms.

4. Your data protection rights

You have the following rights with respect to your personal data:

  • Right to Withdraw Consent - you have the right to withdraw previously given consent to process your Personal Data.
  • Right to Be Informed - you have the right to be informed about the collection and use of your Personal Data.
  • Right to Access - you have the right to view and request copies of your Personal Data.
  • Right to Rectification - you have the right to request correction of inaccurate or outdated personal information.
  • Right to Be Forgotten/Right to Erasure - you have the right to request the deletion of your Personal Data. Note that this is not an absolute right and may be subject to exemptions based on certain laws.
  • Right to Restrict Processing - you have the right to request the restriction or suppression of your Personal Data.
  • Right to Data Portability - you have the right to request the transfer of your data to another controller or to have it provided to you in a machine-readable electronic format.
  • Right to Object - you have the right to object to the processing of your Personal Data.
  • Right to Object to Automated Processing - you have the right to object to decisions being made with your data solely based on automated decision-making or profiling.
  • Right to Lodge a Complaint - you have the right to lodge a complaint with a supervisory authority.

In addition to the rights above, under the California Consumer Privacy Act of 2018 (CCPA) residents of California have the following rights:

  • Right to Know – residents of California have the right to request that we disclose the categories and specific pieces of personal information that we have collected about them, the categories of sources from which the information was collected, the purposes for which the information was collected, and the categories of third parties with whom we have shared the information.
  • Right to Delete – residents of California have the right to request the deletion of their personal information that we have collected, subject to certain exceptions as permitted by law.
  • Right to Opt-Out – residents of California have the right to opt-out of the sale of their personal information. However, please note that we do not sell personal information to third parties.

5. Retention of Personal Data

We retain your account information (email address and password) for as long as your account remains active, and for a limited period thereafter as needed for security, backup, fraud prevention, and legal compliance. Where permitted by law, you may request deletion of your account and associated personal information.

Heart rate data collected during a session is processed on a session-only basis. Once a session ends either when you end it manually or automatically after two (2) hours - the heart rate data from that session is no longer displayed and is not stored by us. If you choose to share heart rate data with another user during an active session, that sharing occurs only for the duration of the session.

6. Children's Privacy

We do not knowingly collect or use personal data from children under the age of 16. When you are using our Services, you are required to confirm that you are at least 16 years old or that your parents have agreed that you can use the App.

If you are located in the EU, you can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country, or if you have the consent of your parent or legal guardian.

If you are a parent and learn that your child is using our Services without your permission, or if you have a specific question about data privacy at the App, do not hesitate to get in touch with us at HeartShare.help@gmail.com.

If you are located in the United States, you cannot use the App if you are under 13 years old. If the App gains actual knowledge that information has been collected from children under the age of 13 in the United States contrary to the Children's Online Privacy Protection Act of 1998 and the regulation thereunder, the App will not disclose this data and reserves the right to immediately delete the account and wipe all related information, including sensitive data of the user.

7. HIPAA Disclaimer

While we process certain health information that you choose to share with us through our Services, we are not a "covered entity" or "business associate" under the U.S. Health Insurance Portability and Accountability Act (HIPAA). This means that the specific HIPAA requirements governing healthcare providers and insurers do not apply to our Services.

Nevertheless, we protect your health information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws, and we apply robust technical and organizational safeguards to ensure its security and confidentiality.

That said, we still treat heart rate data as sensitive and apply appropriate safeguards as described in this Policy.

8. Security of Personal Data

We use a variety of physical, technical, and administrative security measures to ensure the confidentiality of your Personal Data, and to protect your Personal Data from loss, theft, unauthorised access, misuse, alteration or destruction as well as from other illegal actions of third parties.

9. International Data Transfers

9.1. If you are located in the EEA, make a notice that your Personal Data may be transferred to countries outside the EEA.

9.2. We shall take additional measures in order to establish that your Personal Data is treated just as safely and securely as it would be within the European Union and under the Data Protection Legislation as follows:

  • choosing only partners and services that are compliant with the EU standards;
  • limiting access to your Personal Information to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality;
  • procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data) including notifying you and the governing authority where we are legally required to do so.

9.3. Your Personal Data may also be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

9.4. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

9.5. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

10. Changes to this Privacy Policy

We reserve the right to amend the Privacy Policy at any time, for any reason. The most recent Privacy Policy will always be published on this page. Any changes to the Privacy Policy will be effective as of the moment of its appearance on this page.

Please check this page periodically for changes and refer to the "last updated" date at the top of the page to know if it has been revised since your last visit. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you of them.

11. How to contact us

If you have any questions or concerns about this Privacy Policy or the way in which we handle your personal data, please contact us at: HeartShare.help@gmail.com.