Who We Are
ControlHF, Inc. ("ControlHF," "we," "us," or "our") is a digital health company headquartered in San Francisco, California. We operate a remote patient monitoring platform โ including a mobile application, web portal, and clinical dashboard โ designed specifically for people living with heart failure and the providers who care for them.
This Privacy Policy applies to all ControlHF services: the ControlHF mobile app, the web application at app.controlhf.com, the clinician portal at care.controlhf.com, and this marketing website at controlhf.com (collectively, the "Services").
Plain-language summary: We build software for heart failure monitoring. This policy covers everything we do with your data across every ControlHF product you touch.
What We Collect
We only collect what we need to deliver safe, effective monitoring care. Here is a complete picture of what that includes:
Information you give us directly
- Account information: Name, email address, date of birth, phone number, and password when you create an account.
- Health profile: Heart failure diagnosis type, NYHA class, ejection fraction, comorbidities, current medications, and allergies โ entered by you or imported from your EHR.
- Daily check-in responses: Symptom scores, mood ratings, and free-text notes you submit each day.
- Care team details: Names and contact information for your cardiologist, care manager, and any caregivers you invite to your account.
Information collected automatically from devices
- Biometric readings: Daily body weight, blood pressure (systolic & diastolic), resting heart rate, and oxygen saturation from connected devices via Bluetooth or HealthKit/Google Health.
- Activity data: Step count, floors climbed, and sleep duration from paired wearables โ used to provide context around physical trends.
- Device metadata: Device model, operating system version, and app version โ used for technical troubleshooting only.
Information from third parties
- EHR data: With your explicit consent, we pull structured clinical data from your health record via FHIR R4 APIs (Epic MyChart, Cerner, Meditech). This includes diagnosis codes, medication lists, lab results, and visit summaries.
- Insurance eligibility: With your consent and your provider's request, we confirm RPM billing eligibility via your payer's API. No claims data is stored by ControlHF.
What we do NOT collect: Social Security numbers, credit card numbers, genetic data, precise GPS location, contacts lists, or any data unrelated to your cardiac health management.
How We Use Your Data
We use your data for one primary purpose: to help you and your care team catch warning signs early and keep you out of the hospital. Everything else is secondary and limited.
| Purpose | Data used | Legal basis |
|---|---|---|
| Deliver daily monitoring & alerts | Biometrics, check-in responses, thresholds | Contract performance / Treatment (HIPAA) |
| Notify your care team of clinical changes | Biometrics, symptoms, risk scores | Treatment (HIPAA) |
| Generate RPM billing documentation | Time logs, device sync records | Healthcare operations (HIPAA) |
| Improve alert algorithms | De-identified, aggregated biometrics | Legitimate interest / Research authorization |
| Provide customer support | Account info, in-app messages | Contract performance |
| Send product notifications | Email, push โ your preferences control this | Consent (opt-out available) |
| Comply with legal obligations | As required by law | Legal obligation |
We do not sell your data. We do not use your health data to serve you advertisements. We do not build marketing profiles from your clinical information.
Who Sees Your Data
We share your information only in the following limited circumstances. We are never a data broker.
Your care team
Your assigned cardiologist, care manager, and any clinicians you authorize through the app can see your monitoring data through the ControlHF care portal. You control who is on your care team via Settings โ Care Team.
Caregivers you invite
If you invite a family member or caregiver, they receive a limited view โ daily check-in status and alert notifications โ but cannot see full biometric history unless you explicitly grant expanded access.
Service providers (sub-processors)
- Amazon Web Services (AWS): Cloud infrastructure โ all data stored in US-East regions, encrypted at rest and in transit.
- Twilio: SMS alerts and push notifications. Message content only; no storage of health data.
- Stripe: Payment processing for direct-to-consumer plans. No health data shared.
- Datadog: Infrastructure monitoring. Access is limited to anonymized performance logs.
All sub-processors sign Data Processing Agreements and, where applicable, Business Associate Agreements (BAAs) under HIPAA.
Legal requirements
We may disclose information when required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
We will never sell your health data. Not to insurers. Not to pharmaceutical companies. Not to data brokers. Not to advertisers. This is a foundational business commitment, not just a legal statement.
HIPAA & Health Data
ControlHF is a HIPAA-covered Business Associate when operating in the context of your healthcare provider's treatment relationship with you. In those cases, your Protected Health Information (PHI) is handled in accordance with HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule.
Your HIPAA rights
- Right to access: You can request a copy of your PHI held by ControlHF at any time.
- Right to amendment: You can request corrections to inaccurate PHI in your record.
- Right to accounting of disclosures: You can request a list of all disclosures of your PHI in the past six years.
- Right to restrict: You can request that certain PHI not be shared with specific parties (subject to limitations).
- Right to a Notice of Privacy Practices: Available in full at controlhf.com/hipaa-npp.
When ControlHF is used as a direct-to-consumer tool (not through a healthcare provider), the health data you enter is governed by this Privacy Policy and applicable state health privacy laws, not HIPAA. However, we apply HIPAA-equivalent protections to all health data regardless of context.
HITRUST CSF Certified. Our platform undergoes annual HITRUST certification โ the gold standard for healthcare information security. Certification documents are available upon request for enterprise customers.
Data Retention
We retain your data for as long as your account is active and for a defined period afterward to meet clinical documentation and legal requirements.
| Data Type | Retention Period |
|---|---|
| Biometric readings & check-ins | 7 years after account closure (clinical recordkeeping standard) |
| Account & profile information | 3 years after account closure or as required by law |
| Care team communications | 7 years after last message (medical record standard) |
| Support tickets & chat logs | 2 years after ticket closure |
| Usage & performance logs | 90 days (rolling) |
| De-identified research data | Indefinite (no longer re-identifiable) |
After the retention period expires, data is either permanently deleted or de-identified through our automated data lifecycle management system. You can request early deletion (see Your Rights below), subject to our legal and clinical documentation obligations.
Cookies & Tracking
We use cookies and similar technologies on our marketing website (controlhf.com) only. The patient app and care portal do not use third-party advertising cookies.
Cookie categories we use
- Strictly necessary: Session authentication, CSRF protection, load balancing. Cannot be disabled.
- Functional: Remembering your language preference, cookie consent choice, and theme setting.
- Analytics: Aggregate, anonymized page-view data via Plausible Analytics โ a privacy-first tool that does not use cookies or fingerprinting. No personal identifiers collected.
- Marketing (marketing site only): LinkedIn Insight Tag and Google Ads conversion tracking โ only on controlhf.com, not in the app. You can opt out via your browser or the cookie banner.
We do not use cross-site tracking, behavioral advertising, or retargeting within the patient-facing app or care portal under any circumstances.
Your Rights
Regardless of where you live, we extend the following rights to every ControlHF user. Residents of California (CCPA/CPRA), the European Economic Area (GDPR), and other jurisdictions with specific privacy laws have additional rights noted below.
- Right to know: Request a summary of what personal data we hold about you and how we use it.
- Right to access: Download a complete copy of your data in machine-readable format (JSON or PDF) via Settings โ Privacy & Data โ Export My Data.
- Right to correct: Update or correct inaccurate information through the app or by contacting us.
- Right to delete: Request deletion of your account and personal data, subject to our legal and clinical documentation retention obligations.
- Right to restrict processing: Ask us to limit how we use your data while a correction or objection is being reviewed.
- Right to portability: Receive your data in a structured, machine-readable format to transfer to another service.
- Right to opt out of research: Withdraw consent for your de-identified data to be used in algorithm development at any time via Settings โ Privacy.
- Right to non-discrimination: Exercising any privacy right will not result in degraded service, higher prices, or restricted access to monitoring features.
To exercise any right, use the self-service tools in Settings โ Privacy & Data, or email privacy@controlhf.com. We will respond within 30 days (45 days for complex requests, with notice).
Children's Privacy
ControlHF is designed for adults aged 18 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@controlhf.com and we will delete the information promptly.
For users aged 13โ17 who use ControlHF under the supervision of a parent or legal guardian (for example, in rare pediatric cardiomyopathy cases), a parent or guardian must create and manage the account, provide consent, and be designated as an authorized caregiver. We will not knowingly collect data from minors without verified parental consent.
International Transfers
ControlHF stores and processes all patient health data in the United States, in AWS us-east-1 (Northern Virginia) and us-east-2 (Ohio) regions. We do not transfer PHI outside the United States.
If you access ControlHF from outside the United States โ for example, if a U.S. citizen uses the app while traveling โ your data will still be stored in the U.S. By using our Services from outside the U.S., you acknowledge that your data will be transferred to and processed in the United States, which may have different data protection standards than your home country.
For enterprise deployments with international health systems, data localization can be arranged by contract. Please contact our enterprise team at enterprise@controlhf.com.
Security
Protecting health data is not just a legal obligation for us โ it is a core product requirement. We apply defense-in-depth security across every layer of our platform.
- Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2 or higher. We enforce HSTS and certificate pinning in the mobile app.
- Encryption at rest: All databases and file storage are encrypted using AES-256. Encryption keys are managed via AWS KMS with automatic quarterly rotation.
- Access controls: Role-based access control (RBAC) with principle of least privilege. Clinician portal access requires multi-factor authentication and is scoped to their assigned patients only.
- Penetration testing: Annual third-party penetration tests by a CREST-accredited firm. Results reviewed by our security team and remediated within SLA.
- Vulnerability management: Continuous dependency scanning (Snyk) and SAST/DAST pipelines in CI/CD. Critical vulnerabilities patched within 24 hours.
- SOC 2 Type II: Independently audited annually for Security, Availability, Confidentiality, and Privacy trust service criteria.
- Breach notification: In the event of a data breach involving PHI, we will notify affected individuals and the HHS Office for Civil Rights within 60 days as required by HIPAA's Breach Notification Rule.
To report a security vulnerability, please email security@controlhf.com. We operate a responsible disclosure program and respond to all valid reports within 48 hours.
Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send an in-app notification and email to all active users at least 30 days before any material change takes effect.
- For changes that significantly expand our use of health data, request fresh consent before the new terms apply.
- Archive all previous versions of this policy at controlhf.com/privacy/archive so you can review what changed and when.
Your continued use of ControlHF after the effective date of a revised policy constitutes acceptance of the new terms. If you do not agree, you may close your account at any time via Settings โ Danger Zone.
Contact Us
If you have questions about this policy, want to exercise a privacy right, or need to report a concern, please reach out. We take every inquiry seriously and respond within 2 business days.
ControlHF Privacy Team
We have a dedicated privacy team โ not a form that routes to a legal inbox. Real people who know the product read every message.
Email: privacy@controlhf.com
Security: security@controlhf.com
Enterprise & Compliance: enterprise@controlhf.com
ControlHF, Inc. ยท 1 Market Street, Suite 300 ยท San Francisco, CA 94105
Chief Privacy Officer: Available upon request for HIPAA matters.