Privacy Policy

Last updated: 2026-04-18
For questions: security@rhythmiqi.com

1. What We Collect

  • ECG recordings you upload.
  • Pattern Summaries and related derived processing records.
  • Account information such as your email address.
  • Basic device, session, security, and operational metadata needed to run and protect the service.

2. How We Use Data

  • Analyze ECG recordings and generate Pattern Summaries.
  • Authenticate users, secure accounts, and provide Sinoa features.
  • Operate, monitor, troubleshoot, and improve system performance.
  • Maintain security, respond to abuse, and meet legal obligations.

3. Data Protection

We protect data in transit using encryption.

For verified production storage systems, we protect live production data at rest using encrypted storage for uploads, Pattern Summaries, inference data, release storage, live databases, and Redis-backed application state.

This statement does not guarantee that backups, off-platform storage, or any storage outside those verified live production systems are encrypted.

4. Data Retention

We retain active data as needed for service functionality, account access, security, legal obligations, and plan-based retention behavior.

When you request account cleanup or delete supported content, we remove that data from live systems in accordance with the product's deletion controls.

Backup or snapshot deletion may not occur immediately and is not guaranteed on the same timeline as live-system deletion.

5. Data Sharing

We do not sell your personal data.

Data is shared only when you initiate sharing, when needed to operate the service with infrastructure or billing providers, or when required by law.

6. Your Rights and Choices

  • Request deletion of supported live account data.
  • Request access to your account data.
  • Update supported account settings such as display name and timezone.

7. Health Data Notice

Even when HIPAA does not apply to this service model, health-related information remains sensitive.

Sinoa is an educational product and not a clinical diagnosis workflow. Non-HIPAA health app operators may still be subject to FTC health-data obligations, including the Health Breach Notification Rule where applicable.