top of page

Privacy Policy

​Last updated: 01 January 2026

Cardyo (“Cardyo”, “we”, “us” or “our”) is a health and wellbeing application designed to help people with heart conditions monitor and manage their heart health, and to enable the secure sharing of health information with trusted friends, family members, and healthcare professionals.

This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Cardyo mobile application and related services (together, the “Service”). It is intended to meet the requirements of:

  • UK GDPR and EU GDPR

  • Apple App Store Review Guidelines and Apple Health / HealthKit requirements

  • Google Play Developer Policies and Google Health Connect requirements

If you do not agree with this Privacy Policy, please do not use Cardyo.

​

1. Who We Are

Cardyo is currently launched in the United Kingdom, with plans to expand to other regions in the future.

2. Who Can Use Cardyo

Cardyo is intended for adults aged 18 and over. It is not designed for use by children, and we do not knowingly collect personal data from anyone under 18.

​

3. Information We Collect

Because Cardyo is a health app, some of the information we process is considered special category personal data under data protection laws.

​

3.1 Account and Identity Information

When you create an account, we collect:

  • Email address

  • Authentication credentials (such as a password or third-party sign-in token)

  • Account identifiers necessary to operate the Service

You may sign in using:

  • Email and password

  • Google Sign-In

  • Apple Sign-In (when available)

We do not receive your password when you use Google or Apple sign-in.

​

3.2 Health Data You Enter Manually

You may choose to manually log health information, including:

  • Symptoms

  • Blood pressure

  • Blood oxygen (SpOâ‚‚)

  • Blood glucose

  • Weight

  • Cholesterol

  • Nutrition information (including meal descriptions or photos)

Future features may also allow:

  • Fluid intake tracking

  • Medication tracking

  • ​

3.3 Health Data Collected from Devices and Platforms

With your explicit permission, Cardyo may read health and activity data from:

  • Apple Health / HealthKit

  • Google Health Connect

This may include:

  • Heart rate and resting heart rate

  • Exercise and workout activity

  • Sleep data

  • Steps and distance

In future versions, this may also include:

  • Weight and BMI

  • Heart rate variability

  • Blood pressure

  • Blood oxygen

  • ECG data (for example, from Apple Health or third-party providers such as AliveCor)

Cardyo only accesses health data types that you explicitly authorise. You can change or revoke these permissions at any time through your device settings.

​

3.4 Calculated and Derived Health Metrics

Cardyo may generate additional insights based on your data, such as:

  • Calculated resting heart rate

  • “Good steps” and activity quality metrics

  • Sedentary time and sedentary heart rate

  • Sleeping, exercising, and resting heart rate statistics

These calculated values are treated with the same level of protection as your raw health data.

​

3.5 Usage and Technical Data

We collect limited technical data to operate and improve Cardyo, including:

  • App usage events and feature interactions (via Firebase Analytics)

  • Crash and error reports (via Firebase Crashlytics)

  • Device and app version information

This information is used to understand how the app performs and how features are used. Where possible, analytics data is aggregated or pseudonymised.

​

4. How We Use Your Information

We use your information to:

  • Provide heart health monitoring and visualisations

  • Enable you to track trends and manage health risks

  • Allow you to share selected data with friends, family, or clinicians

  • Support remote monitoring by healthcare professionals (where enabled)

  • Improve the performance, reliability, and usability of Cardyo

  • Comply with legal and regulatory obligations

Cardyo does not use health data for advertising purposes.

​

5. Medical Disclaimer

Cardyo is intended to support personal health tracking and wellbeing.

 
Cardyo does not provide medical advice, diagnosis, or treatment. The information provided by the app should not be used as a substitute for professional medical advice from a qualified healthcare provider.

​

6. Sharing Your Information

Cardyo only shares your information in the ways described below.

​​

6.1 Sharing with Friends and Family

You may choose to share your health data with specific friends or family members by adding their email address in the app.

  • The recipient must create a Cardyo account to access your data.

  • You control exactly who can see your data and what they can access.

  • You can revoke access at any time, which immediately removes their ability to view your data.

  • ​​

6.2 Sharing with Clinicians

You may share your health data with healthcare professionals for clinical review or monitoring.

a) One-off or ad-hoc sharing

  • You provide the clinician with your email address and a unique clinician access code.

  • The clinician uses these details to access your data through a separate, secure web application.

  • You may regenerate the access code at any time, immediately revoking access.

b) Ongoing clinical monitoring (future feature)

  • A clinician or care team may invite you to share data for ongoing monitoring.

  • You must explicitly accept any such request.

  • Clinicians may be authenticated using professional identity systems (for example, NHS Care Identity Service).

In all cases, clinicians only have access to the data you have agreed to share.

​

6.3 Research and Clinical Trials (Future)

In the future, Cardyo may offer you the option to contribute anonymised health data for medical research or clinical trials.

  • Participation will be optional and opt-in.

  • Data will be anonymised so that you cannot reasonably be identified.

  • You will be informed if such data is used for research or monetised purposes.

  • You will be able to withdraw consent at any time.

Cardyo does not sell identifiable health data.

​

7. Advertising

Cardyo may display advertisements to non-paying users using Google AdMob.

  • We do not share your health data with advertisers.

  • AdMob is configured to comply with applicable data protection laws, including GDPR.

  • Where required, you will be presented with a consent banner allowing you to manage advertising preferences.

 

8. Data Storage and Security

Your data is stored using Google Firebase (Google Cloud Platform) services, including Firestore databases.

  • Data is stored in the European Union region.

  • Data is encrypted in transit and at rest using industry-standard security measures.

  • Access to data is restricted and logged.

Despite these measures, no system is 100% secure, but we take appropriate steps to protect your information.

 

9. Your Rights

Depending on your location, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Delete your account and all associated data

  • Withdraw consent for data sharing

  • Restrict or object to certain processing activities

  • Lodge a complaint with a data protection authority

 
You can delete your Cardyo account at any time from within the app.
When you delete your account, your authentication credentials and associated personal and health data stored by Cardyo will be permanently deleted, unless we are legally required to retain certain information.

 

10. Legal Basis for Processing (UK/EU)

We process your data based on:

  • Your explicit consent (for health data and sharing)

  • Performance of a contract (providing the Service)

  • Legitimate interests (app security, improvement, and analytics)

  • Legal obligations, where applicable

 

11. International Transfers

If we expand Cardyo internationally, your data may be processed outside the UK or EU. Where this occurs, we will ensure appropriate safeguards are in place, such as standard contractual clauses.

​

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email.

​

13. Contact Us

If you have questions about this Privacy Policy or how your data is handled, please contact:

Email: privacy@cardyo.io

​​

Apple Health & Google Health Connect Disclosure-

Cardyo integrates with Health Connect and Apple Health to read health and fitness data that you choose to share.

Cardyo only accesses the specific data types that you explicitly authorise.
Health data obtained through Health Connect or Apple Health is used solely to provide health monitoring features within the app and is never used for advertising or marketing purposes.
 
Cardyo does not sell health data to third parties.
bottom of page