CalmPulse
Privacy Policy

Privacy Policy – CalmPulse

CalmPulse is intended for users aged 9 and above. If you are under the age of 9, you may not use the App. Parents or legal guardians should supervise minors using the App to ensure it is appropriate for their individual needs.

Section 1 – Introduction & Scope

Welcome to CalmPulse ("we", "us", "our"). Your privacy matters to us, and this Privacy Policy explains how we collect, use, store, and protect your information when you use the CalmPulse mobile application (the "App"). By using the App, you agree to the terms described in this Privacy Policy. If you do not agree, please discontinue use of the App immediately.

Purpose of this Policy

This Privacy Policy is designed to be transparent and easy to understand while fully complying with applicable privacy laws such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US. Our goal is to ensure you understand exactly what data we collect, why we collect it, and how you control it.

Scope

Commitment to Transparency

Important Notes

Section 2 – Information We Collect

When you use CalmPulse, we collect certain types of information to provide, improve, and personalize your experience. This includes information you provide directly, information collected automatically, and information generated through your interactions with the App.

2.2 Information Collected Automatically

2.4 What We Do Not Collect

Section 3 – How We Use Your Information

3.1 To Operate and Provide the Service

3.2 To Improve and Develop the App

3.3 To Support Marketing and Growth

Important:

3.4 For Legal and Safety Purposes

Section 4 – Sharing of Information

We respect your privacy. CalmPulse shares your information only in the limited circumstances described below, and never sells your personal data to third parties.

4.1 Service Providers

We work with trusted third-party service providers to help us operate, maintain, and improve the App. See Section 11 for a list of key providers and links to their privacy policies.

All service providers are contractually required to:

4.2 Legal Compliance and Safety

We may disclose your information if required by law or in response to valid legal processes, such as subpoenas, court orders, or government requests. We may also share information to:

4.3 Business Transfers

If CalmPulse undergoes a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. In such cases, we will notify you before your data becomes subject to a different privacy policy.

4.4 Aggregated and Anonymized Data

We may share aggregated, non-identifiable data (such as statistics on general user trends) with partners, advertisers, or the public for research, marketing, or business purposes. This data does not identify individual users.

Section 5 – Data Storage & Security

We take the security of your information seriously and apply strict measures to protect it.

5.1 Storage Locations

5.2 Security Measures

We implement a combination of technical, administrative, and physical safeguards to protect your personal data from unauthorized access, use, or disclosure. While no system can be completely secure, we continuously update our security practices to meet industry standards.

5.2.1 Data Encryption

5.2.2 Access Control

5.2.3 API Key Protection

5.2.4 Firebase Security Rules

5.2.5 Regular Security Audits

5.3 Data Breach Protocol

In the event of a data breach affecting your personal information, we will:

Section 6 – User Rights (GDPR / CCPA Compliance)

We comply with global privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). These rights apply to all users where required by law.

6.1 Right to Access

You have the right to request details of the personal data we hold about you.

6.2 Right to Rectification

You can update or correct inaccurate or incomplete information directly within the app settings.

6.3 Right to Deletion

You may request deletion of your account and all associated data at any time through the DELETE ALL MY INFO option in the app. Once deleted, your data is permanently removed and cannot be restored.

6.4 Right to Restrict Processing

You can request that we limit the processing of your data under specific circumstances (for example, if you contest the accuracy of the data).

6.5 Right to Object to Processing

You may object to your personal data being used for marketing or analytics purposes. We will honor such requests unless we have overriding legitimate grounds.

6.6 Right to Data Portability

Where legally required, you can request a copy of your personal data in a machine-readable format. Note: At this time, our app does not offer automated data export functionality, but you can contact us for manual assistance.

6.7 Right to Withdraw Consent

If you have given consent for any optional data collection or processing, you may withdraw it at any time through the app settings.

6.8 Verification of Requests

To protect your privacy, we may require verification of your identity before fulfilling certain requests.

Section 7 – Data Retention Policy

We retain personal data only for as long as it is necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Account Data

7.2 Content Data

7.3 Analytics and Usage Data

7.4 Legal Compliance

In certain cases, we may retain information for a longer period if required to comply with legal obligations, resolve disputes, or enforce agreements.

7.5 Backup Storage

Section 8 – Security Measures

We implement a combination of technical, administrative, and physical safeguards to protect your personal data from unauthorized access, use, or disclosure. While no system can be completely secure, we continuously update our security practices to meet industry standards.

8.1 Data Encryption

8.2 Access Control

8.3 API Key Protection

8.4 Firebase Security Rules

8.5 Regular Security Audits

8.6 Incident Response

In the event of a suspected data breach, we follow our Data Breach Protocol (as described in the Terms of Service) to notify affected users promptly and cooperate with relevant authorities when required.

Section 9 – International Data Transfers

9.1 Data Hosting Locations

CalmPulse primarily stores and processes user data in Google Firebase servers located in the United States and the European Union.

9.2 Legal Safeguards for Cross-Border Transfers

If your data is transferred to a country outside your region (for example, from the EU to the US), we ensure appropriate safeguards are in place, including:

9.3 User Consent for Transfers

By using CalmPulse, you consent to the transfer, storage, and processing of your information in countries outside your own, provided such transfers comply with applicable laws.

Section 10 – Children's Privacy

10.1 Age Restriction

CalmPulse is not intended for children under the age of 9. We do not knowingly collect, store, or process personal data from individuals under this age. The App may contain emotional wellness content that is more suitable for older children, teenagers, and adults. Parents or legal guardians are encouraged to review and supervise usage by minors.

10.2 Parental Responsibility

If you are a parent or legal guardian and believe your child has provided us with personal data, please contact us immediately at calmpulseapp@gmail.com. We will take steps to delete such information from our systems.

10.3 Compliance with Laws

Our policies comply with global child privacy regulations, including:

Section 11 – Third-Party Services & Integrations

11.1 Overview

CalmPulse relies on trusted third-party services to operate core features, deliver content, and enhance user experience. These providers may process limited personal data strictly for the purposes described in this Privacy Policy.

11.2 Key Third-Party Providers

11.3 Data Sharing Principles

11.4 No Sale of Data

We do not sell, trade, or rent your personal information to third parties. Any third-party access is solely for service functionality and compliance purposes.

11.5 User Acknowledgment

Section 12 – Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies to enable essential functionality, enhance security, and measure performance. We do not use cookies for behavioral advertising. Declining certain cookies or storage may impair the proper functioning of the App.

12.1 Types of Cookies/Storage

12.2 Consent (EEA/UK)

Where required by law, we obtain consent for non‑essential cookies (e.g., analytics). You can withdraw consent at any time via your device settings and in‑app controls (when available).

12.3 Managing Cookies

12.4 Third‑Party Policies

Section 13 – Analytics & Performance Monitoring

We use Firebase Analytics and similar tools to collect aggregated, non-personal usage data (e.g., session duration, interactions, device/OS). This helps identify issues, improve UX, and understand usage patterns. Analytics data is anonymized and cannot identify individual users.

Section 14 – User Notifications

We use in-app notifications, push notifications, and/or email to inform users about important account-related actions, privacy updates, and service announcements. You may manage notification preferences in your device or app settings. Some critical notifications, such as changes to terms or security alerts, cannot be disabled.

Section 15 – Contact Information

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, you can contact us at: calmpulseapp@gmail.com. We aim to respond to all inquiries within 7 business days.

Section 17 – Advertising & Cookies

We display advertisements through AdMob in a non-personalized manner, meaning ads are shown without tracking your browsing history or personal behavior across other apps or websites. Device identifiers may be used to prevent fraud/abuse and for essential ad delivery.

Section 18 – Data for Analytics & Improvements

We may use aggregated, anonymized data to analyze usage patterns, improve the App, and develop new features. This data cannot be used to personally identify you. Examples include tracking feature popularity, measuring engagement, and identifying bugs or crashes.

Section 19 – Business Transfers

If CalmPulse undergoes a merger, acquisition, corporate reorganization, or sale of assets, we may transfer your personal data to the relevant entity in accordance with applicable data protection laws. Where required, we will provide prior notice and ensure the recipient assumes our obligations with respect to your personal data. Your statutory rights regarding your personal data will continue to apply.

Section 20 – Data Minimization & Purpose Limitation

Section 21 – Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or business practices. We will notify users of significant updates via in-app notifications or email. Continued use of the app after updates constitutes acceptance of the revised policy.

Section 22 – Payment Security

All financial transactions for premium subscriptions are processed securely through Apple Pay or Google Pay.

We do not store your full payment details on our servers.

Payment processing is handled by trusted third-party providers who comply with PCI-DSS (Payment Card Industry Data Security Standard).

Only minimal transaction data necessary for record-keeping and subscription validation is stored.

Section 23 – AI Feature Usage & Data Handling

We do not use your AI conversation data to train our own models. According to OpenAI, data sent via the API is not used to train OpenAI models by default. For details, see OpenAI API Data Usage and OpenAI Privacy Policy. We do not share your AI conversation data with any third parties other than OpenAI for processing purposes.

Section 24 – Device Features Access (Vibration)