Privacy Policy

1. About cookies

A cookie is a small text file a website saves on a user’s computer. The text file contains data the website may use when the visitor returns to the website. Our Mobile App uses WebView to display certain content from the Heartpace web application. In this regard, the Mobile App may store cookies. Heartpace.com may use cookies to collect and use data from its visitors in the manners explained below.

2. Website Usage and Data Collection

Our website automatically collects certain data and stores it in log files. This data may encompass internet protocol (IP) addresses, general location, browser type, operating system, and usage patterns related to our website. We utilize this information to improve user experience and tailor our website to your preferences. Additionally, this information assists us in diagnosing server issues, administering our website, and analyzing trends to improve our offerings. The Mobile App also accesses your device’s language settings to provide a localized experience. Additionally, we may collect non-identifiable technical information such as device model and OS version via the Heartpace Mobile App to ensure technical compatibility and security.

3. Collection and Usage of Personal Information

Heartpace collects personal information about the users of the Heartpace application. With a few exceptions, this information is generally limited to:

• Name
• Job title
• Employer name
• Work address
• Work email
• Work phone number

In the Heartpace application, we gather personal information to enable personalized features like displaying names and enhancing user experience.

Personal information is not collected on the external website by default; it’s only obtained when users voluntarily provide it, such as when booking a demo, subscribing to newsletters, or submitting feedback. This information is essential for delivering services to prospects and customers. It’s important to note that we never sell your personal information to any third parties. We share this information solely with trusted third parties that assist us in delivering our services. The Heartpace Mobile App collects the same types of personal information as described above for the website and web application.

4. What Heartpace may use data about its visitors for

• For website statistics
• To personalize the website when a visitor returns (i.e. language preference, customizations)
• For marketing purposes (i.e. retargeting, email campaigns)

5. Sharing Information with Trusted Third Parties

Your personal data may be stored in databases hosted by third-party providers for cloud storage purposes only. Heartpace occasionally collaborates with third-party systems or services to convey information about our products, services, and events to you. A list of our third-party sub-processors is available, including AWS, and Mandrill (Mailchimp). We do not disclose your personal data to external parties unless under specific circumstances detailed in our policy. We use hCaptcha in our Mobile App to prevent automated attacks and ensure that interactions are performed by humans. This service may collect hardware and software information (such as device type and app version) to perform its security functions. This data is handled in accordance with hCaptcha’s privacy policy.

6. Opting out options

If you do not wish Heartpace.com, or one of the services we use, to collect any information about your visit you may enable the “Block cookies from third parties and advertisers” option in your web browser settings. This will still allow some “non-tracking” cookies to be stored on your computer, such as language preferences. You may also disable cookies altogether in your browser settings. This will, however, limit your web browsing experience and even stop some web services from working, including the Heartpace service.

7. Using Google API

Heartpace will only use access to allow you to write and send Gmail messages and attachments from your Heartpace account. Heartpace’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

8. Data Retention and Deletion

• We store your personal information for a period of time that is consistent with our business purposes.
• We will retain your personal information for the length of time needed to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law.
• When the data retention period expires for a given type of data, we will delete or destroy it.
• You may request for your personal data to be deleted at any time by contacting us at [privacy@heartpace.com] or using the contact information provided in this policy. We will process your request in accordance with applicable data protection laws.

9. How We Protect Your Google Data

We understand the importance of safeguarding your Google account information. Our application only stores the access token needed to send emails via your Gmail account. We do not access, read, or store the contents of your emails or your inbox.
All access tokens are securely encrypted both in transit and at rest using up-to-date encryption standards. Access to these tokens is strictly limited and controlled within our central application platform, and is never shared with third parties.
You can revoke our Gmail access at any time, which immediately deletes your authentication token from our system. For further details on how we protect and use your data, please contact our support team at [support@heartpace.com].

10. Use of User Data for AI/ML

We do not use any Google user data (including authentication tokens or email metadata) for the training or development of any artificial intelligence (AI) or machine learning (ML) models, either generalized or personalized. All access to Google user data is strictly limited to functional operations, specifically sending user-authorized emails.
At no point is your Google data analyzed, mined, or processed by any AI or ML technologies.

11. Authentication and Third-Party Identity Providers

The Heartpace Mobile App and web application support authentication through third-party identity providers, including but not limited to Azure Active Directory, GSuite, Okta, and other SAML/SSO-based providers. When you log in through one of these services:

• We only receive identification data (such as your email address and a unique user identifier) from these services to create or authenticate your work profile within Heartpace.
• We do not collect, store, or have access to your passwords from these third-party services.
• Your authentication is managed by your organization’s identity provider as part of their corporate security infrastructure.
• For more information about how these identity providers handle your data, please refer to their respective privacy policies.

12. Data Security and Encryption

All data transmitted between the Heartpace Mobile App, the web application, and our servers is encrypted using HTTPS/TLS protocols.

13. Mobile App Secure Storage

To maintain your active session securely, the Heartpace Mobile App stores authentication tokens on your device using encrypted local storage (Keychain for iOS and Keystore for Android). These tokens are hardware-protected and are only accessible when the device is unlocked. We do not store your passwords on the device.

14. Deep Linking The Mobile

App utilises deep linking (e.g., magic links sent via email) to facilitate a seamless and secure login process. These links are used strictly for authentication purposes to associate your mobile session with your Heartpace account.