Oopti BP Tracker
Home About Us Contact Privacy and Policy Terms of Service
Download app

Privacy Policy

Welcome to img BP+Sugar
At img BP+Sugar (“we,” “our,” or “us”), protecting your privacy and securing your personal information are our top priorities. This Privacy Policy (“Policy”) explains how we collect, use, disclose, and safeguard the information you provide when using our application (the “App”). By accessing or using the App, you acknowledge that you have read, understood, and consent to the practices described herein. If you do not agree with the terms of this Policy, please do not use the App.
We are committed to complying with all applicable privacy and data protection laws, including but not limited to:
  • The European Union’s General Data Protection Regulation (Regulation (EU) 2016/679) (“EU GDPR”)
  • The United Kingdom General Data Protection Regulation (“UK GDPR”)
  • The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA/CPRA”)
  • Where applicable, the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”)
(Collectively referred to as the “Data Protection Laws”).
In line with these obligations, we collect personal data strictly to the extent necessary to provide and improve our services.
Furthermore, we adhere to all relevant Apple App Store privacy and data handling requirements, including the App Store Review Guidelines, the App Tracking Transparency Framework (“ATT Framework”), and <>Privacy Nutrition Label disclosures. Our data collection and usage practices are transparent and fully aligned with Apple’s standards for user privacy.

Data Collection and Processing

img BP+Sugar collects and processes personal data ("Personal Data") that you voluntarily provide as a user of the App, data automatically collected during your use of the App, as well as information obtained from authorized third-party sources. All such data is processed in compliance with applicable Data Protection Laws.
The categories of Personal Data we may collect and process include, but are not limited to:

a) Personal Identifiers

  • Full name
  • Email address
These identifiers are used to create and manage user accounts, verify identity, personalize the user experience, and facilitate communication related to the App’s services.

b) Health and Wellness Information

  • Blood Pressure Readings, including systolic and diastolic values, along with corresponding date and time stamps
  • Blood Glucose Readings, including measured values, timestamps, and contextual information (e.g., fasting, post-meal, or random)
  • Logs, Trends, and Historical Records of Blood Pressure and Blood Glucose readings
  • Health Report History and Sharing Activity, including records of when and with whom health reports were shared
This information enables key features of the App, such as daily blood pressure and glucose logging, visualization of health trends through interactive graphs, and the ability to generate, download, and share health reports with healthcare professionals. Where required under applicable data protection laws, we will obtain your explicit consent prior to the collection or processing of such health-related data. This information is classified as sensitive data and processed in accordance with heightened security measures and appropriate safeguards to ensure its confidentiality and integrity.

c) Usage, Device, and Tracking Data

  • Features accessed and user interactions
  • Session timestamps, frequency, and duration
  • Navigation patterns within the App
  • Language preferences and display settings
  • Crash reports and technical diagnostics
  • Device type and model
  • Operating system name and version
  • IP address (where applicable)
  • Unique device identifiers (e.g., IDFA, UUID)
  • Cookies and software development kits (SDKs) used for analytics and performance monitoring
  • Behavioral analytics and user engagement metrics
This data is utilized to operate, secure, and improve the App by enhancing functionality, diagnosing and resolving technical issues, personalizing user experience, understanding user behavior, monitoring app integrity, preventing fraud, and ensuring compatibility and optimal performance. Where device identifiers are used for cross-app tracking or advertising purposes, we will seek your explicit opt-in consent in accordance with the ATT framework and applicable Data Protection Laws. You may manage or withdraw this consent at any time through the App’s settings or your device’s privacy controls.

How We Collect Personal Data and Legal Basis

We collect personal data through:
  • User Input: Information you directly provide during account creation, profile completion, fitness logging, or when contacting support.
  • Automated Tools: Data automatically collected using cookies, Software Development Kits (“SDKs”), analytics, and logging tools.
  • Third-Party Services: We may receive Personal Data from third-party tools or services (e.g., cloud storage, analytics platforms). Such Personal Data is collected in line with the applicable Data Protection Laws.

Legal Bases for Processing

  • Your explicit consent.
  • Fulfillment of a contract with you (e.g., account setup).
  • Compliance with legal obligations.
  • Our legitimate interest in maintaining and improving App functionality (where allowed by law).

Purposes of Processing

We process your personal data to support the following purposes:
  • To deliver and manage the core functionalities of the App, including blood pressure (BP) and blood glucose (BG) logging, visual analytics, and report generation.
  • To personalize your experience by analyzing individual health data and identifying relevant trends.
  • To send you important service communications and, where applicable, promotional content with your consent.
  • To evaluate and enhance the App’s performance, features, and overall user satisfaction.
  • To detect, prevent, and address misuse, fraud, or technical issues.
  • To fulfill our legal and contractual responsibilities.
  • To comply with the ATT Framework for cross-app tracking, based on your explicit opt-in consent.

No Collection of Certain Sensitive Data

We do not collect the following unless explicitly provided by you for a defined purpose:
  • Contact lists
  • Biometric identifiers (beyond voluntary health data input)
  • Financial account information
If such data is collected for support or feedback purposes, it is processed with the strictest safeguards and only in accordance with the relevant legal requirements and applicable Data Protection Laws.

Marketing Communications

With your explicit consent, we may send you marketing emails or push notifications containing information related to blood pressure, blood sugar, fitness, health, and wellness. We will require you to verify your email address before sending any marketing communications.

Sharing Your Data

We prioritize your privacy and only share your personal data when necessary, lawful, and under your control. Data sharing may occur in the following contexts:
  1. User-Initiated Sharing
    You may choose to export and share your data, such as health readings, with your selected healthcare providers. This process is entirely user-directed and remains under your control.
  2. Service Providers
    We may share your data with trusted third-party service providers who support the operation, maintenance, and improvement of our App. These providers are contractually bound to handle data in compliance with applicable Data Protection Laws and to use it solely for authorized purposes. Categories include:
    • Cloud hosting and storage services
    • Analytics and performance monitoring tools
    • Customer support and helpdesk platforms
    • Payment processors (where applicable)
    • Communication and email delivery systems
    • IT security and fraud prevention partners
  3. Legal Compliance
    We may disclose data to comply with applicable laws, regulations, or valid legal processes. Where legally permissible and practical, we will notify you of such requests and may challenge those that are overly broad or lack proper authority.
  4. Protection of Rights and Safety
    We may share information when necessary to protect the rights, safety, or property of users, our company, or others.
  5. With Your Consent
    We may share your information with third parties if you have provided explicit, informed consent.
We do not sell your personal data, nor do we share sensitive health information with advertisers or similar entities.

Marketing Communications

With your explicit consent, we may send you marketing emails or push notifications containing information related to blood pressure, blood sugar, fitness, health, and wellness. We will require you to verify your email address before sending any marketing communications.

Sharing Your Data

We prioritize your privacy and only share your personal data when necessary, lawful, and under your control. Data sharing may occur in the following contexts:

1) User-Initiated Sharing

You may choose to export and share your data, such as health readings, with your selected healthcare providers. This process is entirely user-directed and remains under your control.

2) Service Providers

We may share your data with trusted third-party service providers who support the operation, maintenance, and improvement of our App. These providers are contractually bound to handle data in compliance with applicable Data Protection Laws and to use it solely for authorized purposes. Categories include:
  • Cloud hosting and storage services
  • Analytics and performance monitoring tools
  • Customer support and helpdesk platforms
  • Payment processors (where applicable)
  • Communication and email delivery systems
  • IT security and fraud prevention partners

3) Legal Compliance

We may disclose data to comply with applicable laws, regulations, or valid legal processes. Where legally permissible and practical, we will notify you of such requests and may challenge those that are overly broad or lack proper authority.

4) Protection of Rights and Safety

We may share information when necessary to protect the rights, safety, or property of users, our company, or others.

5) With Your Consent

We may share your information with third parties if you have provided explicit, informed consent.
We do not sell your personal data, nor do we share sensitive health information with advertisers or similar entities.

Specific Data Sharing Integrations

a) Apple HealthKit (If Authorized by You)

  • You may choose to integrate with Apple HealthKit to import or export blood pressure and blood glucose data.
  • This integration is entirely optional and requires your explicit, opt-in consent.
  • You retain full control over which data is shared to or from Apple Health.
  • HealthKit data is securely stored on your device and accessed only when authorized.
  • We do not use HealthKit data for advertising, profiling, or data mining purposes.

b) Firebase by Google LLC

  • We use Firebase Analytics to monitor general app usage and user engagement trends.
  • Firebase Crashlytics helps us identify and resolve app crashes and performance issues.
  • No health data, such as blood pressure or glucose readings, is shared with Firebase.
  • Firebase may collect pseudonymized technical data (e.g., device model, OS version, screen views, and error logs).
  • All Firebase services are governed by Google’s Data Processing and Privacy Terms. We ensure that data transfers comply with applicable Data Protection Laws.

How Long We Store Data

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including providing you with access to the App and related services.
If you are a registered user, we retain your data for the duration of your account’s active status. Inactive accounts may be deleted after 24 months of inactivity unless legally required to retain the data. After account deactivation, deletion, or inactivity, we may continue to store certain data only if and for as long as:
  • It is required by applicable law (e.g., for tax, accounting, or legal compliance purposes).
  • It is needed to resolve disputes or enforce our agreements.
  • It is subject to mandatory retention periods.
  • You have provided consent for longer retention (e.g., for research or support purposes).
When Personal Data is no longer required for any legitimate business or legal purpose, we will securely delete or anonymize it in accordance with applicable Data Protection Laws.

Security Measures

We implement appropriate technical and organizational measures to safeguard your Personal Data against unauthorized access, disclosure, alteration, or destruction. These measures are designed to provide a level of security appropriate to the risk, taking into account the nature of the data we process, the potential impact of any breach, and current industry standards.
Our security practices include, but are not limited to:
  • Encryption of data in transit and at rest;
  • Access controls and role-based permissions to limit access to Personal Data;
  • Regular security audits, vulnerability assessments, and monitoring of our systems;
  • Secure development practices and regular updates to address security vulnerabilities;
  • Incident response procedures to manage and mitigate data breaches promptly.
For data subject to the EU GDPR and the UK GDPR, we comply with Article 32 obligations by ensuring confidentiality, integrity, availability, and resilience of processing systems and services.
For California residents, we uphold our obligations under the CCPA/CPRA by maintaining reasonable security procedures and practices appropriate to the nature of the Personal Information.
With respect to Protected Health Information (“PHI”) governed by HIPAA, we adhere to the HIPAA Security Rule and ensure that PHI is protected through administrative, physical, and technical safeguards. Business Associate Agreements are executed with all relevant service providers handling PHI on our behalf.
While we strive to protect your Personal Data using industry-standard security practices, please be aware that no method of transmission over the internet or method of electronic storage is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately.

Cross-Border Data Transfers

We may transfer and process your Personal Data in countries outside the United Kingdom (UK), the European Economic Area (EEA), and your country of residence, including the United States. These transfers may be necessary for the provision of our services, for data hosting, or to fulfill our contractual obligations.
Where Personal Data is transferred outside the UK or EEA:
  • We ensure that such transfers comply with applicable data protection laws, including the UK GDPR and EU GDPR.
  • Transfers are made to countries deemed to provide an adequate level of data protection by the UK Government or the European Commission; or
  • We implement appropriate safeguards, such as the International Data Transfer Agreement, the Addendum to the EU Standard Contractual Clauses, or other legally approved mechanisms.
For Personal Data subject to the CCPA/CPRA, we ensure that cross-border transfers are conducted in accordance with the CCPA/CPRA and any applicable regulations. We do not sell your personal information as defined under the CCPA/CPRA.
For data protected under the HIPAA, any transfer or sharing of Protected Health Information complies with HIPAA's Privacy and Security Rules, and Business Associate Agreements are executed where required.

Your Rights

We respect your rights over your personal data and are committed to complying with all applicable Data Protection Laws.
Depending on your jurisdiction and the nature of the data we process, you may have the following rights:
  • Right of Access: You have the right to request access to the personal data we hold about you and to obtain a copy of such data.
  • Right to Rectification: You may request the correction of inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): In certain circumstances, you may request that we delete your personal data, subject to legal or contractual obligations.
  • Right to Restrict Processing: You may request us to restrict the processing of your personal data in specific situations.
  • Right to Data Portability: Where legally applicable, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.
  • Right to Object: You have the right to object to the processing of your data for direct marketing, profiling, or where we are relying on legitimate interests as a legal basis.
  • Right to Withdraw Consent: Where processing is based on your consent (e.g., marketing communications or tracking personalized experiences), you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Right to Opt-Out of Sale or Sharing (for California residents): You may request that we do not “sell” or “share” your personal information as defined under the CCPA/CPRA.
  • Right to Limit Use of Sensitive Personal Information (California residents): Where applicable, you may request us to limit our use of your sensitive personal information to that necessary for providing the services.
  • HIPAA Privacy Rights (if applicable): If we process protected health information, you have specific rights under HIPAA, including the right to receive a Notice of Privacy Practices, request amendments to your health records, and obtain an accounting of disclosures.
  • ATT Framework Rights: Where tracking is involved (e.g., use of device identifiers across apps), we will seek your opt-in consent in accordance with ATT Framework. You can manage or revoke this consent via your device settings.
To exercise any of your rights, please contact us at support@optimalbyte.net. We may require you to verify your identity before processing certain requests. We will respond in accordance with the timelines and procedures required by applicable laws.

Children’s Privacy

Our App is not intended for use by individuals who are not of legal age to provide consent for the processing of their personal data under applicable data protection laws. Given that our services involve the collection and processing of sensitive health information, such as blood pressure and blood glucose readings, the App is designed exclusively for adult users.
We do not knowingly collect, use, or process personal data from individuals under the age of 13, or any higher age threshold that may apply under relevant local laws. The App is not directed toward children, and we do not offer services designed for or intended to be used by minors.
If we become aware that personal data has been inadvertently collected from a child, we will take prompt action to delete such data from our systems. If you believe that a child has provided us with personal data, please contact us at support@optimalbyte.net, and we will address the matter in accordance with applicable legal requirements.

Complaints and Contact Us

If you have any questions, concerns, or complaints about how we handle your personal data or this Privacy Policy, please contact us using the details below:
Contact Information:
support@optimalbyte.net
We take your privacy seriously and will respond to your inquiry promptly and in accordance with applicable Data Protection Laws.
If you are located in the European Economic Area (EEA), United Kingdom, or California, you also have the right to lodge a complaint with your local data protection authority:
  • EEA: Contact your national supervisory authority via the EDPB website.
  • UK: Information Commissioner’s Office (ICO) – www.ico.org.uk.
  • California: You may also contact the California Privacy Protection Agency via www.cppa.ca.gov.
  • HIPAA (if applicable): If you believe your rights under HIPAA have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr.
We encourage you to reach out to us first, and we will do our best to resolve your concern in a timely and fair manner.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. When we make material changes to this Policy, we will notify you by prominently posting an updated version within the app, updating the “Last Updated” date at the top of this page, and, where required by applicable law, obtaining your consent.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the app after any changes signifies your acceptance of the revised Privacy Policy.
If the changes materially affect the processing of Personal Data subject to the EU GDPR, the UK GDPR, CCPA/CPRA, or HIPAA, we will take additional steps as required under the relevant laws, including but not limited to providing advance notice and obtaining explicit consent where applicable.

Oopti BP + Sugar

For Support

support@optimalbyte.net

All rights reserved © 2025 Optimalbyte Limited