RhythmIQ.Health

Privacy Policy

This page explains how RhythmIQ.Health accesses, collects, uses, shares, protects, retains, and deletes user data, including health data, Android Health Connect data, Apple HealthKit data, and Apple Health data.

RhythmIQ.Health Privacy Policy

Effective Date: May 10, 2026 | Last Updated: May 10, 2026

App: RhythmIQ.Health | Developer / Operator: RhythmIQ.Health | Privacy Contact: info@rhythmiq.health

Google Play, Apple App Store, Health Data, and Account Deletion Summary

RhythmIQ.Health is a health and care-coordination platform for adults. When you enable health features, the app may access or collect health and wellness data that you authorize, including Android Health Connect data, Apple HealthKit data, Apple Health data, wearable data, and health information you enter directly. We use this data to provide user-facing features such as personal health tracking, baseline trends, mood and wellness insights, medication and appointment support, care coordination, and optional alerts to people you authorize.

We do not sell personal information or health data. We do not use Android Health Connect data, Apple HealthKit data, Apple Health data, or other sensitive health data for advertising, marketing, data broker services, use-based data mining, employment eligibility, creditworthiness, lending, or insurance eligibility.

You may request account and data deletion at any time using the instructions in Section 7: Data Deletion.

RhythmIQ.Health (“RhythmIQ.Health,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what information we access, collect, use, share, retain, delete, and protect when you use our websites, mobile applications, APIs, health-data integrations, clinician and support-group tools, communication features, and other services that link to this Privacy Policy (collectively, the “Platform”).

By using the Platform, you acknowledge the practices described in this Privacy Policy and our Terms of Service. If you do not agree, please do not use the Platform.

RhythmIQ.Health is not a medical device unless specifically labeled otherwise. RhythmIQ.Health does not diagnose, treat, cure, or prevent any medical condition. Insights, alerts, summaries, and care-coordination tools are informational and should not replace advice, diagnosis, or treatment from a qualified healthcare professional.

1. Scope and Who This Policy Covers

This Policy applies to:

  • Patients and other adult users who create a RhythmIQ.Health account.
  • Doctors, clinicians, clinics, caregivers, family members, and support-group members who use the Platform.
  • Visitors to our public website and marketing pages.
  • People who connect health-data sources, Android Health Connect, Apple HealthKit, Apple Health, wearables, mobile device permissions, or third-party integrations to RhythmIQ.Health.

This Policy does not govern third-party websites, app stores, device manufacturers, health-data platforms, or services that we do not control.

2. Data We Access or Collect

“Access” means the app may read, view, process, or receive data after you authorize a permission or integration. “Collect” means we store, transmit, or otherwise process data in our systems or with authorized service providers. The exact data depends on the features you use, the permissions you grant, and the settings you choose.

A. Account and Profile Data

  • Name, email address, username, phone number, password/authentication credentials, account role, profile image, date of birth or age confirmation, and user preferences.
  • Relationship details you choose to provide, such as doctor, clinic, caregiver, family, or support-group relationships.
  • Subscription or entitlement status when premium features are used. Payment card details are handled by payment processors and are not stored as full card numbers by RhythmIQ.Health.

B. Health, Wellness, and Care Data You Provide

  • Mood logs, journal entries, symptom check-ins, self-assessments, care plans, safety plans, and wellness notes.
  • Medication names, schedules, adherence confirmations, refill notes, appointment information, provider notes you or an authorized clinician enter, and care-coordination records.
  • Clinical or health information you or an authorized care team member choose to upload, enter, or share through the Platform.

C. Health Data From Connected Sources

  • Android Health Connect data, if you grant Health Connect permissions on Android.
  • Apple HealthKit data and Apple Health data, if you grant Apple Health permissions on iOS.
  • Wearable or connected-service data, if you choose to connect a supported source.

D. Device, App, and Usage Data

  • IP address, device model, operating system, browser type, app version, crash logs, diagnostic logs, timestamps, screens viewed, feature interactions, and performance events.
  • Push notification tokens used to deliver app notifications, reminders, and call alerts.
  • Limited communication metadata for in-app messaging, support groups, and app-based voice/video calls, such as sender, recipient, group, timestamp, call state, and delivery status.

We do not collect SMS message bodies, regular phone-call audio, or your full phone contact list unless a clearly identified feature asks for that data and you provide permission.

E. Camera, Microphone, Photos, and Files

  • Camera or photo access may be used for profile images, optional visual check-ins, document uploads, or video-call features you initiate.
  • Microphone access may be used for voice notes, voice-enabled features, or app-based audio/video calls you initiate.
  • We do not record camera or microphone data in the background.

F. Support, Feedback, and Communications

  • Emails, support messages, attachments, bug reports, survey responses, and feedback you send us.
  • Messages, posts, reactions, and shared files within support groups, clinician dashboards, or care-coordination features.
3. Health Data, Health Connect, and Apple HealthKit Data

RhythmIQ.Health only accesses health data when you authorize the relevant permission, integration, or sharing setting. You can grant, deny, or revoke health permissions through your device settings, Android Health Connect settings, Apple Health settings, iOS privacy settings, and RhythmIQ.Health app settings.

A. Android Health Connect data

On Android, RhythmIQ.Health may request access to specific Health Connect data types only when those data types support user-facing features in the app. You can approve or deny each permission through Android Health Connect. If you later revoke a Health Connect permission, RhythmIQ.Health will stop accessing that category from Health Connect on that device, but revocation may not automatically delete data already stored in your RhythmIQ.Health account.

B. Apple HealthKit and Apple Health data

On iOS, RhythmIQ.Health may request permission to read selected Apple HealthKit data from the Apple Health app and, if a feature supports it, permission to write selected wellness or app-generated records back to Apple Health. Apple Health permissions are permission-specific, meaning you may grant or deny access for each requested data type. If you revoke Apple Health permissions, RhythmIQ.Health will stop accessing those Apple Health categories from that device, but revocation may not automatically delete data already stored in your RhythmIQ.Health account.

  • RhythmIQ.Health does not access Apple HealthKit data unless you grant permission through the iOS Apple Health authorization screen.
  • RhythmIQ.Health does not use Apple HealthKit data, Apple Health data, or other health data for advertising, marketing, or use-based data mining.
  • RhythmIQ.Health does not sell Apple HealthKit data, Apple Health data, or other health data.
  • RhythmIQ.Health does not store personal health information in iCloud through our app.
  • RhythmIQ.Health does not write false or inaccurate data into Apple Health or HealthKit. If the app writes any data to Apple Health, it does so only for supported user-facing features and only with your permission.
  • Apple Health and HealthKit data remain under your control in Apple Health. You can manage Apple Health permissions and source data through the Apple Health app and iOS Settings.

C. Health data we may access or collect when enabled

  • Activity data, such as steps, movement, exercise, active energy, distance, workouts, and activity summaries.
  • Sleep data, such as sleep duration, sleep timing, sleep sessions, sleep stages where available, and sleep consistency metrics.
  • Cardiovascular and biometric data, such as heart rate, resting heart rate, heart rate variability, blood pressure, oxygen saturation, respiratory rate, and related timestamps where available.
  • Nutrition or body measurement data, if enabled, such as weight, height, hydration, calories, macronutrients, or related wellness measurements.
  • Medication, appointment, mood, journal, care-plan, and adherence data that you or an authorized care team member enter or share.
  • Health records or clinical data only if you, your clinician, or a connected health system provides that data through an enabled feature.

D. How health data is used

  • To show personal trends, summaries, and baseline-relative changes.
  • To support mood, sleep, activity, medication, appointment, and care-plan tracking.
  • To generate informational insights, risk indicators, reminders, and alerts based on data you authorize.
  • To share selected information with doctors, clinics, caregivers, family members, or support groups only when you authorize that sharing or when an authorized care-coordination feature requires it.
  • To support security, auditing, quality control, debugging, compliance, and app reliability.

E. Health data limits and prohibited uses

  • We do not sell Android Health Connect data, Apple HealthKit data, Apple Health data, or other health data.
  • We do not transfer health data to advertisers, data brokers, or information resellers.
  • We do not use health data for personalized advertising, interest-based advertising, marketing, or use-based data mining.
  • We do not use health data to determine employment suitability, creditworthiness, lending eligibility, or insurance eligibility.
  • We do not request health permissions that are unrelated to RhythmIQ.Health’s user-facing health, wellness, or care-coordination features.
  • We do not repurpose health data for unrelated purposes without additional consent unless permitted or required by law.

F. Local device controls

Revoking a device permission may stop future access from that device, but it may not automatically delete data already stored in your RhythmIQ.Health account. To delete stored account data, follow the instructions in Section 7.

4. How We Use Information
  • Provide the Platform: Create accounts, authenticate users, sync data, display dashboards, support journaling, medication tracking, appointment tracking, support groups, clinician tools, and app-based communication.
  • Generate insights: Produce informational trends, baseline comparisons, risk indicators, wellness summaries, and alerts based on data you authorize.
  • Care coordination: Help authorized doctors, clinics, caregivers, family members, or support-group members coordinate care within the permissions you choose.
  • Notifications: Send reminders, appointment notifications, medication prompts, support-group updates, call alerts, and account messages.
  • Security and reliability: Detect suspicious activity, prevent abuse, troubleshoot errors, maintain audit logs, and improve app stability.
  • Compliance: Meet legal, regulatory, contractual, audit, and safety obligations.
  • Product improvement: Improve features, usability, reliability, accessibility, and safety using de-identified, aggregated, or limited operational data where appropriate.
  • Communications: Respond to support requests and send service-related messages. Marketing messages, if any, may be opted out of where required.
5. How We Share Information

We do not sell personal information or health data. We may share information only as described below:

  • With people you authorize: Doctors, clinics, caregivers, family members, or support-group members you connect with or permit to view selected information.
  • With service providers: Hosting, storage, database, security, authentication, email, SMS, push notification, payment, analytics, crash-reporting, customer-support, communication, and AI infrastructure providers that help us operate the Platform under contractual safeguards.
  • With connected services: Health-data platforms, EHR/EMR systems, telehealth tools, wearable services, or other integrations you enable.
  • For legal and safety reasons: When required by law, court order, regulation, valid legal process, emergency safety need, fraud prevention, security investigation, or to protect rights and safety.
  • Business transfers: If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, data may be transferred subject to appropriate safeguards and this Policy.
  • De-identified or aggregated data: Data that does not reasonably identify you may be used or shared for analytics, research, reporting, or product improvement.
6. Data Retention

We retain personal data only for as long as reasonably necessary to provide the Platform, maintain security, meet legal obligations, resolve disputes, enforce agreements, support audit requirements, or comply with healthcare, tax, accounting, fraud-prevention, and regulatory obligations.

Data Type Typical Retention Period Notes
Account and profile data While your account is active, then deleted or de-identified after verified deletion request unless retention is legally required. Basic records may be retained briefly for security, fraud prevention, or legal compliance.
Health data, Android Health Connect data, Apple HealthKit data, Apple Health data, mood data, journal data, medication data, appointment data, and care-plan data While your account is active or until you delete specific data, disconnect a feature, revoke sharing, or request deletion. After account deletion is verified, active-system deletion is generally completed within 30 days, subject to legal or clinical-record retention requirements.
Support-group messages and shared records While the account, group, or care relationship remains active, unless deleted or legally retained. Some shared content may remain visible to authorized recipients if needed for care coordination, audit integrity, legal compliance, or where deletion would affect another user’s records.
Security logs, audit logs, fraud-prevention records, and system logs Typically 12 to 24 months, or longer if required for security, legal, healthcare, or regulatory reasons. Logs may contain limited identifiers, timestamps, IP addresses, device data, and event metadata.
Backups Backup copies are generally overwritten or deleted within 90 days. Backups are protected and are not used for ordinary account access after deletion.
Records subject to healthcare, legal, tax, accounting, or dispute obligations For the period required by applicable law, contract, audit, or regulatory obligation. Where full deletion is not permitted, we restrict access and retain only what is necessary.
7. Data Deletion

You may request deletion of your RhythmIQ.Health account and associated user data at any time. Deleting the app from your device does not automatically delete data already stored in your RhythmIQ.Health account.

How to request account and data deletion

  • In the app: Use the account, privacy, or settings area to request account deletion if the deletion control is available in your installed version.
  • By email: Send a request to info@rhythmiq.health with the subject line “Delete My RhythmIQ.Health Account.”
  • From the web: Use this public deletion page anchor: https://www.rhythmiq.health/policies/#delete-data

What happens after a deletion request

  • We may verify your identity before deleting account data to protect against unauthorized deletion.
  • After verification, we generally delete or de-identify account data from active systems within 30 days.
  • Backup copies are generally overwritten or deleted within 90 days.
  • We will also instruct relevant service providers to delete data they process for us, unless retention is legally required.
  • If we must retain certain data for legal, healthcare, audit, fraud-prevention, dispute, safety, or regulatory reasons, we will retain only the minimum necessary data and restrict access where appropriate.

Deleting Health Connect, Apple HealthKit, Apple Health, or device-source data

RhythmIQ.Health can delete data stored in your RhythmIQ.Health account, but we do not control data that remains inside Android Health Connect, Apple Health, Apple HealthKit, your wearable account, your device, your clinician’s records, or another third-party service. You can manage or delete source data through the settings for those services and devices.

Deleting individual data without deleting your account

Depending on the feature, you may be able to delete individual entries such as journal entries, mood logs, medication records, appointments, uploaded files, or support-group content. You may also contact us to request deletion of specific data.

8. Security Measures
  • Encryption: We use HTTPS/TLS for data in transit and encryption or equivalent safeguards for sensitive data at rest where appropriate.
  • Access controls: We use role-based access controls, least-privilege practices, authentication protections, and administrative restrictions.
  • Audit and monitoring: We maintain logs and monitoring designed to detect suspicious activity, errors, and unauthorized access.
  • Vendor safeguards: We use service-provider agreements and safeguards for vendors that process personal or sensitive data for us.
  • Incident response: We maintain procedures to investigate, contain, and respond to security incidents.

No method of transmission or storage is 100% secure. You are responsible for using strong passwords, protecting your devices, and keeping account credentials confidential.

9. Your Choices and Controls
  • Access, update, or correct profile information through your account settings where available.
  • Grant, deny, or revoke device permissions through Android, iOS, Android Health Connect, Apple Health, browser, or device settings.
  • Manage Apple HealthKit and Apple Health permissions through the Apple Health app and iOS Settings.
  • Enable or disable specific health, mood, medication, appointment, notification, support-group, and sharing features where available.
  • Choose which doctors, clinics, caregivers, family members, or support-group members can access selected data.
  • Opt out of non-essential marketing communications by using unsubscribe options or contacting us.
  • Request access, correction, deletion, restriction, portability, or other privacy rights as described in this Policy.
10. Privacy Rights

United States

Depending on your state and the data involved, you may have rights to know, access, correct, delete, obtain a copy of, restrict, or opt out of certain processing of personal information. We do not sell personal information or health data.

HIPAA and health information

If RhythmIQ.Health is acting as a HIPAA covered entity or business associate for specific services, additional rights may apply to Protected Health Information, such as rights to access, amend, restrict certain uses, and receive an accounting of disclosures. A separate HIPAA Notice of Privacy Practices may apply where required.

EU, UK, EEA, and Switzerland

Depending on applicable law, you may have rights to access, rectify, erase, restrict, object to processing, withdraw consent, request data portability, and lodge a complaint with a supervisory authority.

Canada and other regions

Depending on applicable law, you may have rights to access, correct, withdraw consent, challenge compliance, or request information about our privacy practices.

How to exercise rights

Contact us at info@rhythmiq.health. We may verify your identity and may deny or limit requests where permitted or required by law.

11. AI-Assisted Insights and Automated Processing

RhythmIQ.Health may use automated processing, analytics, and AI-assisted tools to generate informational insights, trends, reminders, summaries, and alerts. These outputs are intended to support awareness and care coordination. They are not diagnoses, treatment plans, emergency services, or substitutes for professional medical advice.

  • Insights may be based on health data, Android Health Connect data, Apple HealthKit data, Apple Health data, mood data, journal data, medication data, appointment data, and device or usage data that you authorize.
  • Some insights may influence app notifications or alerts to people you have authorized.
  • You may contact us to ask questions about significant automated processing or request human review where required by law.
12. Cookies and Tracking Technologies

We may use cookies, local storage, SDKs, and similar technologies to authenticate sessions, remember preferences, maintain security, analyze app performance, and improve the Platform.

You can control cookies through your browser or device settings. Disabling some technologies may affect account login, security, or core functionality.

13. Third-Party Services and Links

The Platform may link to or integrate with third-party services such as app stores, payment processors, cloud providers, Android Health Connect, Apple Health, Apple HealthKit, wearable services, communication tools, analytics tools, or healthcare systems. Their privacy practices are governed by their own policies.

When you connect a third-party service, you should review that service’s privacy settings and privacy policy. Disconnecting a service may stop future sharing but may not delete data previously shared with RhythmIQ.Health or the third-party service.

14. Children’s Privacy

RhythmIQ.Health is intended for adults age 18 or older, or the age of majority in the user’s jurisdiction. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at info@rhythmiq.health.

15. International Transfers

RhythmIQ.Health is operated from the United States. Your information may be processed in the United States or other countries where we or our service providers operate. These countries may have privacy laws different from those in your location. Where required, we use appropriate safeguards for international transfers.

16. De-Identified and Aggregated Data

We may create de-identified or aggregated data by removing or transforming information so that it does not reasonably identify you. We may use such data for analytics, research, reporting, safety, security, product improvement, and business purposes. We do not attempt to re-identify de-identified data except as permitted by law for validation, security, or compliance.

17. Breach Notification

If we determine that a security incident compromises personal data or health information in a way that requires notification, we will notify affected users, regulators, or other required parties as required by applicable law.

18. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date shows when the Policy was most recently revised. If changes are material, we may provide additional notice through the Platform, email, or other appropriate methods.

19. Contact Us

RhythmIQ.Health Privacy Office
RhythmIQ.Health
United States
Email: info@rhythmiq.health

For deletion requests, use the instructions in Section 7: Data Deletion.

20. Definitions
  • Personal Data / Personal Information: Information that identifies, relates to, describes, or can reasonably be linked to an individual.
  • Health Data: Data related to health, wellness, medical care, biometric measurements, activity, sleep, medication, mood, symptoms, or care coordination.
  • Android Health Connect Data: Health and fitness data accessed through Android Health Connect permissions after user authorization.
  • Apple HealthKit Data / Apple Health Data: Health and fitness data accessed through Apple HealthKit and the Apple Health app after user authorization on iOS.
  • Protected Health Information / PHI: Health information protected under HIPAA when HIPAA applies to a particular service or relationship.
  • Processing: Accessing, collecting, storing, using, analyzing, sharing, deleting, or otherwise handling data.
  • De-Identified Data: Data that does not reasonably identify an individual after identifiers have been removed or transformed.
Appendix A: Data Categories and Purposes Matrix
Data Category Examples Source Purpose Shared With Retention / Deletion
Account Data Name, email, role, profile details, authentication data User Account creation, authentication, support, security Service providers; authorized users where needed While active; delete or de-identify after verified deletion request unless legal retention applies
Android Health Connect Data Steps, sleep, heart rate, HRV, blood pressure, oxygen saturation, respiratory rate, nutrition, body measurements where enabled Android Health Connect after permission Health tracking, baseline trends, insights, reminders, alerts, care coordination Service providers; doctors/caregivers/support members only when authorized While enabled/account active; active-system deletion generally within 30 days after verified deletion request
Apple HealthKit / Apple Health Data Steps, workouts, active energy, sleep, heart rate, HRV, blood pressure, oxygen saturation, respiratory rate, nutrition, body measurements, and other Apple Health categories where enabled Apple HealthKit and Apple Health after permission Health tracking, trend visualization, baseline insights, reminders, alerts, and care coordination Service providers; authorized care contacts only when authorized; not advertisers or data brokers While enabled/account active; deletion handled by RhythmIQ.Health for stored account copies, while source data remains controlled through Apple Health and iOS Settings
Wearable and Connected-Service Data Activity, sleep, heart, respiratory, wellness, and measurement data where enabled Wearables and connected services Health tracking, trend visualization, insights, care coordination Service providers; authorized care contacts While enabled/account active; deletion handled by RhythmIQ.Health for stored account copies, source systems separately controlled by user
Mood, Journal, Medication, Appointment, and Care Data Mood logs, journals, medication schedules, adherence, appointments, care plans User, clinician, clinic, caregiver, authorized integrations Care coordination, reminders, insights, support group features Authorized doctors, clinics, caregivers, support group members, service providers While active; delete or de-identify after verified deletion request unless legal or clinical-record retention applies
Device and Usage Data IP address, app version, device model, crash logs, timestamps, usage events, push tokens Automatically from app, website, device, or browser Security, debugging, analytics, notifications, performance Service providers Typically 12 to 24 months for logs; shorter or longer where necessary for security/legal reasons
Communications and Support Data Support emails, feedback, support-group messages, in-app message metadata, call state metadata User, authorized contacts, app systems Support, care coordination, communication delivery, safety, audit Authorized recipients; service providers; legal/safety parties where required While needed for feature, account, group, audit, or legal purposes; delete/de-identify where feasible after verified request
Camera, Microphone, Photos, and Files Profile images, uploaded files, optional visual check-ins, audio/video call media when initiated User/device permission Profile, communication, uploaded records, optional app features Authorized recipients; service providers While active or until deleted; deletion after verified request unless legal retention applies