Privacy Policy

BPM is a minimalist heart rate display app. We respect your privacy and are committed to protecting it. This policy explains what data we handle and why.

Summary

• We do not collect personal information.
• Heart rate data stays on your device unless you explicitly choose to share it.
• If you enable sharing, your heart rate is sent to your backend and retained briefly so others with your code can view it.

Data We Handle

Heart Rate (BPM), Max, and Average (last hour)

• Source: Your Bluetooth LE heart rate strap via CoreBluetooth.
• On-device use: Display and simple stats.
• Optional sharing: When you enable sharing, BPM/max/avg and a timestamp are sent to your backend service and associated only with a random 6-digit code and session token.

Sharing and Retention

• When sharing is ON:
  • Data is transmitted over HTTPS to your backend (default deployment: Vercel + KV/Upstash).
  • Share sessions expire automatically after 90 minutes.
• When sharing is OFF:
  • No heart rate data is transmitted off-device.
  • The app does not upload analytics.

Identifiers and Tracking

• We do not use advertising identifiers and do not track users.
• The share code and token are random and not linked to your identity.
• Standard host logs (for example IP address) may be recorded by your hosting provider for operations/security.

Device Permissions

• Bluetooth: Used to discover and connect to your heart rate strap.

Security

• Data in transit uses HTTPS.
• The backend stores minimal, ephemeral data needed for sharing functionality.

Your Choices

• Do not enable sharing if you don't want any data transmitted.
• You can stop sharing at any time in the app.

Contact

For questions about this privacy policy, contact vibecodeinc@proton.me.