Background

privacyPolicy

Privacy Policy (GDPR-Compliant)
for HeartWhisperer AI

Effective Date: 20 November 2025

Data Controller: MarcinLocum Ltd., United Kingdom

Contact: heartwhispererai@gmail.com

1. Introduction

This Privacy Policy explains how MarcinLocum Ltd. processes your personal data when you use HeartWhisperer AI. We process information in accordance with the UK GDPR, EU GDPR, the Data Protection Act 2018, and all applicable data protection laws. We are committed to handling your data lawfully, transparently, and securely.

2. Data Controller

The data controller responsible for determining the purposes and means of processing your personal data is:
MarcinLocum Ltd.
United Kingdom
Email: heartwhispererai@gmail.com

3. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee privacy matters.
DPO: Marcin Kowalski
Email: heartwhispererai@gmail.com
You may contact the DPO regarding any privacy-related questions or requests.

4. Data We Collect

We may collect the following categories of data when you use HeartWhisperer AI:

  • 4.1 Personal Identification Data
    • Name
    • Email address
      Collected during Google authentication or email sign-in.
  • 4.2 Communication Content
    • Messages and entries created within communication rooms
      These are stored solely to provide the service’s core functionality.
  • 4.3 Technical Data
    • IP address
    • Device information
    • Browser type and version
    • Operating system
    • Time zone
    • Usage logs and interactions with the app
  • 4.4 Payment-Related Data
    • Processed by Stripe for transactions.
      We do not store credit card details.
  • 4.5 Cookies (if applicable)
    • If the app uses cookies (e.g., for authentication or analytics), they may be stored on your device.
      Essential cookies are required for core functionality.
      Non-essential cookies are used only with user consent.

We do not intentionally collect special categories of personal data. Users are encouraged not to submit sensitive personal identifiers.

5. Legal Basis for Processing

We process personal data under the following legal grounds:

  • 5.1 Performance of a Contract: To provide access to the application and its features.
  • 5.2 Consent: For optional features where explicit consent is required.
  • 5.3 Legitimate Interests: For analytics, app improvement, ensuring security, and preventing misuse, provided your rights are not overridden.
  • 5.4 Legal Obligations: To comply with financial, tax, regulatory, or law-enforcement requirements.

6. How We Use Your Data

We may use your data to:

  • Operate and maintain the application
  • Authenticate and manage user accounts
  • Store communication content
  • Improve app functionality
  • Provide customer support
  • Send service-related updates
  • Process payments securely via Stripe
  • Monitor security, prevent fraud, and prevent unauthorised access

We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects.

7. Data Sharing and Third Parties

We only share data when necessary to operate the app or comply with the law.

  • 7.1 Third-Party Processors
    • Firebase (Google): hosting, authentication, database storage
    • OpenAI: processing communication content; data may be processed in the United States under Standard Contractual Clauses (SCCs)
    • Stripe: payment processing, fraud prevention, financial compliance
    All processors operate under GDPR-compliant terms and data processing agreements.
  • 7.2 Legal Requirements: Data may be shared with government authorities or law-enforcement agencies when legally required.
  • We do not sell, rent, or trade personal data.

8. International Data Transfers

Some data may be transferred outside the UK or EEA.
Such transfers are protected by: UK adequacy decisions, EU adequacy decisions, Standard Contractual Clauses (SCCs), and additional technical and organisational safeguards.
Your data remains protected to GDPR standards regardless of location.

9. Data Retention

We retain personal data only as long as necessary to:

  • Provide the service
  • Maintain security
  • Meet legal and regulatory obligations
  • Resolve disputes
  • Enforce agreements

Communication content is retained until the user deletes their account or requests deletion.
You may request deletion of your data at any time by contacting us.

10. Your Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict processing
  • Object to certain processing
  • Request data portability
  • Withdraw consent (where consent was the basis)
  • Avoid solely automated decision-making

To exercise your rights, contact: heartwhispererai@gmail.com

Right to Complain

You may lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local EU supervisory authority if you reside in the EEA.

11. Security Measures

We apply appropriate technical and organisational measures, including:

  • Encrypted communication
  • Secure hosting infrastructure
  • Role-based permissions
  • Access controls
  • Audit logs
  • Regular security assessments

While no system is completely secure, we take all reasonable steps to protect your information.

12. Children’s Privacy

HeartWhisperer AI is not intended for users under 16 years old unless parental consent is provided where applicable.
We do not knowingly collect data from children without proper consent.

13. Changes to This Privacy Policy

We may update this policy from time to time.
Any updates will be posted on this page with a new Effective Date.
Continued use of the app after updates indicates acceptance of the revised policy.

14. Contact Information

For privacy matters or to exercise your data rights, contact:
MarcinLocum Ltd.
Email: heartwhispererai@gmail.com