Last Updated:
This Data Usage & Consent Policy ("Policy") explains how Synheart ("we," "our," "us") collects, processes, and uses biosignals, behavioral data, device interactions, and other information within the Synheart ecosystem. This Policy applies to all Synheart products, including Synheart Wear, Synheart Behavioral SDK, Syni, Synheart Focus & Emotion, Synheart Cloud, and all related services ("Services").
This Policy works together with our Privacy Policy and Terms of Service.
By using Synheart or granting permissions inside any Synheart app or SDK, you agree to the data practices described here.
Synheart collects three data categories:
Depending on your device and app settings, this may include:
Heart rate (HR)
Heart rate variability (HRV)
PPG-derived features
Respiratory rate
Sleep stages and duration
Activity and movement
Accelerometer and motion signals
Skin temperature (if supported by device)
Cognitive and emotional state features derived from the above
Raw biosignal data remains on your device unless you explicitly consent to cloud processing.
Collected only if you enable the Synheart Behavioral SDK.
We may collect:
Keystroke timing (cadence only, NOT content)
Scrolling speed and gesture dynamics
Typing bursts and idle gaps
App interaction sequences
Device orientation and motion
Focus patterns and task-switching frequency
We never collect:
Message content
Typed text
Screen captures
Personal content
Behavioral signals are anonymized or pseudonymized whenever possible.
This includes:
Device type and OS
IP address (security only)
SDK version
Error logs
App performance data
This data helps maintain and improve service functionality.
We use collected data for the following purposes:
Data is processed to create insights such as:
Emotional state indicators
Focus estimation
Cognitive load inference
Flow state detection
Stress and calmness levels
Readiness and recovery signals
These outputs are informational and not medical.
Including:
Account creation
Wearable syncing
HSI (Human State Interface) fusion
Model inference
Data visualization in your dashboard
Developer app integrations
If you opt in:
Data may be used to improve Synheart algorithms
Data may be included in anonymized datasets
Data may be used to tune predictive models
If you opt out: Your data is used only for your real-time experience and not for training.
We follow a multi-layered consent model to ensure clarity and control.
Explicit consent is required for:
Uploading raw biosignals to Synheart Cloud
Enabling Behavioral SDK data collection
Enabling Syni Cloud LLM inference
Connecting third-party wearables
Allowing data for model improvement
Syncing data across devices
You can always withdraw consent in settings.
Implied consent covers:
Basic app functionality
Device metadata
Crash logs
Authentication events
Without this, the app cannot operate.
If you use Synheart SDKs in your own app, YOU MUST:
Obtain end-user consent before collecting data
Disclose what data your app sends to Synheart
Allow users to revoke consent
Delete user data upon request
Not store sensitive signals beyond what is necessary
We reserve the right to suspend API keys for misuse.
Raw biosignal data stays on-device by default.
Only derived metrics (focus, HRV score, emotion, embeddings) leave the device unless you consent.
When cloud upload is allowed, data is encrypted in transit and at rest.
You can opt out at any time.
Raw data includes:
High-resolution HRV windows
PPG samples
Accelerometer streams
Behavioral timing sequences
We do not share raw data with third parties unless required by law and with user consent.
Retention varies by type:
Default Retention
On-device only
30–90 days for rolling models
Until account deletion
While account is active
Limited, encrypted
You may request deletion at any time.
We only share data in the following cases:
Examples:
Syncing wearables
Connecting third-party apps
Allowing Syni to perform cloud inference
Synheart uses providers strictly for:
Secure cloud hosting (e.g., AWS)
Error monitoring
Payment processing
All providers are bound by strict data protection agreements.
We may disclose data if legally required, with proper documentation.
We do not sell user data. We do not share biosignals or behavioral signals for advertising.
Depending on your region (GDPR, CCPA, PIPEDA), you have the right to:
Access your data
Request deletion
Withdraw consent
Correct inaccuracies
Export your data
Object to certain processing
Requests can be made anytime at legal@synheart.ai.
We use industry-standard security including:
On-device processing for sensitive signals
End-to-end encryption for biosignals
Pseudonymization and minimization
Strict access controls
Regular audits
Zero-trust infrastructure practices
Synheart is not intended for children under 16.
We do not knowingly process children's physiological or behavioral data.
If you have questions about this Policy or want to exercise your rights:
If you have questions about this Policy or want to exercise your rights:
Synheart AI Inc.
Email: legal@synheart.ai
