Privacy Policy - BP Logger

At BP Logger, your privacy is our top priority. This Privacy Policy explains how we collect, use, store, and protect your personal and health information when you use our blood pressure tracking application.

Privacy-First Data Storage

By default, all your health data is stored exclusively on your device. You can use BP Logger without an account. We offer an optional account creation feature if you wish to back up your data and sync it across multiple devices.

The App uses an anonymous app-generated device identifier for guest users. If you create an account, we use your email for authentication and backup. We do not sell your data or share it for advertising purposes.

1. Information We Collect

1.1 Health Information You Provide

When you use BP Logger, you voluntarily provide health-related information, including:

Blood pressure readings: Systolic and diastolic values, heart rate, measurement timestamps
Medications: Names, dosages, and schedules of medications you track
Notes and context: Optional notes about your readings (e.g., "after exercise," "before medication")
Family member profiles: Names and health data for family members you add (Premium and Family plans)
Photos: Images of blood pressure monitors or handwritten notes uploaded for AI extraction (stored temporarily and deleted after processing)

1.2 Account and Device Identification

Account creation is optional. You can use the App as a guest, or create an account to back up your data.

Guest Users: The App generates a random, anonymous identifier for your device. This is used for processing AI requests and optional analytics.
Registered Users: If you create an account, we collect your email address to provide authentication, data backup, and synchronization across your devices.

This identifier is not linked to your identity, email address, or any personal information.

1.3 Technical and Device Information

We automatically collect certain technical information to ensure the App functions properly:

Device type, model, and operating system version
App version and installation ID
Crash logs and error reports (via Firebase Crashlytics) to diagnose and fix bugs
IP address and general location (country/region level only, for analytics)

1.4 Analytics Data (Optional)

If you opt in to analytics in the App settings, we collect anonymized usage data to improve the App:

Which features you use and how often
Navigation patterns within the App
Performance metrics (e.g., load times, response times)

Important: Analytics data is strictly anonymous and does not include your blood pressure readings, medications, notes, or any personal health information. We use PostHog and Langfuse for this purpose.

You can opt out of analytics at any time in Settings → Data & Privacy.

1.5 Feedback and Contact Submissions

What we collect when you contact us

When you submit feedback or contact us through the App or our website, we collect the information you provide (e.g., your email address and message). To protect the service and prevent abuse, our backend also automatically logs limited technical information associated with the submission, including your IP address, your browser or device user-agent, and basic request metadata (such as content length).

This information is used solely for operational purposes like rate limiting, spam and abuse prevention, and monitoring service health. It is stored alongside your feedback in our support system (Firebase) and is not used for advertising or sold to third parties.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Core App Functionality

Store and organize your blood pressure readings locally on your device
Generate charts, trends, and insights from your data
Enable AI extraction of readings from photos (images sent anonymously to Firebase Cloud Functions, processed, and deleted within 24 hours)
Generate PDF reports and CSV exports locally on your device for sharing with healthcare providers

2.2 App Improvement and Support

Diagnose and fix technical issues and bugs
Understand how users interact with the App to improve usability
Provide customer support when you contact us

2.3 Legal and Security

Comply with legal obligations and respond to lawful requests
Protect against fraud, abuse, and security threats
Enforce our Terms of Service

3. How We Store and Protect Your Data

3.1 Data Storage

Storage and Backup Options

By default, your health data is stored exclusively on your device in a local SQLite database. If you choose to create an account, your health data is encrypted and backed up to our secure cloud servers (Firebase) to enable synchronization across your devices and prevent data loss if you lose your device.

Images for AI processing: When you use the AI extraction feature, images are temporarily sent to Firebase Cloud Functions with EXIF metadata stripped. The processing uses your anonymous device ID, and images are automatically deleted within 24 hours.
PDF generation: Raw user data is temporarily uploaded to a cloud function for report processing and is automatically deleted after processing, similar to photo uploads.

3.2 Encryption

In transit: When data or images are sent for processing, they are encrypted using TLS/SSL (HTTPS).
At rest: Your local SQLite database is protected by your device's built-in security features. Images temporarily stored for processing are encrypted using AES-256 encryption.

3.3 Data Retention

Health data: Stored locally on your device indefinitely until you delete it or uninstall the App. We do not retain copies of your health data on our servers.
Images for AI extraction: Automatically deleted within 24 hours or upon successful processing, whichever comes first.
Data for PDF generation: Automatically deleted within 24 hours or upon successful processing, whichever comes first.
Crash logs and error reports: Retained for up to 90 days for debugging purposes.
Feedback submissions and related logs: Your message and email, along with limited technical metadata (IP address, user-agent, and request details), are retained as needed to respond to your inquiry and to prevent abuse of the service. Basic rate-limit records may be kept for a limited period for security and operational monitoring.

4. How We Share Your Information

✓ No Data Selling

We do not sell, rent, or trade your personal or health data. We do not share your blood pressure readings, medications, or notes with advertisers or third-party marketers. If you create an account, your email address is used solely for authentication and service-related communication.

4.1 When We Share Data

We only share your information in the following limited circumstances:

With Service Providers

We work with trusted third-party vendors to provide specific services:

Firebase Cloud Functions and Auth: AI-powered image processing, user authentication, and optional data backup. Images are processed anonymously and deleted within 24 hours. Accounts use industry-standard security.
RevenueCat: Subscription and payment processing
Apple and Google: In-app purchases through respective app stores
PostHog and Langfuse: Anonymous usage analytics using app-generated device ID (only if you opt in)

Important: None of these vendors receive or have access to your blood pressure readings, medications, notes, or family member data. These vendors are contractually obligated to use your information only for the services they provide to us and to protect your data.

When You Choose to Share

When you export a PDF or CSV report and share it with your doctor or others, you control what information is included and who receives it.

For Legal Reasons

We may disclose your information if required by law or in response to:

Valid legal processes (e.g., subpoenas, court orders)
Government or regulatory requests
Situations involving potential harm to individuals or public safety (e.g., credible threats)

5. Your Privacy Rights

You have full control over your data. You can exercise the following rights at any time:

5.1 Access Your Data

You can view all your stored blood pressure readings, medications, and notes directly in the App.

5.2 Export Your Data

Use the "Export my data" feature in Settings → Data & Privacy to download your complete health history as a CSV file.

5.3 Correct or Update Data

You can edit or delete individual readings, medications, and family member profiles at any time within the App.

5.4 Delete Your Data and Account

To permanently delete your health data:

Delete individual entries: Use the App's interface to delete specific readings, medications, or family profiles.
Delete your account: If you created an account, you can request account deletion within the App or by contacting us. This will remove your email and all backed-up data from our servers.
Uninstall the App: This will permanently delete all locally stored data from your device.

Important: If you are using the App as a guest, uninstalling the App permanently removes all your data from your device. If you have an account, ensure you delete your account before uninstalling if you wish to remove data from our servers.

5.5 Opt Out of Analytics

Go to Settings → Data & Privacy and toggle off "Share anonymized analytics" to stop sending usage data.

5.6 Withdraw Consent

You can withdraw your consent to data processing at any time by uninstalling the App. This will permanently delete all your locally stored health data. You can also opt out of optional features like analytics at any time in the App settings.

6. Children's Privacy

BP Logger is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hi@bplogger.app so we can delete it.

7. International Data Transfers

BP Logger is operated from the United States. If you are located outside the United States, your data may be transferred to, stored, and processed in the United States.

By using the App, you consent to the transfer of your information to the United States and other countries where our service providers operate.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will:

Update the "Effective Date" at the top of this document
Notify you through the App or via email

We encourage you to review this Privacy Policy periodically. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

9. Security Measures

We implement industry-standard security measures to protect your data:

TLS/SSL encryption for all data transmissions
AES-256 encryption for data at rest
Regular security audits and vulnerability assessments
Access controls and authentication mechanisms
Secure cloud infrastructure (Firebase, Google Cloud Platform)

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: hi@bplogger.app

We will respond to your inquiry within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected about you
Right to know whether your personal information is sold or disclosed
Right to opt out of the sale of personal information (we do not sell data)
Right to request deletion of your personal information
Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at hi@bplogger.app or use the in-app data management features.