Version: 1.4
Last Updated: November 29, 2025
Your Privacy is Our Priority
POTS Check is designed with privacy-first principles. Your health data belongs to you, and you have complete control over how it's stored, used, and shared.
1. Introduction
This Privacy Policy describes how POTS Check ("the App," "we," "us," or "our"), developed by Cascade Agentic Labs LLC, collects, uses, stores, and protects your personal information and health data.
Key Points:
- We never sell your health data to third parties
- All data is encrypted at rest on your device
- All data remains on your local device (no cloud storage)
- You have full control over data export and deletion
- We comply with Apple's HealthKit privacy requirements
- Secure Account is completely free
2. Information We Collect
2.1 Health Data
POTS Check collects the following health information to provide wellness tracking functionality:
| Data Type | Source | Purpose |
|---|---|---|
| Heart Rate | Apple Watch via HealthKit | Measure orthostatic heart rate response |
| Blood Pressure | Manual entry by user | Track BP changes during standing |
| Age (Month/Year) | User input | Apply age-appropriate thresholds |
| Symptom Notes | Optional user input | Track symptoms during test |
| Posture Data | iPhone Core Motion | Validate standing posture |
| Health Profile | Optional Apple Health import | Baseline vitals context |
Important Notes:
- We do NOT collect full date of birth—only month and year
- We do NOT track your location during tests
- We do NOT require name, email, or other identifying information
- Health Profile import is entirely optional (Secure Account only)
2.2 Technical Data
We collect minimal technical data necessary for app functionality:
- Device Model: iPhone/Apple Watch model for UI optimization
- OS Version: iOS/watchOS version for compatibility
- App Version: POTS Check version for troubleshooting
We do NOT collect:
- Device identifiers (UDID, advertising ID)
- IP addresses or network information
- Biometric data beyond heart rate
2.3 Anonymous Usage Analytics
To improve app experience, we collect anonymous usage analytics via TelemetryDeck, a privacy-first analytics service:
What We Collect:
- App usage events (test starts/completions, feature usage)
- Technical context (app version, device model)
- Error events for troubleshooting
- Anonymous user ID (random UUID, not tied to Apple ID)
What We Do NOT Collect:
- No PII: Names, emails, phone numbers, addresses
- No Health Data: Heart rates, BP values, test results
- No Location: IP addresses, GPS coordinates
- No Identifiers: Device serial numbers, advertising IDs
Analytics are disabled by default. You can opt in during onboarding or change this setting anytime in Settings.
3. How We Use Your Information
3.1 Primary Uses
- Test Analysis: Calculate heart rate changes and identify POTS-consistent patterns
- Results Display: Generate test summaries and posture quality scores
- Historical Tracking: Enable trend analysis across multiple tests (Secure Account only)
- Data Export: Generate PDF reports for sharing with healthcare providers
3.2 Prohibited Uses
We will NEVER use your health data for:
- Advertising or marketing purposes
- Sale to third-party data brokers
- Training machine learning models
- Sharing with insurance companies, employers, or government agencies
4. Data Storage and Security
4.1 Two-Tier Architecture
Guest Mode (Free)
- Storage: In-memory only (RAM) during active session
- Persistence: None—data deleted when app closes or new test starts
- Limit: Single test only
- Export: PDF with "Guest Mode" watermark
Secure Account Mode (Free)
- Storage: Local encrypted storage on device
- Persistence: Unlimited test history stored locally
- Encryption: AES-256-GCM authenticated encryption at rest
- Health Profile: Optional import of baseline vitals from Apple Health
- Backup: Local device only; cloud sync planned for future versions
4.2 Encryption Details
- Algorithm: AES-256-GCM (AEAD)
- Key Storage: iOS Keychain with device-only access
- File Protection: iOS Data Protection (hardware-backed)
4.3 Data Residency
- All data remains on your local device
- No cloud upload or synchronization
- No server-side processing or storage
- Export is manual and user-initiated only
5. Data Sharing and Third Parties
5.1 No Sale of Health Data
We will NEVER sell your health data to third parties. Your health information is not a commodity.
5.2 User-Initiated Sharing Only
The ONLY way your health data leaves your device is if YOU explicitly choose to:
- Export PDF: Generate a PDF report and share it with your healthcare provider
- Export Data: Export your data for backup or transfer
6. Your Privacy Rights
You Have the Right To:
- Access Your Data: View all test results and health data stored by the app
- Export Your Data: Download your complete test history as PDF
- Delete Your Data: Remove individual tests or delete all data at once
- Revoke HealthKit Access: Disable heart rate monitoring via iOS Settings
- Opt Out of Analytics: Disable anonymous usage tracking via in-app Settings
6.1 How to Exercise Your Rights
- Access Data: Open Settings → View Test History
- Export Data: Settings → Export → Choose format
- Delete Data: Settings → Delete All Data (requires confirmation)
- Revoke HealthKit: iOS Settings → Privacy → Health → POTS Check
7. Children's Privacy (COPPA Compliance)
- Minimum Age: 13 years old
- Under 13: App cannot be used (blocked by age gate)
- Ages 13-17: Parental consent required
We do not knowingly collect health information from children under 13.
8. International Users
8.1 GDPR Rights (EU Users)
European Union users have additional rights under GDPR:
- Right to data portability
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to lodge a complaint with supervisory authority
8.2 CCPA Rights (California Users)
California residents have rights under CCPA:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt out of sale of personal information (we never sell your data)
- Right to non-discrimination for exercising privacy rights
9. HealthKit Data Policy
In compliance with Apple's HealthKit policies:
- HealthKit data is used solely for app functionality
- HealthKit data is NOT used for advertising or marketing
- HealthKit data is NOT shared with third parties
- HealthKit data is NOT sold or disclosed for profit
HealthKit Permissions
Required (All Users):
- Heart Rate (READ) — Required for test execution
- Workout Sessions (WRITE) — Required for continuous monitoring
Optional (Secure Account — Health Profile):
- Blood Pressure, Heart Rate Variability, Resting Heart Rate, Walking Heart Rate, Respiratory Rate
You can revoke permissions anytime: iOS Settings → Privacy → Health → POTS Check
10. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in app functionality or legal requirements. We will notify you of significant changes via in-app notification.
11. Contact Information
Questions About Privacy?
For privacy-related inquiries, data access requests, or concerns, contact us at:
Privacy Officer
Cascade Agentic Labs LLC
Email: privacy@cascadeagenticlabs.com
Response Time: We will respond within 30 days.
POTS Check Privacy Policy v1.4
Effective: November 20, 2025 | Last Updated: November 29, 2025
© 2025 Cascade Agentic Labs LLC. All rights reserved.