Privacy Policy — Pulsehaven
Last updated: July 11, 2026 App: Pulsehaven ("the App") Operator: Qiulin Zhou ("we", "us") Contact: support@pulsehavenapp.com
This Policy explains what data Pulsehaven processes, why, and your rights. It is written to meet the EU/EEA General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended (CCPA/CPRA), the People's Republic of China Personal Information Protection Law (PIPL) where it applies, the Apple App Store Review Guidelines (notably 5.1.1–5.1.3), and the Google Play User Data and Health policies.
1. Summary (plain language)
- Pulsehaven measures heart rate and heart-rate variability (HRV) using your phone camera. Your measurements stay on your device. We do not upload, sell, rent, or share your health or wellness data, and we never use it for advertising.
- We collect the minimum needed to run the App and process payments. We do not operate any third-party advertising SDK.
- Pulsehaven is a wellness product, not a medical device (see the Health Disclaimer).
2. Data we process
2.1 Health and wellness data — stored locally only
Heart rate, HRV (RMSSD, SDNN, frequency-domain measures), personal-baseline signal and load comparisons, breathing before-and-after results, optional context tags you add (e.g. "slept poorly"), and timestamps. These outputs are wellness references, not diagnoses. This data is stored only in the App's private storage on your device. It is not transmitted to us or any third party. Because it is not transmitted, we cannot access, recover, or restore it; uninstalling the App deletes it.
Under GDPR Article 9, health-related data is a special category of personal data. Our lawful basis for processing it is your explicit consent (Article 9(2)(a)), obtained before your first measurement. Where PIPL applies, this constitutes the separate consent required for sensitive personal information under PIPL Article 29. You may withdraw consent at any time by stopping use and deleting the data in-app or uninstalling.
2.2 Camera and flashlight
The camera and flashlight are used solely to read the blood-volume signal at your fingertip during an active measurement. No image, video, or frame is stored or transmitted; frames are processed in memory and discarded. The App does not request location, microphone, contacts, or any other sensitive permission.
2.3 Purchase data
If you buy Pulsehaven Plus, the transaction is processed by Google Play Billing (or the Apple App Store on iOS). We receive a purchase token and entitlement status to unlock features; we do not receive your full payment card details. Refer to Google's or Apple's privacy policies for their processing.
2.4 Diagnostic data
If you contact support or opt in to crash reporting, we may process basic device model, OS version, and crash logs to fix defects. This does not include your health data.
3. What we do NOT do
- We do not sell or "share" personal information as defined under the CCPA/CPRA. We have no financial incentive tied to your data.
- We do not use health or wellness data for advertising, ad profiling, or marketing (consistent with Apple Guideline 5.1.3 and Google Play health-data policy).
- We do not run any third-party advertising network in the App.
4. Your rights
Depending on your jurisdiction you may have the right to access, correct, delete, export, or restrict processing of your data, and to withdraw consent. Because health data is stored only on your device, you exercise most of these rights directly: view and delete data in-app, or uninstall to erase all of it. For any data we hold (e.g. support correspondence), contact support@pulsehavenapp.com; we respond within the period required by applicable law (for example, 30 days under GDPR, 45 days under CCPA). You may also lodge a complaint with your supervisory authority.
5. Health-information status (United States)
We are not a "covered entity" or "business associate" under the U.S. Health Insurance Portability and Accountability Act (HIPAA), and HIPAA does not apply to the App. We nonetheless protect health and wellness data in accordance with this Policy and applicable privacy law.
6. Children
Pulsehaven is not directed to children under 16 (or the age of digital consent in your country) and we do not knowingly process their data. If you believe a child has used the App, contact support@pulsehavenapp.com and we will address it.
7. International transfers
Health and wellness data does not leave your device, so it is not transferred internationally. Limited billing/support data may be processed by our service providers (e.g. Google, Apple) under their own safeguards, such as the European Commission's Standard Contractual Clauses (SCCs).
8. Retention
On-device data persists until you delete it or uninstall. Support and billing records are retained only as long as necessary for the stated purpose and applicable legal obligations.
9. Changes
We will update the "Last updated" date and, for material changes, provide notice in-app and, where required, seek renewed consent.
10. Contact
Qiulin Zhou, People's Republic of China, support@pulsehavenapp.com.