Privacy Policy (CarDS Plus iOS App)

Effective date: February 10, 2026
Developer: Cardiovascular Data Science Lab (“CarDS Lab”)

1) Overview

CarDSPlus-IN is a mobile application designed for use by study coordinators participating in collaborative clinical research studies conducted with collaborators in India. This application is not intended for study participants or patients.

This Privacy Policy explains what data the App processes, how it is used, and your choices.

2) What the App Processes (on device)

All application data is stored on secure servers located in India, specifically in the AWS Asia Pacific regions (ap-south-1 or ap-south-2). Certain authentication-related processes may be handled through infrastructure located in the United States (us-east-2). No participant-level data is stored or processed through the application.

3) Data Sources and Permissions

  • Health/HealthKit : Used to read Apple Watch ECGs and other metrics like sleep, steps, calories, activities, and oxygen.

    • HealthKit data accessed is used only to provide App functionality and permitted research purposes.

    • Health data is not used for advertising, data brokerage, or profiling.

You can change permissions at any time in iOS Settings → Privacy & Security.

CarDSPlus-IN does not collect, store, or process any personal data related to study participants. The application is designed exclusively for study coordination purposes. No data within the app is linked to any individual participant, and no direct or indirect identifiers are collected, stored, or processed.

4) No Automatic Collection, Sale, or Sharing

  • No automatic uploads: The App does not automatically send ECG data, predictions, or identifiers to the cloud or to CarDS Lab.

  • No third-party analytics/ads SDKs: We do not use advertising identifiers (IDFA) or cross-app trackers.

  • No sale or sharing for targeted advertising: We do not sell your data and do not share it for targeted advertising.

5) On-Device Storage, Backups, and Retention

  • Backups: Depending on your iOS settings, locally stored App data may be included in your device backups (e.g., encrypted iCloud backup or local iTunes/Finder backup). You control backup settings in iOS.

6) Research Use

If you use the App as part of an approved research study:

  • Your informed consent will describe what data is collected, how it may be shared by you or your study device, and who can access it.

  • The App itself does not transmit data automatically; any transfers must be initiated by you or configured by your institution using device-level workflows consistent with the consent and approvals.

7) Security

We design the App so that core processing is on device. Still, no system can guarantee perfect security. You are responsible for:

  • Keeping your device updated and secured (passcode/biometrics).

  • Managing permissions and backups.

  • Exporting or sharing data only with trusted recipients.

8) Your Choices & Rights

  • Permissions: Grant or revoke Health access at any time in iOS Settings.

  • View/Correct/Delete (on device): You can delete App data by removing items within the App (if supported), deleting Health records via the Health app, and/or uninstalling the App.

  • Research rights: If used in a study, follow the instructions in your consent for exercising rights (e.g., withdrawal, access, correction, deletion).

  • Jurisdictional rights (GDPR/UK GDPR/CCPA/CPRA and others): Depending on where you live, you may have rights to access, correct, delete, restrict, or port personal data. Because the App does not send your data to CarDS Lab by default, we may not possess any data to respond to such requests—most actions will occur on your device. If you believe CarDS Lab holds a copy (e.g., you emailed logs), contact us using the information below.

9) Children’s Privacy

The App is intended for adults or authorized research participants. It is not directed to children under 13 (or under the age defined by local law). If you believe a child has provided data to CarDS Lab outside a research protocol, contact us so we can address it.

10) Third-Party Components

The App uses Apple frameworks (e.g., HealthKit) and may include third-party/open-source components on device. These components operate locally; they do not receive your data unless you initiate an export to them.

11) International Transfers

By default, the App does not transmit your data to CarDS Lab or any server; therefore, there are no routine international transfers. If you voluntarily export data to an external service, that transfer is governed by the destination’s terms.

12) Changes to This Policy

We may update this Policy to reflect changes in the App, laws, or research practices. When we do, we will update the “Effective date” above. Your continued use after changes take effect means you accept the updated Policy.

13) Contact Us

Questions about privacy or this Policy:
Cardiovascular Data Science Lab (CarDS Lab)
Email: contact@cards-lab.org
Address: New Haven, CT, USA