Privacy Policy

1. Introduction

At Selcora Mobile ("we", "us", "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HeartCall mobile application ("App").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the App.

2. Information We Collect

2.1. Personal Information

When you use HeartCall, we may collect the following personal information:

• Account Information: Name, email address, phone number
• Emergency Contacts: Names and phone numbers of up to 5 emergency contacts
• Profile Information: Age, gender (optional)
• Authentication Data: Firebase authentication tokens

2.2. Health Data

With your explicit consent, we collect health-related data:

• Heart Rate Data: Real-time heart rate readings from Apple Watch
• Heart Rate Variability: HRV data from Apple Health
• Emergency Events: Records of detected anomalies and emergency alerts
• Health History: Historical records of your heart rate patterns

2.3. Location Information

We collect location data only in emergency situations:

• GPS Coordinates: Your precise location when an emergency is detected
• Location Sharing: Shared with emergency contacts only during alerts
• Location History: Emergency location records (stored for 30 days)

2.4. Device Information

• Device Identifiers: iPhone and Apple Watch model, UDID
• Operating System: iOS and watchOS version
• App Version: Current version of HeartCall installed
• Network Information: IP address, carrier information

2.5. Usage Data

• App Interactions: Features used, screen views
• Performance Data: Crash reports, error logs
• Analytics: Aggregated usage statistics (anonymous)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1. Core Service Delivery

• Monitor your heart rate in real-time
• Detect abnormal heart rate patterns
• Send emergency notifications to your contacts
• Make emergency calls via Twilio
• Share your location during emergencies
• Maintain your health history records

3.2. Service Improvement

• Improve anomaly detection algorithms
• Enhance app performance and stability
• Develop new features based on usage patterns
• Fix bugs and technical issues

3.3. Communication

• Send important service updates
• Respond to your support requests
• Notify you about subscription changes
• Send critical security alerts

3.4. Legal Compliance

• Comply with legal obligations
• Respond to legal requests
• Enforce our Terms of Use
• Protect our rights and users' safety

4. Data Sharing and Disclosure

4.1. Emergency Contacts

When an emergency is detected, we share the following information with your designated emergency contacts:

• Your name and phone number
• Current heart rate reading
• GPS location coordinates
• Timestamp of the emergency event

4.2. Third-Party Service Providers

We use the following third-party services:

• Firebase (Google): Authentication, database, analytics
• Twilio: SMS and voice call delivery
• Hetzner Cloud: Backend server hosting
• Apple HealthKit: Health data integration

4.3. We Do NOT Share Data With

• ❌ Advertising networks
• ❌ Data brokers
• ❌ Insurance companies
• ❌ Employers or healthcare providers (without your consent)
• ❌ Social media platforms

4.4. Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government investigations).

5. Data Security

5.1. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted using TLS 1.3
• Storage: Data encrypted at rest using AES-256
• Authentication: Firebase secure authentication
• Access Control: Strict role-based access to data
• Regular Audits: Security assessments and penetration testing
• Secure Servers: Backend hosted on Hetzner Cloud (Germany)

5.2. Apple HealthKit Security

• Health data never leaves your device without encryption
• We follow Apple's strict HealthKit guidelines
• Health data is stored locally on your iPhone/Apple Watch
• Only aggregated, anonymized data may be used for research (with consent)

5.3. Data Breach Protocol

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours
• Report to relevant authorities as required by GDPR
• Take immediate action to secure the breach
• Provide guidance on protective measures

6. Data Retention

6.1. Active Accounts

While your account is active, we retain:

• Health Data: Last 90 days of heart rate records
• Emergency Events: All emergency incidents indefinitely
• Emergency Contacts: Until you remove them
• Account Information: Until account deletion

6.2. Account Deletion

When you delete your account:

• All personal information is permanently deleted within 30 days
• Health data is immediately removed from our servers
• Emergency contacts are deleted
• Anonymized analytics data may be retained

6.3. Inactive Accounts

Accounts inactive for 24 months will receive a notification. After 36 months of inactivity, accounts and associated data will be automatically deleted.

7. Your Privacy Rights

Under GDPR and other privacy laws, you have the following rights:

7.1. Right to Access

You can request a copy of all personal data we hold about you. Go to Settings → Privacy → Export My Data.

7.2. Right to Rectification

You can update or correct your personal information anytime in the app settings.

7.3. Right to Erasure (Right to be Forgotten)

You can delete your account and all associated data at any time. Go to Settings → Account → Delete My Account.

7.4. Right to Data Portability

You can export your data in JSON or CSV format. Go to Settings → Privacy → Export My Data.

7.5. Right to Object

You can object to certain data processing activities. Contact us at privacy@selcoramobile.com.

7.6. Right to Withdraw Consent

You can withdraw consent for health data access at any time through iPhone Settings → Privacy → Health.

8. Children's Privacy

HeartCall is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data is primarily stored on servers in Germany (Hetzner Cloud). If data is transferred internationally, we ensure appropriate safeguards are in place:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• GDPR compliance by all processors

10. Cookies and Tracking Technologies

10.1. Mobile App

Our mobile app does not use cookies. We use the following for analytics:

• Firebase Analytics: App usage and crash reporting (anonymized)
• Device Identifiers: For authentication and service delivery

10.2. Website (heartcall.selcoramobile.com)

Our website uses minimal tracking:

• No advertising cookies
• No third-party tracking scripts
• Basic server logs for security purposes only

11. Third-Party Links

Our app and website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Push notification in the app
• Email to your registered address
• Prominent notice on our website

Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Information

If you have questions or concerns about this Privacy Policy, please contact us:

14. Right to Lodge a Complaint

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local data protection authority.

Turkish Data Protection Authority:
Website: www.kvkk.gov.tr