CalmBP Consumer Health Data Privacy Policy
This Consumer Health Data Privacy Policy is published by Double Door Media LLC ("CalmBP," "we," "us") in compliance with the Washington My Health My Data Act (RCW Ch. 19.373), the Nevada Consumer Health Data law (SB 370), the Connecticut Data Privacy Act's consumer-health-data amendments, and similar US state laws.
It applies in addition to our Privacy Policy. Where this Consumer Health Data Privacy Policy and our main Privacy Policy address the same subject, this policy controls with respect to consumer health data and your rights regarding that data.
CalmBP is intended for users 18 and older. We do not knowingly collect consumer health data from anyone under 18.
For the purposes of this policy, "consumer health data" means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status, including data that reveals or describes (a) bodily functions or vital signs (such as blood pressure or heart rate); (b) the use or purchase of medications or medical equipment; (c) sleep, exercise, or other activity related to health; or (d) any data processed to identify a consumer's health status or to derive health-related inferences from non-health information.
1. Categories of Consumer Health Data We Collect
We collect the following categories of consumer health data when you use the CalmBP App:
- Vital signs. Blood pressure (systolic and diastolic) and pulse, including the time at which each reading was taken and any notes or context tags you choose to add. Resting heart rate samples read from Apple HealthKit with your permission.
- Substance use (nicotine). If you choose, your nicotine status, form of use, usage counts, and the timestamp of your most recent use. We use this data to compute correlations with your blood pressure and to time-contextualize readings relative to recent nicotine use. You may decline to provide this, change your status, or delete prior nicotine logs at any time.
- Medications and adherence. The medications and dosing schedule you enter, and whether you have logged each scheduled dose as taken or skipped.
- Physical activity. Walks and other physical activity you log or that we read from Apple HealthKit (with your permission), including duration, type, and your stated mood after the activity. Daily step counts (with your permission) and an aggregate hourly activity-pattern derived from your step data on the Plus tier.
- Sleep. Duration, quality, and source of each sleep record (manual entry or Apple HealthKit).
- Body composition. Weight you log or that we read from Apple HealthKit (with your permission).
- Diet and intake. Daily sodium-level rating, alcoholic drinks consumed, and caffeine servings consumed, if you choose to log them.
- Mood and context. Mood tags you assign to days or to specific readings (for example, "stressed," "anxious," "tired").
- Derived insights. Correlations and patterns we compute from your data and store for your reference (for example, "your average reading on walking days is X mmHg lower than on non-walking days").
- Consumer health data about people you track. If you use the App to track another adult ("tracked profiles", for example a spouse or parent whose blood pressure you are helping manage), the categories above also apply to data you log about that person. Any tracked person must also be 18 or older. You may also provide a display name and relationship label so the App can display the right history under the right person. You represent that you have that person's permission, or appropriate legal authority, to record and store their consumer health data in the App.
We do not collect: location data; reproductive or sexual health data; mental health diagnostic information (we do not diagnose anything; the only mental-health-adjacent data we collect is the self-reported mood tags you choose to record); genetic identifiers; biometric data outside the vital signs listed above (we do not collect fingerprints, facial scans, voiceprints, or any biometric identifier used for unique identification); communications or social-graph data; inferences about your health derived from non-health data sources.
2. Sources of Consumer Health Data
We collect consumer health data from the following sources, all of which require your explicit consent:
| Source | What we receive |
|---|---|
| You, directly via the App | Manually entered BP readings, medications, walks, sleep, weight, intake, mood, notes, context tags, and nicotine use (status, daily count, and timestamp of most recent use) |
| Voice entry (on-device only) | A blood pressure reading parsed from text that your device transcribed locally on-device. The audio recording never leaves your device. It is not sent to our servers or to any other third party. |
| Cuff-display scans through our AI provider (transient) | A BP reading extracted from a photo of your monitor's display. The image is sent as captured to read the numbers, processed in memory, and not retained after the reading. |
| Apple HealthKit / Health Connect (with your per-category permission) | BP, sleep, weight, walks, step counts, and resting heart rate you have authorized us to read |
| Bluetooth blood pressure monitors connected to your device | Only via HealthKit; we never communicate directly with monitor hardware |
We do not collect consumer health data from any data broker, advertising network, or third-party source other than the ones you explicitly authorize.
3. How We Use Consumer Health Data
We use consumer health data only for the following purposes, all of which are strictly necessary to provide you the services you have requested:
- Display your readings, trends, and history in the App.
- Generate reminders, walk nudges, and other notifications that you have opted in to.
- Compute correlations within your own data (for example, comparing your readings on walking days versus non-walking days).
- If you record nicotine use, compute correlations between your nicotine days, the time since your most recent use, and your blood pressure, and time-contextualize readings taken shortly after nicotine use so you can wait for a more typical measurement.
- Generate the plain-language description of each insight using our AI provider, sending a de-identified window of your recent health metrics from which we remove direct identifiers such as your name and email. When you type your own question in chat, the words you type are also sent to our AI provider to answer your question from that de-identified window; that typed text is not stored.
- Permit you to export your data to share with your doctor.
- Sync your data across every device you sign into the App on.
We do not use consumer health data: to show you advertising or build any advertising profile; to make automated decisions that produce legal or similarly significant effects about you; to train any third-party general-purpose AI model; for any purpose unrelated to the wellness features you have specifically asked us to provide.
Specifically, we do not use your consumer health data, the photos you submit through cuff-display scan, or any output derived from them to train any AI system. Under our agreement with our AI provider, data we send on the paid tier is not used to train its models, and we have not consented to any other use of your data for AI development. (Voice transcription happens on your device and is not sent to the AI provider.)
4. Categories of Consumer Health Data We Share, and With Whom
We share consumer health data only with the limited set of service providers below, only as needed for them to operate the service on our behalf, and only under written contractual terms that prohibit them from using the data for any other purpose:
| Service provider | Categories shared | Purpose |
|---|---|---|
| Our cloud database and authentication provider (US) | All categories listed in Section 1, for all users. | Encrypted database storage |
| Our cloud hosting provider (US) | All data your App sends to our backend, in transit | Backend service hosting |
| Our AI provider (US) | For cuff-display scan: the photo of your monitor, sent as captured to read the numbers, processed in memory and not retained after the reading. For AI insights and chat (Plus): a de-identified window of your recent health metrics, from which we remove direct identifiers such as your name and email before sending. The AI receives that you take medications and your adherence, but not the medication names. When you type your own question in chat, the words you type are also sent to our AI provider to answer your question from that de-identified window; that typed text is not stored. Processed on the paid tier (under our agreement with the provider, data we send is not used to train its models). | Image-to-data, insight-text generation, and AI Insights Suite. Voice transcription happens on your device and audio is not sent to this provider. |
| Our push-notification delivery provider | Most push payloads contain only non-clinical reminder text (such as "Time for an evening walk?"). A Care Circle alert (Plus Care) sent to a caregiver's own device also conveys the private label the caregiver chose for the person they support and that a reading crossed the caregiver's alert threshold, or that the person has not logged recently. The reading values stay in the app and are not sent through the provider. Push tokens are non-health identifiers. | Push delivery |
| Our error-monitoring provider | Crash and error diagnostics. We apply best-effort redaction, on the device and on our servers, to keep consumer health data out of crash reports and breadcrumbs, but this filtering is not guaranteed to catch every case. | Error monitoring |
| Our transactional email provider | Recipient email address and message content. Invitation and verification emails contain no consumer health data. A clinical report you choose to export may be delivered to your own email as an attachment through this provider. | Care Circle invitations, verification, and emailed report delivery at your direction |
| Caregivers linked to your account (Care Circle) | A caregiver linked to your account, whether you invited them or you accepted their invitation to share your readings, gets read-only access to your account's wellness data across all categories in Section 1, including the data of every other person you track under your account (tracked profiles), until either member revokes the link. Caregivers cannot edit or delete your data. A circle member also sees your first name, to identify you. | Allowing the person you chose to support you to view your wellness data |
| Recipients of a doctor share link | Whatever appears in the BP report snapshot you generate (readings, dates, medications you've logged, context-tag categories). The link is a public web address that requires no login, so anyone you forward it to can open the report until it expires (by default within about a day) or you revoke it. Do not share it with people you don't intend to give access. | Letting you show a clinician (or anyone else you choose) a recent snapshot of your blood pressure history without giving them App access |
On written request to [email protected] we'll share the current named list of subprocessors that fit each category above.
We do not share consumer health data with:
- Any advertising network or advertising technology service.
- Any data broker.
- Any social media platform.
- Any business that profiles consumers for marketing.
- Any third party for the purpose of advertising or marketing, our own or anyone else's.
5. Selling Consumer Health Data
We do not sell consumer health data. We will not begin selling consumer health data in the future without first obtaining your separate, freely given, specific, informed, opt-in consent, and only then if you provide that consent.
6. Geofencing
We do not engage in geofencing. We do not collect your location and we do not target advertising or notifications based on your proximity to any healthcare facility.
7. Your Rights Under State Consumer-Health-Data Laws
You have the following rights with respect to your consumer health data. These rights are available to you regardless of where you live in the United States, but several of them are specifically required by Washington's My Health My Data Act, Nevada's SB 370, and other state laws.
- Right to confirm whether we are collecting, sharing, or selling consumer health data about you.
- Right to access the consumer health data we have about you. We provide this through the Settings → Privacy & Data → Download all my data flow in the App or by emailing [email protected]. The export is delivered as a portable JSON file and covers the consumer health data described in Section 1. Operational records that are not consumer health data are excluded from the export but are still wiped if you delete your account.
- Right to withdraw consent. You can withdraw consent to our collection or sharing of consumer health data at any time by deleting your account from the App, or by emailing [email protected]. Withdrawal will end further processing but does not affect processing that has already occurred.
- Right to delete. You can ask us to delete the consumer health data we have collected from you. We will delete it from our active systems promptly, and within 30 days. Any residual copies in backups are overwritten on our provider's standard backup-rotation cycle.
- Right to receive a list of all third parties with whom we have shared your consumer health data, along with contact information for each. Section 4 above provides the current list; if you want a copy with timestamps of the sharing events, email [email protected].
- Right not to be discriminated against for exercising any of these rights. We will not deny you service, charge you a different price, or provide a different quality of service because you exercised a right.
To exercise any of these rights, use the in-App controls or email [email protected]. We will verify your request by sending a confirmation to the email address associated with your account, and we may ask for additional information solely to verify your identity. We will respond within forty-five (45) days as required by applicable law.
If we deny your request, we will tell you why, and we will provide you with information about how to appeal, including, if you live in Washington, your right to contact the Washington Attorney General's Office.
You can also designate an authorized agent to exercise rights on your behalf. The agent must provide written authorization signed by you and must verify their identity directly with us.
8. How Long We Keep Consumer Health Data
We keep consumer health data only as long as we need it to provide the services you have asked us to provide. Specific retention periods are set out in our main Privacy Policy, Section 7.
We keep your consumer health data while your account is active. If you delete your account, we delete your consumer health data from our active systems promptly, and within 30 days. Any residual copies in backups are overwritten on our provider's standard backup-rotation cycle.
The only records we retain after account deletion are pseudonymous consent acknowledgments (the policy versions you agreed to and the timestamps) kept for seven (7) years under GDPR Article 17(3)(e) and equivalent state-law provisions so we can answer a future dispute or regulator inquiry about what version of these policies you agreed to. No consumer health data is retained in that archive. Only the consent acknowledgment itself.
9. Security
We protect consumer health data with industry-standard measures, including encryption in transit and at rest in our cloud database; encryption at rest of the local database that holds your readings on your phone, with the encryption key held in your device's hardware-backed secure storage; session credentials held in that same hardware-backed secure storage; access controls so the App returns only your data; and best-effort redaction (on the device and on our servers) to keep consumer health data out of our error-monitoring service.
In the event of a breach involving unsecured consumer health data, we will notify you within sixty (60) days as required by the Federal Trade Commission's Health Breach Notification Rule (16 C.F.R. Part 318).
10. Authentication of Identity / Anti-Discrimination
To process a rights request, we may need to verify your identity. We use the email address associated with your account for this purpose. We do not require you to create a new account, pay a fee, or provide additional consumer health data to exercise any right.
11. Contact Us
For any question or request related to consumer health data: [email protected]
To file an appeal of a denied request: [email protected] with subject line "Appeal of consumer health data request"
For consumers in Washington, you may also contact the Washington Attorney General's Office about your rights under the My Health My Data Act: https://www.atg.wa.gov/file-complaint
12. Changes to This Policy
We will update this Consumer Health Data Privacy Policy from time to time. The "Effective Date" at the top of this policy reflects the most recent version. We will notify you in the App at least thirty (30) days before a material change takes effect.
© 2026 Double Door Media LLC. All rights reserved.