Privacy Policy
Last updated: April 23, 2026
CardioLens ("we", "us", or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the CardioLens iOS application and related services.
Information We Collect
When you create an account and use CardioLens, we collect:
- Account information: email address, password (encrypted), and your selected role (medical student, nurse, paramedic, physician)
- ECG images: photos you upload or capture for AI analysis. These are processed in real time and not permanently stored on our servers
- Usage data: scan counts, quiz progress, study module completion, and feature interaction patterns
- Subscription and purchase information: managed through Apple's App Store and our subscription provider, RevenueCat
- Crash and performance data: anonymous diagnostic data to help us improve app reliability
How We Use AI
CardioLens uses Anthropic's Claude AI (claude-sonnet-4-6) to analyze ECG images. When you submit an ECG for analysis:
- Your ECG image is sent securely (HTTPS/TLS) to our backend, which proxies the request to Anthropic's Claude API
- Anthropic processes the image to generate a clinical interpretation and returns it to your device
- We do not permanently store ECG images on our servers. Images are processed in memory and discarded after analysis
- Anthropic does not train its models on your data. Per Anthropic's commercial terms, API submissions are not used for model training
- Your account ID is used only to track scan credits — your identity is not shared with Anthropic
You consent to AI processing the first time you submit an ECG for analysis. You can revoke this consent at any time by ceasing to use the AI Scanner feature. Your account and all other features remain functional.
Data Storage and Security
We use the following service providers to operate CardioLens:
- Supabase: hosts your account data, scan counts, and subscription tier in a secure PostgreSQL database. Row-level security policies ensure you can only access your own data
- Anthropic: processes ECG images for AI analysis (no persistent storage)
- RevenueCat: manages subscription billing and entitlement verification
- Apple App Store: processes all in-app purchases. We do not store credit card information
- Cloudflare: hosts our website and email routing
All data in transit is encrypted using industry-standard TLS. Passwords are hashed using bcrypt and never stored in plaintext.
Information We Do Not Collect
- We do not collect patient identifying information
- We do not access your photo library beyond images you explicitly select for ECG analysis
- We do not access your contacts, location, microphone, calendar, or other device data
- We do not use third-party analytics or advertising trackers
- We do not sell, rent, or share your personal information with third parties for marketing purposes
Your Rights
You have the right to:
- Access your personal data — contact us at support@cardiolens.ca to request a copy
- Delete your account and all associated data — available in the app under Profile → Delete Account, or by emailing support@cardiolens.ca
- Correct inaccurate information by editing your profile in the app
- Withdraw consent for AI processing by ceasing use of the AI Scanner
- Export your data — contact support@cardiolens.ca
Educational Use Only
CardioLens is designed exclusively for educational purposes. It is not a clinical diagnostic tool and must not be used for patient care decisions. AI-generated interpretations are educational references only and should not replace professional medical judgment.
Children's Privacy
CardioLens is rated 4+ in the App Store but is intended for healthcare professionals and students aged 17 and older. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at support@cardiolens.ca.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Significant changes will be communicated through an in-app notification.
Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at:
Email: support@cardiolens.ca
Website: www.cardiolens.ca