Privacy Policy

Effective: 2026-05-05

Template notice: this Privacy Policy is a starting point. Replace placeholders marked [FILL_IN_…] and have a licensed attorney review it. If you market to or store data of California, EU, or UK residents, additional disclosures (CCPA/CPRA, GDPR/UK-GDPR) may be required.

This Privacy Policy explains how [IGN PRO OF GA] ("we", "us", or "our") collects, uses, and discloses information about you when you use the GetBPTracker website at https://getbptracker.com and the related application (the "Service").

1. Information we collect

Information you provide

Account information: your name, email address, and password (hashed). If you sign in with Google, we receive your name, email, and Google identifier from Google.
Patient profiles: the names and demographic details (relationship, optional date of birth, sex, target ranges, doctor name) that you create to organize your readings.
Health-adjacent data: blood pressure readings, pulse, arm/position, and any notes you record. Medications you log (name, dose, dates) are also stored.
Support communications: messages you send to us via email or the contact form.

Information we collect automatically

Usage data: session tokens, login timestamps, IP address, user agent string, and high-level activity logs (e.g., "added a reading", "edited a patient") for security and product-improvement purposes.
Cookies: a small number of strictly-necessary cookies are used to keep you signed in and protect the Service from cross-site request forgery. We do not use third-party advertising cookies. See our Cookie Policy for details.

Information from third parties

Stripe (payment processor): if you upgrade to Pro, Stripe collects and processes your payment details. We never see your card number; we receive only a customer ID, subscription status, and the last 4 digits / brand of your card for receipts.
Google (sign-in provider): if you sign in with Google, Google shares your email, name, and a unique identifier with us, in accordance with the permissions you grant.

2. How we use information

We use the information we collect to:

Provide, operate, and maintain the Service.
Authenticate you, secure your account, and prevent abuse.
Render trends, averages, and PDF reports for you.
Process subscription payments through Stripe.
Send service-related emails (verification, password reset, billing receipts).
Respond to your support requests.
Analyze aggregate, de-identified usage to improve the product.
Comply with legal obligations and enforce our Terms.

3. How we share information

We do not sell your personal information or your health-adjacent data. We share information only:

With service providers who help us operate the Service (e.g., hosting, email delivery, Stripe for payments). These providers are bound by confidentiality and process data on our behalf.
With your consent, e.g., if you explicitly choose to export and share a PDF report.
For legal reasons, where we believe in good faith that disclosure is required to comply with a lawful request, protect our rights, or prevent fraud or harm.
In a corporate transaction, e.g., if we are acquired or merged. Any successor will be bound by this Policy or notify you of changes.

4. Data retention and deletion

We retain your account and readings for as long as your account is active. If you delete your account from settings or by emailing [email protected], we will delete your personal data and all associated readings within thirty (30) days, except for limited records we are required to retain (e.g., billing history for tax/audit purposes).

Inactive Free accounts with no logins for twenty-four (24) consecutive months may be deleted automatically; we will email you before doing so.

5. Security

We use technical and organizational measures designed to protect your information, including TLS encryption in transit, password hashing (bcrypt), and least-privilege database access. No system is perfectly secure; we cannot guarantee absolute security. If we become aware of a security incident affecting your data, we will notify you in accordance with applicable law.

6. Children's privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from children under 13 (or the equivalent age in your jurisdiction). If you believe a child has provided us with information, please contact [email protected] and we will delete it.

7. International users

The Service is operated from the United States and your information will be processed there. If you access the Service from outside the U.S., you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country.

8. Your rights

Depending on where you live, you may have rights regarding your personal information, including:

The right to access, correct, or delete your data.
The right to object to or restrict certain processing.
The right to data portability (export your readings).
The right to withdraw consent where we rely on consent for processing.

You can exercise most of these rights from your account settings, or by emailing [email protected]. We will respond within the time period required by applicable law.

Note for California residents

The CCPA/CPRA may grant additional rights, including the right to know what personal information we collect, the right to delete, the right to correct, and the right to opt out of sale or sharing. We do not sell or share your information for cross-context behavioral advertising.

Note for EU/UK residents

If you are in the EU or UK, the legal bases for our processing are: performance of a contract (operating the Service for you), legitimate interests (security, product improvement), consent (where required), and legal obligation (tax, accounting). You may lodge a complaint with your local supervisory authority.

9. HIPAA

The U.S. Health Insurance Portability and Accountability Act ("HIPAA") applies to "covered entities" — generally, healthcare providers, health plans, and healthcare clearinghouses — and their business associates. GetBPTracker is a personal logging tool used by individuals, not a covered entity, so HIPAA does not apply to your use of the Service. We nevertheless treat your readings with care, as described elsewhere in this Policy.

10. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date. For material changes, we will notify you by email or in-app notice.

11. Contact

Questions about this Privacy Policy can be sent to [email protected] or by mail to [IGN PRO OF GA], P.O. Box 1758, Blairsville, GA 30514.