CalmBP Privacy Policy

Effective Date: May 19, 2026 · Last Updated: May 19, 2026

This Privacy Policy explains how Double Door Media LLC ("CalmBP," "we," "us," or "our") collects, uses, shares, and protects information when you use the CalmBP iOS application (the "App") and the website at https://calmbp.com (the "Site"). It also explains the choices you have about that information.

Please read it carefully. If you do not agree with this Policy, please do not use the App or the Site.

CalmBP is designed for adults 18 and older in the United States. We do not knowingly direct the App or the Site to anyone under 18.

If you are a resident of Washington, Nevada, Connecticut, or any other state with a separate consumer-health-data law, please also review our Consumer Health Data Privacy Policy, which contains the disclosures and rights required by those laws.

1. Who We Are and How to Reach Us

Double Door Media LLC
Oregon, USA
Email: [email protected]
Support: [email protected]

If you have questions about this Privacy Policy or wish to exercise any of the rights described below, email [email protected]. We respond to verifiable rights requests within forty-five (45) days, as required by applicable law.

2. Scope

This Privacy Policy applies to information collected through the App and the Site. It does not apply to:

When you sign in with Apple or Google, the App receives only the limited account information that Apple or Google authorizes, typically a stable identifier and, if you choose, an email address.

3. Information We Collect

The categories below use the labels used in the California Consumer Privacy Act (Cal. Civ. Code §1798.140) and similar US state privacy laws.

3.1 Information You Provide Directly

3.2 Information from Other Apps and Devices (with your permission)

3.3 Information Collected Automatically

3.4 Information We Do Not Collect

We do not collect:

3.5 Information About Other People You Track or Share With

4. How We Use Information

We use the categories above for the following business and operational purposes only:

We do not use your information to:

5. How We Share Information

We share information only with the limited set of service providers and only for the purposes listed below. Each provider acts as our service provider/processor under written terms and may not use the data for its own purposes.

Category of recipientWhat they receiveWhy
Apple, Inc.Limited account info for Sign in with Apple; In-App Purchase events; HealthKit reads/writes (on-device)Authentication, subscription billing, on-device health data access
Our AI providerCuff images during the cuff-display scan, sent as captured (not de-identified) so the numbers can be read; for the AI Insights path, a de-identified window of your recent health metrics, from which we remove direct identifiers such as your name and email. The AI sees that you take medications and your adherence, but not the medication names. Processed on the provider's paid tier (under our agreement with the provider, data submitted on this tier is not used to train its models).Image-to-data, insight-text generation, and AI Insights Suite (Daily Briefing, Insights Chat, Weekly Recap). Content is processed in-memory and not persisted by us. Voice audio is never sent to the AI provider. Voice transcription is fully on-device.
Sign-in providers (Apple, Google)Limited account info to verify your identityAuthentication
Our cloud hosting provider (US)All data your App sends to our backend, in transitHosting our backend service
Our cloud database and authentication provider (US)All data your App stores in our database (all tiers)Encrypted database storage and authentication
Our subscription management providerYour user identifier, App Store/Play subscription events, your subscription stateSubscription management; cross-device entitlement
Our push-notification delivery providerA device push token and push notification payloads. Most payloads contain only non-clinical reminder text. A Care Circle alert (Plus Care), sent to a caregiver's own device, also includes the private label the caregiver chose for the person they support and the fact that a reading crossed the caregiver's alert threshold or that the person has not logged recently. The reading values themselves are not included; they stay in the app.Push delivery to Apple/Google notification services
Our error-monitoring providerCrash reports, stack traces, basic device context, with best-effort redaction of health-data fieldsError monitoring
Our transactional email providerRecipient email address and message content. Invitation and verification emails contain no health data. A clinical report you choose to export may be delivered to your own email as an attachment via this provider.Delivering transactional account email (including Care Circle invitations) and any report you choose to email yourself. Not used for marketing email.
Caregivers linked to your accountRead-only access to your account's wellness data in all categories, including the data of every other person you track under the account (tracked profiles). Caregivers cannot edit or delete records. Access continues until either member revokes it.Allowing the person you chose to support you to view your wellness data
Recipients of a doctor share linkWhatever appears in the BP report you generate (readings, dates, medications you've logged, context tag categories). The link is unauthenticated, so anyone you forward it to can open the report until it expires or you revoke it.Letting you show a clinician (or anyone else you choose) a recent snapshot of your blood pressure history without giving them App access

On written request to [email protected], we'll share the current named list of subprocessors that fit each category above. The law in the regimes that apply to us requires categories, not names, so we list categories here and provide the specific names on request.

Care Circle sharing. If you enable Care Circle, a caregiver gets read-only access to your account's wellness data in all categories, including the data of every other person you track under the account (tracked profiles). A Care Circle link can start from either side: you can invite a caregiver to view your data, or you can accept an invitation from someone who asked to follow your readings. Either way, the access exists only because you authorized it by inviting or accepting, it stays read-only (caregivers cannot edit or delete your records), and you can revoke it at any time from Settings → Care Circle, which immediately ends their access. Members of an active circle also see your first name, to identify you.

Doctor share links. A doctor share link is an unauthenticated public URL. No login is required to view it, so anyone who has the URL can open the report until it expires (by default within about a day) or you revoke it. Treat the link like the report itself. You are responsible for who you send it to. We do not verify the recipient, do not confirm they are a clinician, and do not control what they do with the report once viewed.

We do not share information with any other party, except:

We never share data sourced from Apple HealthKit for advertising, marketing, data mining, or any other purpose besides the core wellness functionality you asked us to provide. Apple's HealthKit terms require this and we adhere to it.

6. Where We Store Information

CalmBP is operated from the United States. All of our service providers store data in the United States. If you access the App from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States.

7. How Long We Keep Information

CategoryRetention
Account record and core health data (BP readings, medications and adherence, walks, sleep, weight, intake, mood, resting heart rate, nicotine logs)While your account is active. Deleted promptly on an account-deletion request, and within thirty (30) days. Residual copies in server backups are overwritten on the standard backup-rotation cycle.
Operational and security records (diagnostics, abuse-prevention counters, notification logs)While your account is active, and deleted with it.
Calendar free/busy windowsUp to seven (7) days in the past, fourteen (14) days in the future
Care Circle invitations and caregiver link recordsWhile the invitation is pending or the caregiver link is active. Revoked, expired, or accepted-then-removed records are purged promptly.
Doctor share link snapshots (rendered HTML or PDF)Until the link expires (by default within about a day) or you revoke it, then deleted.
Tracked profile recordsSame retention as the account that owns them. Deleted when you archive the profile or delete your account.
Subscription stateFor the life of the account, then deleted with the account
Consent acknowledgment records (policy versions, ack timestamps, arbitration opt-out flag)For the life of the account. On deletion, retained for seven (7) years as a pseudonymous record to satisfy our legal-defense exception under GDPR Article 17(3)(e) and equivalent state-law provisions. No name, email, or health data is retained.
Aggregated, de-identified analyticsIndefinitely (cannot be used to identify you)

You can request deletion at any time using the in-App "Delete account and all data" control, or by emailing [email protected].

8. How We Protect Information

We use industry-standard measures to protect your information:

No security system is perfect. If we ever experience a breach affecting your unsecured personal health information, we will notify you as required by law.

9. Your Choices and Rights

You have the rights below regardless of where you live, subject to the conditions and exceptions in applicable law. State-specific additional rights are described in Section 10.

To exercise any right, contact [email protected]. We will verify your request by asking you to send the request from the email address associated with your account, and we may ask for additional information solely to verify your identity. We respond within forty-five (45) days, with one extension permitted under applicable law.

10. State-Specific Notices

10.1 California Residents (CCPA / CPRA)

If you live in California, you have additional rights under the California Consumer Privacy Act, as amended:

If you wish to designate an authorized agent to make a request on your behalf, the agent must provide written authorization signed by you and must be able to verify their identity directly with us.

10.2 Washington Residents (My Health My Data Act)

If you live in Washington, you have additional rights under the My Health My Data Act (RCW Ch. 19.373). Those rights, our consumer-health-data practices, and the categories of consumer health data we process are described in our separate Consumer Health Data Privacy Policy, which is linked from the homepage of calmbp.com.

10.3 Nevada Residents (SB 370)

If you live in Nevada, you have additional rights under SB 370. Those rights and our consumer-health-data practices are also described in our Consumer Health Data Privacy Policy. We do not sell consumer health data.

10.4 Connecticut Residents (CTDPA + Health Data Amendments)

If you live in Connecticut, you have additional rights under the Connecticut Data Privacy Act, including the right to access, correct, delete, port, and opt out of certain processing, and additional protections for consumer health data. Use the contacts in Section 9 to exercise these rights, or see our Consumer Health Data Privacy Policy.

10.5 Texas Residents (TDPSA)

If you live in Texas, you have rights under the Texas Data Privacy and Security Act. NOTICE: We do not sell sensitive personal data. Use the contacts in Section 9 to exercise your access, correction, deletion, portability, and opt-out rights.

10.6 Other US States

Residents of Colorado, Virginia, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Delaware, New Jersey, New Hampshire, Kentucky, Rhode Island, Minnesota, Maryland, and other states with comprehensive privacy laws have the rights conferred by those laws, including, at minimum, the rights to access, correct, delete, port, and opt out of certain processing. Use the contacts in Section 9.

11. Children

CalmBP is intended for users 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided us with personal information, please contact [email protected] and we will delete it.

12. HealthKit-Specific Disclosure

When you grant the App access to Apple HealthKit, we will:

This is required by Apple's HealthKit terms and we adhere to it.

13. AI Insights Suite (Plus subscribers, opt-in)

The AI Insights Suite (Daily Briefing, Insights Chat, Weekly Recap) is a Plus-only feature that is off by default. You enable it explicitly via an in-App consent screen separate from these Terms and from your HealthKit permission. You can revoke at any time in Settings → AI Features.

When enabled, here is what happens on each AI request:

  1. We assemble a de-identified payload from your data: blood-pressure values, the date/time of each reading, context tag categories you chose (e.g., "caffeine," "stressed"), Apple Health sleep / step / walking-workout totals, and that you take medications and your adherence. We remove direct identifiers. Your name, email, account identifier, device identifier, IP address, your medication names, and any free-text notes you've entered on readings are not included. When you type your own question in Insights Chat, the words you type are also sent to our AI provider to answer your question from that de-identified payload; that typed text is not stored and is not added to the de-identified payload.
  2. The payload is sent to our AI provider on its paid tier. Under our agreement with the provider, data submitted on this tier is not used to train its models.
  3. The provider returns a text response, to which we append our standard medical disclaimer.
  4. We do not store your prompts. A response may be briefly cached on our server and then deleted, so a repeated request does not trigger a duplicate AI call. We otherwise log technical metadata only, such as timing and whether a response was returned.

Chat history. Chat conversations are not saved as a history on our backend or on your device. Revoking AI consent in Settings → AI Features stops all further AI calls.

AI outputs are informational only and are not medical advice, diagnosis, or treatment. Do not delay seeking care from a licensed clinician based on AI output. In an emergency, call 911.

14. Cookies and Similar Technologies

The App is a native iOS application and does not use cookies in the App itself. The Site (calmbp.com) is a static information page that does not set cookies or run analytics scripts.

15. Changes to This Policy

If we materially change this Policy, we will notify you by displaying an acknowledgment-required notice in the App when you next open it. For material changes, we will give you at least thirty (30) days' advance notice in this way before the change takes effect. The "Effective Date" at the top of this Policy reflects the most recent version.

You can review previous versions by emailing [email protected].

16. Contact

Privacy questions, rights requests, and complaints:
[email protected]

General support:
[email protected]

Postal:
Double Door Media LLC
Oregon, USA
(For postal address, request via email; we provide on request to comply with state-law disclosure obligations.)

© 2026 Double Door Media LLC. All rights reserved.