CalmBP Privacy Policy
This Privacy Policy explains how Double Door Media LLC ("CalmBP," "we," "us," or "our") collects, uses, shares, and protects information when you use the CalmBP iOS application (the "App") and the website at https://calmbp.com (the "Site"). It also explains the choices you have about that information.
Please read it carefully. If you do not agree with this Policy, please do not use the App or the Site.
CalmBP is designed for adults in the United States. We do not knowingly direct the App or the Site to children under 13.
If you are a resident of Washington, Nevada, Connecticut, or any other state with a separate consumer-health-data law, please also review our Consumer Health Data Privacy Policy, which contains the disclosures and rights required by those laws.
1. Who We Are and How to Reach Us
Double Door Media LLC
Oregon, USA
Email: privacy@calmbp.com
Support: support@calmbp.com
If you have questions about this Privacy Policy or wish to exercise any of the rights described below, email privacy@calmbp.com. We respond to verifiable rights requests within forty-five (45) days, as required by applicable law.
2. Scope
This Privacy Policy applies to information collected through the App and the Site. It does not apply to:
- Information collected by Apple about your device, your Apple ID, or your App Store purchases. Apple's privacy practices are governed by Apple's privacy policy.
- Information collected by Google when you sign in with a Google account. Google's privacy practices are governed by Google's privacy policy.
- Information collected by any third-party service that you may access through the App (for example, your device's calendar provider).
When you sign in with Apple or Google, the App receives only the limited account information that Apple or Google authorizes — typically a stable identifier and, if you choose, an email address.
3. Information We Collect
The categories below use the labels used in the California Consumer Privacy Act (Cal. Civ. Code §1798.140) and similar US state privacy laws.
3.1 Information You Provide Directly
- Account information. Your email address (from Apple Sign In or Google Sign In).
- Health and wellness data. Blood pressure readings (systolic, diastolic, pulse), the time at which each reading was taken, any notes or context tags you add, your medications and dosing schedule, whether you have taken each dose, walks and other exercise (duration, type, mood), sleep records (duration, quality), weight, sodium/alcohol/caffeine intake, and your stated mood for the day.
- Voice entry (on-device only). When you use the voice-entry feature to log a reading, transcription happens entirely on your device using Apple's Speech Framework (iOS) or Android's SpeechRecognizer (Android). Your microphone is activated only while you are interacting with the voice-entry button, and the audio is processed locally to extract the spoken numbers. The audio recording never leaves your device — it is not sent to our backend, not sent to Google, and not sent to any other third party. We receive only the parsed blood pressure numbers from the on-device transcription.
- Photographs (transient). When you use the camera to scan your blood pressure cuff's display, the image is sent through our backend to Google's Gemini API to read the numbers shown. The image is held only in memory long enough to receive Gemini's response and is never written to our database or to disk.
- Preferences. Your notification preferences (off, passive, normal) for each kind of reminder; your preferred walk window; your step goal; your selected app theme.
3.2 Information from Other Apps and Devices (with your permission)
- Apple HealthKit / Health Connect. With your explicit per-category permission, the App reads blood pressure readings, sleep, weight, walks, and step counts from Apple Health (iOS) or Health Connect (Android). With your explicit permission, the App also writes blood pressure readings and weight back to Apple Health.
- Calendar. With your explicit permission, the App reads only the free/busy times in your device's calendar(s) so that it can suggest walks during gaps in your schedule. We never read meeting titles, attendees, locations, or content.
- Pedometer. With your explicit permission, the App reads your step counts to detect activity windows and adjust reminder timing.
3.3 Information Collected Automatically
- Device and session information. The App collects information needed to operate, including your device's timezone, your operating system version, the App version, and an Expo push token used to deliver notifications. We use your IP address only at the point of request and do not retain it beyond standard server logs (typically thirty days).
- Subscription state. RevenueCat, our subscription manager, reports purchase and renewal events to us. We store your subscription status, expiration date, product identifier, and trial start date (for users who start a trial).
- Consent records. When you agree to our Terms of Service, Privacy Policy, or Medical Disclaimer — either by signing in, by tapping the acknowledgment on the first-launch disclaimer screen, or by re-accepting an updated policy — we record the version you agreed to and the timestamp. This is the only way we can answer “what did this user agree to and when” if a regulator or a dispute requires it.
- Diagnostic data. Before any crash report leaves your device, our error monitoring service (Sentry) passes the event through a redaction layer that (a) replaces blood-pressure-pattern numbers with
[redacted-bp], (b) replaces any field named like a health-data column (such as systolic, diastolic, pulse, medication, dose, weight, sodium_level, mood_tag) with[redacted-health-data], and (c) applies the same transformations to the error message, every exception value, every breadcrumb, and any request body data.
3.4 Information We Do Not Collect
We do not collect:
- Location data (we don't request location permission)
- Contact lists or photo libraries
- Microphone audio outside of explicit voice-entry sessions
- Camera images outside of explicit cuff-scan sessions
- Web-browsing history or activity in other apps
- Persistent device advertising identifiers (IDFA)
- Behavioral or interest profiles for advertising
4. How We Use Information
We use the categories above for the following business and operational purposes only:
- Provide and operate the App. Store, organize, and display your readings, medications, walks, sleep, weight, and other data; surface trends, averages, and patterns; generate reminders and nudges; sync data across your devices on the premium tier.
- Generate insights. Compute correlations within your own data (for example, comparing your readings on walking days versus non-walking days). Generate the plain-language description of each insight using Google Gemini, sending only anonymized correlation summaries — never your name, your email, or any identifier that links to you outside our systems.
- Communicate with you. Send push notifications you have opted in to; respond when you contact support; send service notices (changes to this Policy, security incidents, account-related notices). We do not use your information for marketing email.
- Process subscriptions and prevent fraud or abuse. Receive subscription events from RevenueCat; enforce per-user rate limits on the cuff-display photo-scan feature; detect and limit automated/bot-like usage patterns.
- Improve reliability. Investigate crashes and errors via Sentry; fix defects.
- Comply with law. Respond to legal process, protect our legal rights, and meet our regulatory obligations.
We do not use your information to:
- Show you advertising
- Build a profile of you for advertising
- Sell to data brokers
- Train any third party's general-purpose AI model
5. How We Share Information
We share information only with the limited set of service providers and only for the purposes listed below. Each provider acts as our service provider/processor under written terms and may not use the data for its own purposes.
| Service provider | What they receive | Why |
|---|---|---|
| Apple, Inc. | Limited account info for Sign in with Apple; In-App Purchase events; HealthKit reads/writes (on-device) | Authentication, subscription billing, on-device health data access |
| Google LLC (Sign In) | Limited account info for Sign in with Google | Authentication |
| Google LLC (Gemini API) | Transient cuff images (during cuff-display scan); anonymized correlation summaries (during insight generation) | Image-to-data and insight-text generation. Content is processed in-memory and not persisted by us. Google's API terms govern Gemini's handling. Voice audio is never sent to Gemini — voice transcription is fully on-device. |
| Google LLC (Cloud Run) | All data your App sends to our backend, in transit | Hosting our backend service |
| Supabase, Inc. | All data your App stores in our database (premium tier) | Database hosting, authentication |
| RevenueCat, Inc. | Your user identifier (Supabase UUID), App Store/Play subscription events, your subscription state | Subscription management; cross-device entitlement |
| Expo, Inc. | Your Expo push token, push notification payloads (which contain only non-clinical reminder text) | Push delivery to Apple/Google notification services |
| Sentry (Functional Software, Inc.) | Crash reports, stack traces, basic device context, with health data redacted before transmission | Error monitoring |
| Cloudflare, Inc. | DNS lookups for calmbp.com | Domain name service |
We do not share information with any other party, except:
- With your consent (for example, if you tell us to share your data with a future integration you've authorized).
- In connection with a corporate transaction. If we sell or transfer any part of our business, your information may be one of the transferred assets. We will tell you in advance and your rights under this Policy will continue.
- As required by law. When compelled by valid legal process and after we have evaluated whether the process is valid, narrow, and legally enforceable.
We never share data sourced from Apple HealthKit for advertising, marketing, data mining, or any other purpose besides the core wellness functionality you asked us to provide. Apple's HealthKit terms require this and we have no incentive to do otherwise.
6. Where We Store Information
CalmBP is operated from the United States. All of our service providers store data in the United States. If you access the App from outside the United States, you understand that your information will be transferred to, processed in, and stored in the United States.
7. How Long We Keep Information
| Category | Retention |
|---|---|
| Account record and core health data (BP readings, medications, walks, sleep, weight, intake, mood) | While your account is active. Deleted within thirty (30) days of an account-deletion request; deleted from server backups within an additional ninety (90) days. |
| Diagnostic / error reports | Sixty (60) days |
| Internal AI-usage logs (per-user rate-limit counters) | Sixty (60) days |
| Notification (nudge) audit logs | Ninety (90) days |
| Calendar free/busy windows | Up to seven (7) days in the past, fourteen (14) days in the future |
| Medication scheduled-log entries | One hundred eighty (180) days |
| Subscription state | For the life of the account, then deleted with the account |
| Consent acknowledgment records (policy versions, ack timestamps, arbitration opt-out flag) | For the life of the account, then deleted with the account. Arbitration opt-out records may be retained beyond account deletion to the extent required to honor the opt-out. |
| Aggregated, de-identified analytics | Indefinitely (cannot be used to identify you) |
You can request deletion at any time using the in-App "Delete account and all data" control, or by emailing privacy@calmbp.com.
8. How We Protect Information
We use industry-standard measures to protect your information:
- In transit: TLS 1.2+ on all connections to our backend and to third-party APIs.
- At rest (server): Our cloud database (Supabase / managed PostgreSQL) encrypts data at rest with AES-256.
- At rest (your device): The local database that holds your readings and other health data on your phone is encrypted with SQLCipher (AES-256) using a per-install random 32-byte key. That key is generated on first launch and stored in the iOS Keychain (or Android Keystore on Android) and is only accessible after the device has been unlocked. The database file is unreadable to anyone who extracts a backup of your phone, jailbreaks the device, or otherwise gains access to the filesystem without also having your passcode or biometric.
- Authentication: Your Supabase session token is stored in the iOS Keychain (or Android Keystore) so it does not sit in app storage where a device backup could pick it up.
- Access control: Row-level security in the database ensures that any given query can only return data belonging to the authenticated user.
- Least-privilege practices: API keys are scoped and rotated; service-role keys never leave our backend.
- Diagnostic data: Sentry is configured with health-data redaction so blood pressure values, medication names, and other sensitive fields are stripped before crash reports are transmitted.
- Health data: We do not use HealthKit data for any purpose other than the App's wellness features.
No security system is perfect. If we ever experience a breach affecting your unsecured personal health information, we will notify you within sixty (60) days, as required by the Federal Trade Commission's Health Breach Notification Rule (16 C.F.R. Part 318).
9. Your Choices and Rights
You have the rights below regardless of where you live, subject to the conditions and exceptions in applicable law. State-specific additional rights are described in Section 10.
- Access. Request a copy of the personal information we hold about you. Use Settings → Privacy & Data → Download all my data or email privacy@calmbp.com.
- Correct. Ask us to correct inaccurate information. Most fields are editable in-App; for anything else email privacy@calmbp.com.
- Delete. Ask us to delete your account and all associated data. Use Settings → Privacy & Data → Delete account and all data, or email privacy@calmbp.com.
- Portability. Receive your data in a portable, machine-readable format (JSON). Use Settings → Privacy & Data → Download all my data. The export includes the personal data you have provided or that we have derived from it — blood pressure readings, medications, walks, sleep, weight, intake, calendar blocks, nudges, correlation insights, AI-usage history, and the policy versions you have agreed to. Operational records that are not personal data — push-notification tokens, encrypted credentials for connected calendars, internal mapping identifiers, and rate-limit defense state — are not included in the export but are still wiped if you delete your account.
- Withdraw consent. Revoke any in-App permission (HealthKit, calendar, notifications) at any time via iOS Settings. Revocation does not affect data already processed under that consent.
- Opt out of profiling for legal-effect decisions. We do not make legal-effect decisions about you using automated processing. The correlation engine produces wellness observations and does not affect your legal rights, your access to services, or any benefit.
- Non-discrimination. We will not deny you service, charge you a different price, or provide a different quality of service for exercising any right under this Policy.
To exercise any right, contact privacy@calmbp.com. We will verify your request by asking you to send the request from the email address associated with your account, and we may ask for additional information solely to verify your identity. We respond within forty-five (45) days, with one extension permitted under applicable law.
10. State-Specific Notices
10.1 California Residents (CCPA / CPRA)
If you live in California, you have additional rights under the California Consumer Privacy Act, as amended:
- Right to know the categories of personal information we have collected about you, the categories of sources, the business and commercial purposes for collection, the categories of personal information disclosed for a business purpose, and the categories of third parties with whom we share information.
- Right to delete the personal information we have collected from you.
- Right to correct inaccurate personal information.
- Right to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information.
- Right to limit the use of sensitive personal information. Your health data is sensitive personal information under California law. We use it only to provide the App's features, to communicate with you, and as otherwise described in Section 4. We do not use it to infer characteristics about you. You may limit our use further by emailing privacy@calmbp.com.
- Right to non-discrimination for exercising any of these rights.
If you wish to designate an authorized agent to make a request on your behalf, the agent must provide written authorization signed by you and must be able to verify their identity directly with us.
10.2 Washington Residents (My Health My Data Act)
If you live in Washington, you have additional rights under the My Health My Data Act (RCW Ch. 19.373). Those rights, our consumer-health-data practices, and the categories of consumer health data we process are described in our separate Consumer Health Data Privacy Policy, which is linked from the homepage of calmbp.com.
10.3 Nevada Residents (SB 370)
If you live in Nevada, you have additional rights under SB 370. Those rights and our consumer-health-data practices are also described in our Consumer Health Data Privacy Policy. We do not sell consumer health data.
10.4 Connecticut Residents (CTDPA + Health Data Amendments)
If you live in Connecticut, you have additional rights under the Connecticut Data Privacy Act, including the right to access, correct, delete, port, and opt out of certain processing, and additional protections for consumer health data. Use the contacts in Section 9 to exercise these rights, or see our Consumer Health Data Privacy Policy.
10.5 Texas Residents (TDPSA)
If you live in Texas, you have rights under the Texas Data Privacy and Security Act. NOTICE: We do not sell sensitive personal data. Use the contacts in Section 9 to exercise your access, correction, deletion, portability, and opt-out rights.
10.6 Other US States
Residents of Colorado, Virginia, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Delaware, New Jersey, New Hampshire, Kentucky, Rhode Island, Minnesota, Maryland, and other states with comprehensive privacy laws have the rights conferred by those laws — including, at minimum, the rights to access, correct, delete, port, and opt out of certain processing. Use the contacts in Section 9.
11. Children
CalmBP is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact privacy@calmbp.com and we will delete it.
12. HealthKit-Specific Disclosure
When you grant the App access to Apple HealthKit, we will:
- Read only the categories of data you explicitly authorize.
- Use HealthKit data only to provide the App's health and wellness features (display readings, generate trends, compute correlations, set walk/medication reminders).
- Never use HealthKit data for advertising, marketing, data mining, profiling, sale, or any purpose other than the App's health features.
- Never disclose HealthKit data to any third party for advertising or marketing purposes.
This is required by Apple's HealthKit terms and we adhere to it.
13. Cookies and Similar Technologies
The App is a native iOS application and does not use cookies in the App itself. The Site (calmbp.com) is a static information page that does not set cookies or run analytics scripts.
14. Changes to This Policy
If we materially change this Policy, we will notify you by displaying a notice in the App when you next open it, and (for material changes) by sending you an in-App or email notification at least thirty (30) days before the change takes effect. The "Effective Date" at the top of this Policy reflects the most recent version.
You can review previous versions by emailing privacy@calmbp.com.
15. Contact
Privacy questions, rights requests, and complaints: privacy@calmbp.com
General support: support@calmbp.com
© 2026 Double Door Media LLC. All rights reserved.