Mobile App Privacy Policy

Last updated: April 2025

We collect only the data needed to operate your app (anonymous or registered), manage subscriptions via RevenueCat, and optionally send marketing emails. All data—stored in Firebase—are processed under GDPR principles (lawfulness, purpose limitation, data minimization) and secured with industry best practices. You always control your data: you can delete readings, opt out of marketing, or remove your account. We never sell personal data.

1. Interpretation and Definitions

1.1 Interpretation

Capitalized terms have the meanings given here, whether singular or plural.

1.2 Definitions

  • Account: your unique identity in our Service (anonymous or registered).
  • Application / Service: any mobile app developed by Loheden AI Solutions AB.
  • Company / We / Us: Loheden AI Solutions AB, Sweden.
  • Personal Data: information relating to an identified or identifiable person.
  • Usage Data: automatically collected diagnostic, device, and interaction data.
  • Service Provider: third parties processing data on our behalf (e.g., Firebase, RevenueCat).
  • You / User: the individual using the App.

2. Information We Collect

We collect information necessary to provide and improve our Services. The types of information depend on how you use the App:

2.1 Authentication & Account Data

  • • Unique authentication identifiers provided by our authentication systems (e.g., Firebase Authentication User ID), which act as your primary identifier within the Service, whether you are an anonymous or registered user.
  • • Optional profile information (such as email address, name) if You choose to create a registered account using methods like Google Sign-In, Sign in with Apple, email/password, or other supported social logins.

2.2 Usage & Device Data

  • • Technical information automatically collected, such as IP address, device type, unique device identifiers (e.g., IDFA/IDFV if permitted by You), operating system version, app version, interaction timestamps, screens visited, features used, crash reports, and performance data.
  • • Information regarding your preferences for local notifications, such as push notification permissions status.

2.3 Subscription Data

  • • Information required to manage your subscriptions, processed via third-party Service Providers (such as RevenueCat). This typically includes subscription identifiers, transaction receipts (without full payment details), entitlement status, and renewal dates, linked to your Account identifier.
  • • These Service Providers may also process device identifiers as necessary for subscription management and fraud prevention, subject to their own privacy policies and your device settings.

2.4 Marketing Email (Optional)

  • • If you explicitly consent, we may collect your email address for the purpose of sending promotional materials or updates about our Services. Providing this is always optional, and you can withdraw your consent at any time via the app settings or by contacting us.

2.5 User-Generated Content

  • • Data you voluntarily provide within the App, such as text, images, or other content, depending on the App's functionality. This data is stored securely and linked to your Account.

3. How We Use Your Data

We use the collected information for the following purposes:

  1. To provide, operate, maintain, and improve the Application and its features (e.g., authenticating users, storing and displaying user data, calculating statistics).
  2. To manage user Accounts and provide customer support.
  3. To manage subscriptions, process transactions (via Service Providers), validate entitlements, and handle purchase restoration.
  4. To send important service-related communications, transactional notifications, or health reminders (if applicable to the App).
  5. To send optional marketing and promotional communications, but only if you have given explicit consent. You can opt-out at any time.
  6. To monitor and analyze usage patterns, diagnose technical problems, fix bugs, and improve the user experience. We often use aggregated or anonymized data for this purpose.
  7. To ensure the security and integrity of our Services and prevent fraud.
  8. To comply with legal obligations and enforce our terms.

4. Data Storage & Retention

  • Data Location: Your data is stored on secure servers operated by us or our chosen Service Providers. These servers may be located in various regions, including potentially outside the European Economic Area (EEA) or the UK. Examples include cloud infrastructure like Google Cloud Platform (which hosts services like Firebase) or servers used by subscription platforms like RevenueCat. When data is transferred outside the EEA/UK, we ensure appropriate safeguards are in place, such as the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), or other valid transfer mechanisms.
  • Retention Period: We retain Personal Data only for as long as necessary for the purposes set out in this Privacy Policy.
    • User-generated content and account data are retained as long as your Account is active or until you delete the specific data or your entire Account.
    • Subscription records may be retained for longer periods as required by law (e.g., for financial auditing).
    • Usage Data and logs may be retained for a limited period for analysis, security, and service improvement purposes before being anonymized or deleted.
  • • Upon account deletion request, we will delete or anonymize your Personal Data within a reasonable timeframe, subject to legal retention requirements.

5. Sharing & Disclosure

  • Service Providers: Firebase for Auth, Firestore, Messaging; RevenueCat for subscriptions—all bound by strict contracts.
  • Third‑Party Login: Google, Apple, social platforms—data shared only with your consent.
  • Legal Requirements: we may disclose data to comply with laws or protect rights.
  • No Selling: we do not sell personal data under any circumstances.
  • Refund-Related Data Sharing with Apple App Store Customers:

When you purchase a subscription or other in-app content through the Apple App Store and subsequently request a refund, Apple may ask us to confirm how (and whether) you used that content. By using BP Monitor and completing an in-app purchase, you consent to the following data-sharing practice:

  • Data shared: strictly limited "consumption data," such as purchase identifier, subscription tier, and time-stamped logs showing when premium features were accessed or content was opened.
  • Purpose: exclusively to help Apple verify refund eligibility and prevent misuse of the refund process.

6. Legal Basis & GDPR Compliance

If you are in the European Economic Area (EEA) or the UK, our legal basis for collecting and using the Personal Data described above depends on the Personal Data we collect and the specific context in which we collect it:

  • Contract Performance: Much of our processing is necessary to perform our contract with you (i.e., provide the Service), such as authenticating you, storing your data, and managing subscriptions.
  • Consent: We rely on your consent for certain processing activities, such as sending marketing emails or using certain types of device identifiers for analytics or advertising (where applicable and subject to your choices). You can withdraw your consent at any time.
  • Legitimate Interests: We process some data based on our legitimate interests, provided these interests are not overridden by your data protection rights. Examples include analyzing usage data to improve the Service, ensuring security, and preventing fraud.
  • Legal Obligation: We may need to process data to comply with legal requirements.

We adhere to GDPR principles, including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.

7. Security Measures

We implement appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. This includes practices like encryption of data in transit and at rest where feasible, access controls, secure authentication mechanisms (e.g., provided by Firebase), use of secure cloud infrastructure, and regular review of our security practices. However, please remember that no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee absolute security.

8. Your Rights

Depending on your location (particularly if you are in the EEA or UK under GDPR), you have certain rights regarding your Personal Data:

  • Right to Access: You can request copies of your Personal Data.
  • Right to Rectification: You can request correction of inaccurate or incomplete Personal Data.
  • Right to Erasure ('Right to be Forgotten'): You can request deletion of your Personal Data, under certain conditions. You can often delete data or your entire account directly within the App.
  • Right to Restrict Processing: You can request restriction of the processing of your Personal Data, under certain conditions.
  • Right to Object to Processing: You can object to our processing of your Personal Data based on legitimate interests.
  • Right to Data Portability: You can request transfer of the data we have collected to another organization, or directly to you, in a structured, commonly used, machine-readable format, under certain conditions.
  • Right to Withdraw Consent: Where we rely on consent (e.g., for marketing), you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to complain to a data protection authority about our collection and use of your Personal Data.

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before responding to your request. We will respond to your request within a reasonable timeframe, in accordance with applicable laws.

9. Children's Privacy

Our Services are not intended for individuals under the age of 18 (or the relevant age of majority in your jurisdiction). We do not knowingly collect Personal Data from children without verifiable parental consent. If you believe we might have collected information from a child without consent, please contact us immediately at [email protected] so we can take appropriate steps.

10. Updates to This Policy

We may update Our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify You of any significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also provide notice through the App or via email if appropriate. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact at [email protected].