Privacy Policy

Last updated: April 9th, 2025

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use the Service and tells you about your privacy rights and how the law protects you.

We collect and use your personal data to operate, personalize, and improve our services. By using the Service, you agree to the collection, use, and handling of your data as described in this Privacy Policy.

Interpretation and Definitions

Interpretation

The words with capitalized initial letters have meanings defined under the following conditions. These definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

  • You: The individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service.
  • Company: (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Cardilog PTY LTD, ACN: 686097290
  • Application: The software program provided by the Company downloaded by You on any electronic device, named Cardilog.
  • Service: Refers to the Application.
  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • Data Controller: The Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Collecting and Using Your Personal Data

Types of Data Collected

  • Personal Data: While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
    • Email address
    • First name and last name
  • Usage Data: Usage Data is collected automatically when using the Service. This may include information such as Your Device’s Internet Protocol address (e.g., IP address), browser type, browser version, the components of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Health Data Synchronization and Privacy

At Cardilog, protecting your data is our top priority. To allow you to sync your health data across multiple devices, we use a secure and encrypted synchronization service. Your health records are stored safely and are only accessible to you.

We do not sell your health data under any circumstances.

By using our application, you agree to the collection, use, and secure synchronization of your information as outlined in this Privacy Policy.

What We Mean by Health Data

In Cardilog, Health Data refers to the information you manually enter or sync through integrations, including:

  • Systolic blood pressure (SYS)
  • Diastolic blood pressure (DIA)
  • Heart rate
  • Tags (e.g., “after workout”, “morning reading”)
  • Notes you attach to each entry

This data helps generate insights, visualize trends, and support your health goals.

Importantly, this Health Data is not directly linked to your identity. We do not require your real name or other identifying details to use the app. Health entries are stored securely and are treated as non-identifiable.

What We Mean by “Non-Identifiable Health Data”

When we talk about non-identifiable health data, we mean that the information you enter — such as your blood pressure readings, heart rate, tags, and personal notes — is not linked to your name, email, or any personal details.

Even if you log detailed health information, we store it in a way that does not reveal who you are. Unless you choose to sign in with an email or add personal information, the data remains completely anonymous.

This approach protects your privacy while still allowing you to track your progress, view trends, and sync across devices if you choose to.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service: Including to monitor the usage of our Service.
  • To manage Your Account: To manage Your registration as a user of the Service.
  • For the performance of a contract: The development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email or other equivalent forms of electronic communication regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates when necessary or reasonable for their implementation.
  • To manage Your requests: To attend and manage Your requests to Us.

Email Communication and GDPR Compliance

With your consent, we may occasionally send you emails related to:

  • Product updates and improvements
  • New features and tips
  • Promotions or special announcements

These emails are designed to enhance your experience with Cardilog.

Under the General Data Protection Regulation (GDPR), we will only send you marketing emails if you have explicitly opted in—either by checking a consent box during signup or by subscribing through our app or website.

You have the right to withdraw your consent at any time. Every marketing email we send includes a clear “Unsubscribe” link at the bottom. Clicking this link will remove you from future marketing communications.

Please note: You may still receive essential service-related emails (such as account notices, security updates, or changes to legal terms), as these are considered necessary for app functionality and do not require separate consent.

Third-Party Services

We use trusted third-party service providers to support the functionality of our app. These may include:

  • Cloud hosting providers
  • Analytics and crash reporting services
  • Email delivery services

These providers process data on our behalf and under strict confidentiality agreements. They are only given access to the minimum data necessary to perform their tasks and are required to comply with applicable data protection laws.

Children’s Privacy

Cardilog is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that data has been collected from a minor without consent, we will promptly delete it.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

Data Security

We implement robust security measures to protect your personal and health data from unauthorized access. Despite our efforts, no data security measures can guarantee 100% security.

Your Rights

You have certain rights regarding your personal and health data. These rights may vary depending on your location and the applicable data protection laws, such as the General Data Protection Regulation (GDPR) in the EU/EEA. These include:

Right to Access
You have the right to request a copy of the personal and health data we hold about you. We will provide this information in a clear and accessible format.

Right to Rectification
If you believe any of your information is incorrect or incomplete, you can request that we correct or update it.

Right to Erasure (Right to Be Forgotten)
You can ask us to delete your account and all associated data at any time. This can be done through the app or by contacting us directly.

Right to Restrict Processing
In certain cases, you can request that we temporarily suspend the processing of your data, for example if you are contesting its accuracy.

Right to Data Portability
You have the right to receive your personal and health data in a commonly used format and, if technically feasible, to have that data transmitted to another service.

Right to Object
You can object to the processing of your data where we rely on legitimate interests, or when your data is used for direct marketing purposes.

Right to Withdraw Consent
If we process your data based on your consent (for example, for marketing emails), you can withdraw that consent at any time. This does not affect the legality of processing carried out before you withdrew consent.

Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to file a complaint with your local data protection authority.

How to Exercise Your Rights
To exercise any of these rights, please contact us at:
info@cardilog.com.au

We will respond to your request within the time required by applicable law, usually within 30 days.

Changes to This Privacy Policy

We may update our Privacy Policy periodically. We will notify you of any changes by posting the new policy on our website and within the app.

Contact Us

If you have any questions about this Privacy Policy, please contact us at info@cardilog.com.au