Privacy Policy

VitalSines, Inc. (“the Company”, “we”, “our”, or “us”) is committed to protecting the personal information of its users, including you (“you”). This Privacy Policy explains how the Company collects, uses, shares, retains and protects personal information that may identify you, including in connection with your use of the Company’s software, mobile application, services, and the iHeart website (the “Website”) at goiheart.com (collectively, the “Services”) in connection with the body monitoring electronic products offered by the Company (the “Products”). This Privacy Policy does not address personal information that you provide to us in other contexts that are not related to our Services (e.g., through a business or investment relationship).

This Privacy Policy also describes the decisions you can make about your personal information. You may require us to change, amend or delete the personal information that you have provided to us at any time. If you do not agree to the terms of this Privacy Policy, please do not use our Services.

When we say ‘we’ or ‘us’ or ‘VitalSines’ it’s because that’s who we are and we own and run our products and sites.

If we say ‘policy’ we’re talking about this privacy policy. If we say ‘user terms’ we’re talking about the rules for using our products and sites.

By agreeing to the Terms of Use for the Services, or by using the Services, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Services. Your continued use of the Services following the posting of changes to this Privacy Policy will mean that you accept those changes.

The type of personal information we collect

We collect certain personal information about iHeart users, and visitors to our site. The most common types of information we collect include things like email address, survey results, blogs, IP address, payment details, shipping address, tax information, usernames, forum comments, and any content you direct to us to make available on our site. For the iHeart product birthdate, sex, aortic pulse wave velocity, heart rate, blood oxygen level, internal age.

When you sign up for a User Account, you are required to provide an email address and to create an account password.

Registration with our Services also requires that you provide your name, gender, date of birth, height, weight, and activity level.

Information sent wirelessly from your Product to the Service is stored in your User Account.

Information that you add manually to the Service is stored in your User Account.

We collect industry standard aggregate data, web server log data, internet protocol (IP) addresses, cookies, and web beacons. This includes information about the browser and operating system you are using, the address of the external or internal page that referred you, your IP address at the time of account creation and a log of the pages that you visit on the Services in association with your IP address. We also collect the IP address associated with the device running the mobile app each time you sync.

How we collect personal information

We collect personal information directly when you provide it to us via a subscription to our newsletter on our site, or when you order the iHeart device and then create a profile to use it, followed by your tests with the device. We also collect information when you enter a contest, fill out a survey, or send us communication.

How we use your personal information

We will use your personal information to:

To reach out to you with newsletters and special offers if you have signed up online To send you your results after your iHeart tests Carrying out technical analysis to determine how to improve the site and products we provide Managing relationships with you by responding to your comments or queries submitted to us on the website or asking for your feedback on whether you want to participate in a survey Training Staff on how best to serve our community For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation

When we disclose your information

We will disclose your information to the following recipients:

Our professional advisors (lawyers, accountants, executive advisors) which are located in Canada and the USA. Regulators and government authorities in connection with our compliance procedures and obligations A purchaser or prospective purchasers of all or part of our assets or our business and their professional advisers, in connection with the purchase A third party, in order to enforce or defend our rights, or to address financial or reputational risks A rights holder in relation to an allegation of intellectual property infringement or any other infringement Other recipients where we are authorised or required by law to do so.

We will not share, sell or rent your personal information in personally identifiable form with any third party, except if, and to the extent necessary, in our good faith judgment, doing so is required to: complete your purchase; comply with laws or regulations; respond to a valid subpoena, order, or government request; establish or exercise the Company’s legal rights or defend against legal claims; investigate, detect, surpress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or physical safety of any person; or as otherwise required by law.

We may remove personal identifiers from your information and maintain and use it in aggregate form that may later be combined with other information to generate anonymous, aggregated statistical information. Such anonymous, group data may be shared on an aggregated basis with our business partners, but we will not disclose your personally identifiable information unless we receive your express consent to do so.

Where we transfer or store your personal information

We are based in Canada but use Amazon servers for our data storage, your data will be stored in Oregon.

How we keep your personal information secure

We have SSL certificates in place for secure data transfer in and out of the server. The "physical" security of our servers is handled by Amazon (i.e. so no-one can break-in and take our server with them).

Third Party Products, Services, or Links

There are a number of separate products and services offered by third parties advertised by us through our Services. If you choose to use these separate products or services, disclose information to the providers, or grant them permission to collect information about you, then their use of your information is governed by their privacy policies. You should evaluate the practices of external service providers before deciding to use their services. The Company is not responsible for their privacy practices. If you click on a link to a third party site, you are strongly encouraged to check the privacy policy of that site. This Privacy Policy does not apply to such linked pages or other sites, and we are not responsible for the content or practices of any linked websites which are provided solely for your convenience.

Contests, Giveaways and Surveys

We may offer you the opportunity to participate in contests, giveaways and other promotions. Any information submitted in connection with such activities will be treated in accordance with this Privacy Policy, except as specifically set forth in the rules for those contests, giveaways or promotions. Any personal information provided to us in connection with any survey will be used only in relation to that survey and as elsewhere set forth in this Privacy Policy.

How you can access your personal information

You can access your personal information by logging into your iHeart app and reviewing your tests and notes. You also have the right to access other personal information we hold about you and request corrections of any errors in that data. You can also close the account you have with us at any time. To make an access or correction request, contact our support team at the address at the end of this policy.

Marketing choices regarding your personal information

Where we have consent to do so (eg. if you have subscribed to one of our email lists or have indicated that you are interested in receiving offers or other information from us) we send you marketing communication by email about products and services that we feel may be of interest to you. You can opt out of such communications if you would prefer not to receive them in the future by using the ‘unsubscribe’ facility provided in the communication itself.

Cookies and Web Analytics

When you visit our site there’s certain information that’s recorded which is generally anonymous information and does not reveal your identity. We’re talking about the following kinds of details:

Your IP address or proxy server IP address The domain name or keyword you requested The name of your internet services provider is sometimes captured depending on the configuration of the ISP connection The date and time of your visit to our website The length of your session The pages which you have accessed The number of times yu have come back to the page The file URL you look at and information relating to it The website which referred you to our site The operating system which your computer uses

Occasionally we will use third party advertising companies to serve ads based on prior visits to our sites. For example, if you visit our sites you may later see an ad for our products and services when you visit a different site.

Information about children

Our sites are not suitable for children under the age of 16 years, if you are under 16 we ask that you do not use our site or our products or give us your personal information. If you are under the age of 16 years you can browse the site but you’ll need the supervision of a parent or guardian to become a registered user.

Information you make public or give to others

If you make your personal information available to other people, we can’t control or accept responsibility for the way they will use or manage that data. There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum, share information via social media, or make contact with another user. Before making your information publicly available or giving your information to anyone else, think carefully. If you’re sharing information via another website, check the privacy policy for that site to understand its information management practices as this privacy policy won’t apply.

Data Security

We aim to provide you with a safe experience. We have in place certain physical, electronic, technological, and organizational safeguards to appropriately protect the security and privacy of your personal information against loss, theft, and unauthorized access, disclosure, copying use or modification. Please note, however, that while we try to create a secure and reliable Service for users, the confidentiality of any communication or material transmitted to or from the Services or via e-mail cannot be guaranteed.

We limit access to your personal information within the Company to individuals on a need-to-know basis.

Your personal information may be transferred, processed and retained on servers in countries outside of Canada, including the United States, and may therefore be subject to laws that do not offer the same degree of protection as Canadian law, although the Company will ensure that contractual protections, at least equal to its own standards, are put in place with those owning or managing servers located outside Canada. While we undertake to protect your personal information when it is transferred to other jurisdictions, the laws of other jurisdictions may require the disclosure of your personal information to governmental authorities under circumstances that are different than those that apply in Canada and are contemplated under this Privacy Policy.

Your Responsibility for Maintaining the Confidentiality of your Login ID and Password

You are responsible for maintaining the security of your login ID and password. If you believe that your login ID or password have been compromised you should immediately change your password and contact support. We are not responsible if someone else accesses your account through registration information they have obtained from you or through a violation by you of this Privacy Policy or the Terms of Use.

How long we keep your personal information

We retain your personal information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations. If you no longer want us to use your personal information or to provide you with services or updates please request that we delete your information and account. Any data that is deleted in-app is flagged as “deleted”/ Deleted data sits on the server and can’t be accessed by the app or the dashboard. If you would like your data fully erased that is something we can do for you, simply reach out at the email address at the bottom of this privacy policy.

When we need to update this privacy policy

We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices

When we do change the policy we’ll make sure to notify you about such changes when required. A copy of the latest version of this policy will always be available on this page.

How you can contact us

If you have any questions at all please contact support@goiheart.com with ‘Privacy Policy’ as the subject line and we’ll get right back to you.

If you’re a user or visitor in the European Economic Area these rights also apply to you:

For the purpose of applicable EU data protection law (Including the General Data Protection regulation 2016/679 (the “GDPR”, we are a ‘data controller’ of your personal information.

How you can access your information

You are also entitled to ask us to port your personal information (ie. to transfer in a structured, commonly used, and machine-readable format to you), to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and where we have asked for consent to process your data, to withdraw this consent as more fully described below.

These rights are limited in some situations - for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data if you withdraw consent.

Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or meet obligations placed on us. In all other cases, provision of requested information is optional.

If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; (iii) in which you consider the alleged infringement has occurred.

Both personal information and personal data have the same meaning in the context of this Privacy Policy.

If you have any questions or concerns please contact support@goiheart.com

VitalSines Privacy Policy v2, effective date May 25th, 2018.