Privacy Policy
Last updated: March 4, 2026 • Effective: March 4, 2026
Key Points at a Glance
- Your health data (blood pressure, pulse, notes, tags) is stored only on your device — it is never sent to our servers or any third party
- We use Firebase Analytics for anonymous app usage statistics and Firebase Remote Config for feature optimization
- We use RevenueCat to manage subscriptions — payment is processed entirely by Apple or Google
- We do not sell, rent, or share your personal or health data with anyone
- Your health data is never used for advertising, insurance decisions, or profiling
- You have full control — export your data, delete it, or uninstall anytime
- No account registration or login is required to use the App
1. Introduction
This Privacy Policy explains how Simple Blood Pressure Monitor ("the App", "we", "us", "our"), developed and operated by Borys Kusmirek ("Data Controller"), collects, uses, stores, and protects your information. This policy applies to both the iOS and Android versions of the App.
Data Controller: Borys Kusmirek
Contact email: favamvv@gmail.com
By using the App, you acknowledge that you have read and understood this Privacy Policy. Where required by law (see Section 9), we will obtain your explicit consent before processing certain categories of data.
2. Information We Collect
2.1. Health Data (Stored Locally on Your Device Only)
The following data is entered by you manually and stored exclusively in a local SQLite database on your device. This data never leaves your device. It is never transmitted to our servers, any third party, or any cloud service.
- Systolic and diastolic blood pressure readings (mmHg)
- Pulse / heart rate measurements (bpm)
- Date and time of each measurement
- Personal notes you attach to readings
- Tags you assign to readings (e.g., morning, evening, after meds, stress, rest, after exercise)
- Custom tags you create
Under GDPR, blood pressure and pulse data are classified as "Special Category Data" (Article 9). Because this data is stored solely on your device and is never transmitted to or processed by us, we do not act as a data processor for your health data. You retain full and exclusive control over it at all times.
2.2. Usage and Technical Data (Collected Automatically)
When you use the App, the following anonymous data is collected automatically by integrated third-party services to help us improve the App:
| Data Type | Purpose | Collected By |
|---|---|---|
| App instance identifier (anonymous) | Distinguishing unique app installations | Firebase Analytics |
| App usage events (screens visited, features used, session duration) | Understanding how users interact with the App | Firebase Analytics |
| Device information (OS version, app version, device model) | Ensuring compatibility, debugging issues | Firebase Analytics |
| Approximate location (country/region level only) | Understanding geographic usage patterns | Firebase Analytics |
| A/B test group assignment | Optimizing the app experience via feature experiments | Firebase Remote Config |
| Anonymous user identifier, purchase history, subscription status | Managing subscriptions, verifying entitlements, fraud prevention | RevenueCat |
2.3. Information We Do NOT Collect
- We do not collect your name, email address, phone number, or any personally identifiable account credentials
- We do not require account registration or login
- We do not collect precise location (GPS) data
- We do not access your contacts, photos, camera, microphone, or other device sensors
- We do not use advertising SDKs, ad trackers, or collect data for ad targeting
- We do not read from or write to Apple HealthKit or Google Health Connect
3. How We Use Your Information
- Health data: Processed solely on your device by the App to display your readings, calculate averages and trends, generate charts, categorize blood pressure levels, and enable you to export your data. We never access, receive, process, or store this data on any server.
- Firebase Analytics data: Used in aggregate to understand feature usage patterns, identify bugs and crashes, improve app performance, and optimize the onboarding experience. No health data is included in analytics.
- Firebase Remote Config data: Used to determine which version of certain app screens you see (A/B testing) to optimize the user experience. No personal or health data is used for experiment targeting.
- RevenueCat data: Used to verify your subscription entitlements, manage purchase restoration across devices, and prevent subscription fraud. Actual payment processing is handled entirely by Apple (App Store) or Google (Play Store) — we never receive your credit card or financial information.
We do not sell, rent, trade, or share your personal or health data with advertisers, data brokers, insurance companies, employers, or marketing platforms. Your health data is never used for advertising, profiling, insurance scoring, lending decisions, or any purpose other than displaying it to you within the App.
4. Legal Basis for Processing (GDPR)
For users in the European Union / European Economic Area, we rely on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Health data storage and display | Not applicable — health data is processed solely on your device; we have no access to it |
| App usage analytics (Firebase Analytics) | Legitimate interest (Art. 6(1)(f)) — improving app quality and user experience |
| A/B testing (Firebase Remote Config) | Legitimate interest (Art. 6(1)(f)) — optimizing app features |
| Subscription management (RevenueCat) | Performance of contract (Art. 6(1)(b)) — fulfilling your subscription purchase |
| Push notifications (reminders) | Consent (Art. 6(1)(a)) — you explicitly grant notification permission |
You may withdraw your consent for notifications at any time by disabling them in your device settings or within the App. You may object to analytics processing by contacting us (see Section 14).
5. Third-Party Services
The App integrates the following third-party services. Each operates as a data processor under their respective terms and privacy policies:
5.1. Firebase Analytics (Google LLC / Google Ireland Limited)
- Purpose: Understanding how users interact with the App, measuring feature adoption, identifying performance issues
- Data collected: App instance identifier, usage events, device type, OS version, app version, session duration, approximate country/region
- Data processor: Google LLC (US) / Google Ireland Limited (for EEA users)
- Retention: Event-level data is retained for 2 months; user-level data for 14 months (configured in Firebase console)
- Opt-out: Contact us at favamvv@gmail.com to request analytics opt-out. On iOS, you may also enable "Limit Ad Tracking" in Settings → Privacy & Security. On Android: Settings → Google → Ads → Opt out of Ads Personalization.
- Privacy policy: Google Privacy Policy • Firebase Privacy & Security
5.2. Firebase Remote Config (Google LLC / Google Ireland Limited)
- Purpose: Delivering app configuration and managing A/B tests for feature optimization (e.g., which promotional screens are displayed)
- Data collected: Firebase Installation ID (anonymous identifier) transmitted as part of configuration requests
- No personal health data is transmitted via this service
- Privacy policy: Firebase Privacy & Security
5.3. RevenueCat, Inc.
- Purpose: Managing in-app subscriptions, validating purchases, and providing access to premium features
- Data collected: Anonymous app user identifier ($RCAnonymousID), purchase history (product IDs, transaction dates, expiration dates), subscription status, entitlements, app version, OS, device type
- Data processor: RevenueCat, Inc. (United States)
- Payment processing: All payment processing is handled by Apple (App Store) or Google (Play Store). We never receive your credit card number, billing address, or other financial information.
- Retention: Transaction data is retained for the duration of your use of the App plus up to 6 years for legal and tax compliance
- Data Processing Addendum: RevenueCat’s DPA incorporating Standard Contractual Clauses is part of their Terms of Service
- Privacy policy: RevenueCat Privacy Policy
5.4. Local Notifications (flutter_local_notifications)
- Purpose: Sending you daily blood pressure measurement reminders at times you choose
- Data collected: None transmitted externally. Notification schedules are stored locally on your device only.
- Permission: Requires your explicit notification permission, which you can revoke at any time in your device’s system Settings → Notifications → Blood Pressure
6. Data Sharing and Disclosure
- Health data: Shared with absolutely no one. It exists solely on your device.
- Usage data: Shared with Google (Firebase) and RevenueCat only as described in Section 5, strictly for the purposes stated.
- We do not share data with data brokers, advertisers, marketing platforms, insurance companies, or employers.
- We may disclose information if required by law, court order, or governmental regulation, or if necessary to protect our legal rights.
7. Data Storage and Retention
| Data Category | Storage Location | Retention Period |
|---|---|---|
| Health data (readings, notes, tags) | Local device only (SQLite) | Until you delete it in the App or uninstall the App |
| Notification preferences | Local device only | Until you change settings or uninstall the App |
| Firebase Analytics (event-level) | Google servers (US/EU) | 2 months |
| Firebase Analytics (user-level) | Google servers (US/EU) | 14 months |
| RevenueCat subscription data | RevenueCat servers (US) | Duration of use + up to 6 years (legal compliance) |
8. Data Export and Portability
You can export all your blood pressure readings to an Excel (.xlsx) file at any time using the App’s export feature (available in Settings or History). The exported file is saved to your device. Once exported, the file is under your sole control — any further sharing, storage, or transmission of that file is your responsibility.
You may also import data from an Excel file back into the App.
9. Your Rights
9.1. All Users
- Access & export: Export all your health data via the App’s Excel export feature at any time, free of charge
- Delete health data: Delete individual readings within the App, or remove all data by uninstalling the App
- Opt out of analytics: Contact us at favamvv@gmail.com or use your device’s privacy settings
- Disable notifications: Revoke notification permission in your device’s system Settings at any time
- Cancel subscription: Cancel anytime via your device’s subscription management (see our Terms of Service)
9.2. EU/EEA Users (General Data Protection Regulation)
Under the GDPR, you have the following rights regarding personal data we process (usage data and subscription data):
- Right of access (Art. 15): Request a copy of the personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate personal data
- Right to erasure / "Right to be forgotten" (Art. 17): Request deletion of your personal data
- Right to restrict processing (Art. 18): Request that we limit how we use your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest (analytics)
- Right to withdraw consent (Art. 7(3)): Withdraw consent for notifications at any time; withdrawal does not affect the lawfulness of prior processing
- Right to lodge a complaint with your local data protection supervisory authority
To exercise any of these rights, contact us at favamvv@gmail.com. We will respond within 30 days.
Note on health data: Because your health data is stored exclusively on your device and never transmitted to us, we cannot access, retrieve, modify, or delete it on your behalf. You have direct and full control over this data through the App itself.
9.3. California Users (CCPA/CPRA)
Under the California Consumer Privacy Act and California Privacy Rights Act, you have the following rights:
- Right to know: Request what personal information we collect, use, and share
- Right to delete: Request deletion of your personal information
- Right to correct: Request correction of inaccurate personal information
- Right to opt out of the sale or sharing of personal information: We do not sell or share your personal information as defined by the CCPA/CPRA
- Right to limit use of sensitive personal information: Your health data (blood pressure, pulse) is considered Sensitive Personal Information under CPRA. We do not process this data — it remains exclusively on your device. We use it only as necessary for the App’s core functionality.
- Right to non-discrimination: We will not discriminate against you for exercising any of these rights
Categories of personal information collected in the preceding 12 months:
- Identifiers: Anonymous app installation ID (Firebase), anonymous subscription identifier (RevenueCat)
- Commercial information: Subscription purchase history (via RevenueCat)
- Internet activity: App usage events and interactions (via Firebase Analytics)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
9.4. Washington State Users (My Health My Data Act)
Under the Washington My Health My Data Act (MHMDA), your blood pressure and pulse data is classified as "consumer health data." Because this data is stored exclusively on your device and is never collected, shared, or sold by us, we do not process your consumer health data as defined by the MHMDA. You retain exclusive control over your health data at all times.
9.5. Other US State Privacy Laws
We respect the privacy rights of users in all US states with comprehensive privacy legislation, including but not limited to Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island. If you are a resident of any of these states and wish to exercise your privacy rights, please contact us at favamvv@gmail.com.
10. International Data Transfers
Your health data remains exclusively on your device and is never transferred internationally or to any server.
Usage data collected by Firebase Analytics and subscription data managed by RevenueCat may be processed on servers located in the United States or other countries outside the EU/EEA. These transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework (where applicable)
- Additional technical and organizational security measures implemented by Google and RevenueCat
11. Data Security
- Your health data is protected by your device’s built-in security features, including screen lock, full-disk encryption, and secure enclave (where available)
- Since health data is never transmitted over any network, there is zero risk of server-side data breaches for your health information
- Firebase and RevenueCat employ industry-standard encryption (TLS/SSL) for all data in transit and at rest
- We follow the principle of data minimization: we collect only the minimum data necessary for the App to function and improve
12. Children’s Privacy
The App is not directed at children under 13 years of age (or 16 years of age in the European Union under GDPR). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has used the App, please contact us at favamvv@gmail.com and we will take steps to delete any associated data.
13. Health and Medical Disclaimer
This App is NOT a medical device. It has not been evaluated, cleared, or approved by the FDA (U.S. Food and Drug Administration), CE (European Conformity), or any other medical regulatory authority worldwide. The App is intended solely for personal health tracking and informational purposes.
- The App does not provide medical advice, diagnosis, prognosis, or treatment recommendations
- Blood pressure readings are entered manually by you and are not independently measured or verified by the App
- The blood pressure categories displayed (Hypotension, Normal, Prehypertension, Hypertension Stage 1, Hypertension Stage 2) are based on general medical guidelines and are for informational reference only
- Always consult a licensed physician or qualified healthcare professional for medical advice, diagnosis, or treatment
- Do not disregard professional medical advice, delay seeking medical treatment, or change prescribed medication based on information from this App
- In a medical emergency, contact your local emergency services immediately
In accordance with Regulation (EU) 2025/327 (European Health Data Space), we confirm that your health data is never used for advertising, insurance underwriting, lending decisions, employment decisions, or any purpose other than displaying it to you within the App.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, third-party services, or applicable laws. When we make material changes:
- We will update the "Last updated" date at the top of this page
- For significant changes, we may provide additional notice within the App
Your continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.
15. Contact Us
If you have questions about this Privacy Policy, wish to exercise any of your privacy rights, or want to report a concern, please contact us:
- Developer: Borys Kusmirek
- Email: favamvv@gmail.com
We will acknowledge your request within 5 business days and respond substantively within 30 days. If we need additional time, we will notify you of the reason and expected timeline.
Disclaimer: This Privacy Policy is provided for informational purposes and is intended to be as comprehensive and accurate as possible. However, it does not constitute legal advice. We recommend consulting with a qualified attorney if you have specific legal concerns about data privacy.