PRIVACY POLICY

At AliveCor your privacy is important to us. Our Privacy Policy describes the information we collect, how we collect information, and the reasons we collect information. This Privacy Policy also describes the choices you have with the information we collect, including how you can manage, update, or request to delete information.

Please take a moment to review this Privacy Policy. You may scroll through this Privacy Policy or use the links below to navigate to specific sections. It is important that you understand this Privacy Policy. By using our website, mobile app, software, and/or services, you are agreeing to the terms of this Privacy Policy. If you have any questions or concerns about this Privacy Policy, you may Contact Us at any time.

Table of Contents

I. Who is AliveCor?

II. Key Terms & Definitions and Our Privacy Policy

When does our Privacy Policy apply?

When does our Privacy Policy not apply?

Our Privacy Policy and Terms of Service.

III. Personal Information

What is Personal Information?

What types of Personal Information do we collect?

How do we collect your Personal Information?

How do we use your Personal Information?

How do we share your Personal Information?

Your choices about how we share your Personal Information.

How do I access and correct my Personal Information?

IV. Who may use the Services?

V. Children's Privacy

VI. Does AliveCor respond to Do Not Track signals?

VII. Data Security

VIII. California Privacy Rights - Notice to California Residents

Collection of Personal Information.

Categories of Sources from which we have collected Personal Information.

Use of Personal Information collected from California Residents.

Sharing the Personal Information of California Residents.

Disclosures of Personal Information for Business Purposes.

Access Request Rights.

Deletion Request Rights.

Exercising Access and Deletion Rights.

Non-Discrimination.

IX. California's Shine the Light Law.

X. European Economic Activity Zone Users

Consent to Processing of Personal Information.

What rights do I have?

Automated Decision Making.

XI. Changes to our Privacy Policy

XII. Contact Us

I. Who is AliveCor?

Our mission is to save lives and transform cardiology by delivering intelligent, highly-personalized heart data to clinicians and patients anytime, anywhere.

AliveCor is not a medical group or a health care provider. AliveCor provides its users with the ability to obtain a telemedicine consultation provided by independent medical practitioners including, but not limited to, Florida Cardiac Health Medical Group, P.A. d/b/a Cardiac Health Medical Group and members of its Affiliated Covered Entity (collectively “Cardiac Health Medical Group”), an independent medical group with a network of United States based health care providers (each, a “Provider”). Cardiac Health Medical Group (or your own medical provider if you do not use a Cardiac Health Medical Group Provider) is responsible for providing you with a Notice of Privacy Practices describing its collection and use of your health information, not AliveCor.

II. Key Terms & Definitions and Our Privacy Policy

It is helpful to start by explaining some of our key terms and definitions used in this Privacy Policy.

Key Term Definition
“Affiliated Covered Entities” Is a group of independent medical practices providing licensed cardiac medical services exclusively to users and/or members of Kardia, Kardia+ and KardiaComplete services.
our “App(s)” Kardia™, KardiaComplete, KardiaStation, and/or KardiaPro
our “Devices” KardiaMobile®; KardiaMobile 6L; or KardiaMobile Card
Personal Information Any information relating to an identified or identifiable individual and any information listed here.
Privacy Policy This privacy policy.
our “Services” Our Website, our App, our Software and any services provided through our Website, our App, or our Software. Services also includes membership in the KardiaCare, KardiaCare+ or KardiaComplete services.
our “Software” KardiaPro, our software
our “Terms of Service” Our terms of service located here.
our “Website(s)” Our websites, including:
AliveCor, we, us, or our AliveCor, Inc., Cardiolabs, Inc (d/b/a AliveCor Labs), AliveCor Labs, LLC, and AliveCor Services, LLC (collectively, “AliveCor”).

When does our Privacy Policy apply?

This Privacy Policy describes the types of information we may collect from you when:

When does our Privacy Policy not apply?

This Privacy Policy does not apply to information collected by any other website operated either by us or by a third party, unless the website is listed above or links to this Privacy Policy. It also does not apply to any website that we may provide a link to or that is accessible from our Services.

Our Privacy Policy and Terms of Service.

This Privacy Policy is incorporated into our Terms of Service, which also apply when you use our Services.

III. Personal Information

What is Personal Information?

Personal information is information from and about you that may be able to personally identify you. We treat any information that may identify you as personal information. For example, your name and e-mail address are personal information.

What types of Personal Information do we collect?

We may collect and use the following personal information (hereinafter, collectively referred to as “Personal Information”):

Categories of Personal Information Specific Types of Personal Information Collected
Personal Identifiers a real name, birth date, e-mail address, shipping address, or Patient ID.
Information that identifies, relates to, describes, or is capable of being associated with a particular individual name, username or online identifier, physical characteristics or description, shipping address, telephone number, credit card number, debit card number, or any other financial information, health or medical information, weight, body mass index (BMI), whether you are a smoker or non-smoker, medical conditions, family medical history, medications currently taking or prescribed, electrocardiogram (“ECG” or “EKG”) measurement data, average heart rate, location on your body where a EKG was taken (e.g. finger tips, chest, limbs, etc.), heart rate, step count, distance traveled, glucose and oxygen saturation levels, active and resting energy levels, sleep analysis, blood pressure readings, workout history, your activity levels, and accelerometer data.
Characteristics of protected classifications under California or federal law. Race, Color, Age, National origin, or Disability
Biometric information Photos, video, and voice
Internet or other electronic network activity information IP address, device mode, device ID, OS version, device language, operating system, browser type, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
Geolocation data Physical location or movements, local time, and local time zone.
User Generated Content You may use your mobile device to add notes, tags, or voice memos to EKG recording you make with our Devices. For example, you may add a note to an EKG recording to describe how you were feeling at the time of the recording, what you were doing, or your diet related to specific health conditions. We will automatically transcribe any voice memos and include them with the EKG recordings.

How do we collect your Personal Information?

We collect most of this Personal Information directly from you. For example, when you set up an account through the App or sign up for Services, we may speak to you by phone, text message, and e-mail. Additionally, we will collect information from you when you visit our Website or App and fill out forms, use our Software or our Devices, or purchase or use our Services.

We may also collect Personal Information in the following ways:

We will also collect information automatically as you navigate through our Website and App. We use the following technologies to automatically collect data:

How do we use your Personal Information?

We may use your Personal Information for the following purposes:

How do we share your Personal Information?

We may share Personal Information with third parties in certain circumstances or for certain purposes we do not sell your Personal Information , including:

Your choices about how we share your Personal Information.

This section of our Privacy Policy provides details and explains how to exercise your choices. We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Information for our advertising to you, and other targeted advertising. We do not control the collection and use of your information collected by third parties. These third parties may aggregate the information they collect with information from their other customers for their own purposes. You can opt out of third parties collecting your Personal Information for targeted advertising purposes in the United States by visiting the National Advertising Initiative's (NAI) opt-out page and the Digital Advertising Alliance's (DAA) opt-out page.

Each type of web browser provides ways to restrict and delete cookies. Browser manufacturers provide resources to help you with managing cookies. Please see below for more information.

For other browsers, please consult the documentation that your browser manufacturer provides.

If you do not wish to have your e-mail address used by AliveCor to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any e-mail or other marketing communications you receive from us or logging onto your Account Preferences page. This opt out does not apply to information provided to AliveCor as a result of a product purchase, or your use of our Services. You may have other options with respect to marketing and communication preferences through our Services.

You may also see certain ads on other websites because we participate in advertising networks. Ad networks allow us to target our messaging to users through demographic, interest-based, and contextual means. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web server logs, and web beacons. The networks use this information to show you advertisements that may be tailored to your individual interests.

How do I access and correct my Personal Information?

You can review and change your Personal Information by logging into our Services and visiting either the “About You” or “Health Details” sections of our Services. You may also notify us through the Contact Information below of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

IV. Who may use the Services?

This Privacy Policy applies to all personal uses of our Services globally and you should not use the Services if you do not agree to the Privacy Policy. This Privacy Policy applies to EEA (European Economic Area) Data Subjects unless the Data Subject is using the Services under direction from a physician where the physician and the Data Subject/patient have an agreement between them covering the use of the Services. In such a case the physician or his/her institution's privacy policy will apply, not this Privacy Policy. If you are located in the United States or a country outside the EEA or Brazil, your information is stored in the United States, and by using or downloading the Service you agree that your Personal Information, including any information about your health that you provide directly to us or that we collect through your use of the Service, may be transferred to and stored in the United States. If you are an EEA or Brazilian user, we store your information in the European Union where all such information is processed in compliance with GDPR.

V. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect or sell Personal Information from children under the age of 18. If you are under the age of 18, do not use or provide any information on or in these Services or through any of its features. If we learn we have collected or received Personal Information from a child under the age of 18 without verification of parental consent, we will delete it. If you are the parent or guardian of a child under 18 years of age whom you believe might have provided use with their Personal Information, you may Contact Us to request the Personal Information be deleted.

VI. Does AliveCor respond to Do Not Track signals?

Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our Website and App are not currently set up to respond to those signals.

VII. Data Security

We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet. Where you have been given or you have chosen a password, it is your responsibility to keep this password confidential.

The sharing and disclosing of information via the Internet is not completely secure. We strive to use best practices and industry standard security measures and tools (e.g., SOC2 and ISO 27001 certifications) to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Website, our App, our Software, our Device, in your operating system, or mobile device.

VIII. California Privacy Rights - Notice to California Residents

If you are a California resident, certain Personal Information that we collect about you is subject to the California Consumer Privacy Act (CCPA).

Please note that the CCPA does not apply to, among other things:

Collection of Personal Information.

Currently and in the last 12 months, we have collected and/or disclosed Personal Information about you when you use our Services, including information about you that you provide to us, and information we automatically collect from you or your computer or devices as you use our Services. Please refer to the section titled Personal Information for additional information and details.

Categories of Sources from which we have collected Personal Information.

We collect Personal Information directly from you, for example when you provide it to us, when you contact us through our Services, when you create an AliveCor account; and indirectly from you automatically through your computer or device as you use our Services. We may also collect Personal Information about you from our advertising partners and service providers.

Use of Personal Information collected from California Residents.

We do not sell your Personal Information and have not done so in the prior 12 months from the effective date of this Policy. We may use or disclose the personal information we collect for our business purposes described elsewhere in this Privacy Policy (for example, please refer to “How do we use your Personal Information?” and “How do we share your Personal Information?"). We do use cookies on our website that collect and share information collected from your browser for behavioral targeting which is a “sale” under the CCPA. We will not do this if you click the “Do Not Sell My Personal Information” link on the website. In addition you can opt out of all collection of your data for behavioral advertising by visiting networkadvertising.org/choices or aboutads.info/choices.

Sharing the Personal Information of California Residents.

AliveCor may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, such as to service providers, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.

Disclosures of Personal Information for Business Purposes.

We may disclose your Personal Information for our business purposes, such as your contact information, other information you have provided to us, and unique identifiers that identify you to us or to our service providers, such as companies that assist us with marketing and advertising. Please refer to “What types of Personal Information do we collect?” and “How do we collect your Personal Information?” for additional information and details.

We disclose your Personal Information to certain third parties such as our health care provider partners, service providers, including companies that assist us with marketing and advertising. For additional information please refer to “How do we use your Personal Information?” and “How do we share your Personal Information?".

Access Request Rights.

California residents have the right to request that AliveCor disclose certain information to you about our collection and use of your Personal Information over the past 12 months for the above business and commercial purposes. To submit an access request, see Contact Us. Once we receive and confirm your verifiable consumer request, we will disclose to you:

Deletion Request Rights.

California residents have the right to request that AliveCor delete your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless certain exceptions apply. Once the data is deleted you will no longer have access to the data through or by our Services.

Exercising Access and Deletion Rights.

To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either calling us at 1-(855) 338-8800 or sending us an e-mail at privacy@AliveCor.com.

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:

Non-Discrimination.

We will not discriminate against you for exercising any of your CCPA rights. We will not:

IX. California's Shine the Light Law.

California Civil Code Section 1798.83 (California's “Shine the Light” law) permits users of our Services that are California residents and who provide Personal Information in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Information to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared your Personal Information with for the immediately prior calendar year (e.g. requests made in 2021 will receive information regarding such activities in 2020). You may request this information once per calendar year. To make such a request, please Contact Us using the information below.

X. European Economic Activity Zone Users

AliveCor is the Data Controller of the Personal Information you provide on the Services. However, in some cases, this Privacy Policy may not apply to all European Economic Activity (“EEA”) users. This Privacy Policy does not apply to EEA users using the Services under the direction of a physician, where the physician and the patient have an agreement between them covering the use of the Services. In such a case, the physician or his/her institution controls the data collected by the Device and App, and the physician's or his/her institution's privacy policy will apply, not this Privacy Policy. If you are an EEA user, your Personal Information is stored within the EEA.

AliveCor has appointed a Data Protection Officer (Brian Clarke) in compliance with the General Data Protection Regulations. AliveCor and its subsidiary, AliveCor, LTD, and its Data Protection Officer may be contacted in any manner set forth below in Contact Us.

Consent to Processing of Personal Information.

We rely on your consent as a lawful basis to process your Personal Information for the following purposes:

We also process Personal Information based on our contractual obligations to provide you the Services as described in How do we share your Personal Information?, including:

AliveCor may also process Personal Information pursuant to a legal obligation or to protect your vital interests or those of another person.

We will process your Personal Information as necessary for our legitimate interests. Our legitimate interests are balanced against your rights and freedoms and we do not process your Personal Information if your rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between AliveCor and you; detect and correct bugs and to improve our Services; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime; develop our product and services.

What rights do I have?

Individuals located in the EEA have certain rights with respect to their Personal Information. These rights include:

Automated Decision Making.

Our processing of Personal Information may include automated decision making, including profiling, which may produce a legal effect concerning you or similarly significantly affect you. The algorithms used for our automated decision making process classifies and categorizes your health based on data collected by the Devices and Personal Information collected by the Services.

XI. Changes to our Privacy Policy

We may update our Privacy Policy periodically to reflect changes in our privacy practices, laws, and best practices. We will post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on our Website's homepage or our App's home screen. If we make material changes to our practices with regards to the Personal Information we collect from you, we will notify you by e-mail to the e-mail address specified in your account and/or through a notice on the Website's home page or the App's home screen. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically accessing the App or visiting our Website and reviewing this Privacy Policy to check for any changes.

XII. Contact Us

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on or in our Services.

How to Contact Us:

AliveCor, Inc.
Attn: Privacy
189 Bernardo St
Mountain View, CA 94043
Telephone: 1-(855) 338-8800
E-mail: privacy@AliveCor.com

For EEA Users:
AliveCor, LTD
Herschel House
58 Herschel Street
Slough SL1 1PG
E-mail: Privacy@AliveCor.com

For Indian Users
AliveCor India Private Limited
05-155, WeWork Management Private Ltd, DLF FORUM,
DLF Cyber City, Phase-III, Gurugram Gurgaon HR
122002 IN
E-mail: Privacy@AliveCor.com

For Korean Users
AliveCor Korea Inc.,
(Cheongdam-don) 37, Dosan-daero 81-gil,
Gangnam-gu, Seoul KR
E-mail: Privacy@AliveCor.com