Privacy Policy

Last updated: February 2026

1. Introduction

BeatBurden ("we", "our", "us") operates the BeatBurden Android application and the BeatBurden web dashboard (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By using BeatBurden, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

Account Information

  • Email address (via Google Sign-In)
  • Google account display name

Heart Rhythm Data

When you use the BeatBurden Android app with a Polar H10 chest strap, we collect:

  • ECG data — Raw electrocardiogram waveform at 130 Hz
  • Heart rate — Beats per minute (BPM)
  • R-R intervals — Time between heartbeats in milliseconds
  • Accelerometer data — Movement data from the sensor (optional)
  • Markers — User-created labels with timestamps (e.g., "coffee", "exercise")

Device Information

  • Polar H10 device identifier
  • Session timestamps (start time, end time, duration)

Payment Information

Payments are processed by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers or payment details directly.

3. How We Use Your Data

  • To provide heart rhythm analysis, HRV metrics, and beat classification
  • To generate AI-powered insights and correlations between your markers and rhythm patterns
  • To display your data on the web dashboard
  • To process your subscription payments
  • To improve and maintain the Service

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Fly.io infrastructure within the European Union. We use encryption in transit (TLS/HTTPS) for all data transmission between the Android app, web dashboard, and our servers.

Access to your data is protected by authentication via Google Sign-In and API keys for the mobile app.

5. Data Sharing

We do not sell your personal or health data. We may share limited data with the following third-party services solely to operate the Service:

  • Google — Authentication (Google Sign-In)
  • Stripe — Payment processing
  • Google Gemini — AI insight generation (receives only pre-processed summaries and statistics, never raw ECG or heart rate data)
  • Fly.io — Infrastructure hosting

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — Request a copy of all data we hold about you
  • Rectification — Request correction of inaccurate data
  • Erasure — Request deletion of your account and all associated data
  • Portability — Export your data in CSV or JSON format
  • Restriction — Request limitation of processing
  • Objection — Object to processing of your data

To exercise any of these rights, contact us at the email address below. To delete your account and all associated data, sign in to the BeatBurden web dashboard and navigate to Account → Delete Account.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your account and all associated data (ECG recordings, heart rate data, markers, analysis results, AI insights) are physically and permanently removed from our database
  • Stripe payment records are retained by Stripe per their own data retention policies

8. Children's Privacy

BeatBurden is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice in the app. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

info@beatburden.com