Privacy Policy for Cambrean : Jan 2024

At Cambrean, we are committed to protecting your privacy and the security of your personal data. This privacy policy explains how we collect, use, and protect your data.


  1. Data Collection and Use : We collect data from your wearable device, including but not limited to heart rate, sleep patterns, and physical activity. We use this data to provide insights that can help you improve your health and wellness. We do not sell your data with any third party.

Currently. we are using Vital to help us centralize your wearable data. See section 7c for more information. **** 2. Purpose of Data Collection :

Managing our Services, including your registration and account.

- Providing products and services which could include fulfilling your requests for products   or services or processing purchases or other transactions.
- Responding to your comments, questions, and requests, and provide customer service.
- Sending you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- Verifying your identity or determining your eligibility for some of our products, services and promotions. For example, this may include verifying your age, date of birth and state of residence. If you apply for a job through our Site, we may use the Personal Information you provide to evaluate your application.
- Monitoring and analyzing trends, usage, and activities.
- Conducting our own, internal research
- Improving our Site or other Cambrean websites, applications, marketing efforts, products and services.
- Sending you advertisements and communicating with you regarding our and third-party products, services, offers, promotions, rewards and events we think you may be interested in or for information about how to manage these communications and marketing efforts.
- Preventing and addressing fraud, breaches of Terms of Service, and threats or harm.
- Carrying out our obligations and enforcing our rights arising from contracts entered with you, including for billing and collection.
- Responding to law enforcement requests, court orders, and subpoenas in order carry out our legal and contractual obligations.
- Preventing potentially prohibited or illegal activities and otherwise in accordance with our Terms of Service.
- Fulfilling any other purpose disclosed at the time you provide Personal Information. We will not use your Personal Information for purposes that are materially different, unrelated or incompatible with this Privacy Policy without providing you with prior notice.
  1. Types of Data Collected :

    When you register, use our Services, subscribe to our alerts, or contact us directly, we may collect the following types of information :

  2. User controls & Data Deletion :

    1. If you choose to disconnect your wearable device or delete your account, we will delete all of your personal data from our database. We will retain your data (email, sign up information) only for as long as necessary to provide you with our services or as required by law.
    2. If you have any questions or concerns when looking to delete all of your information from Cambrean, email us at [email protected]
  3. Safety Procedures :

    1. We implement safety procedures, such as SSO and Google Auth login, to ensure that only authorized individuals have access to your data.
  4. Data Encryption :

    1. We are currently implementing Evervault to encrypt all data entering our database. This means that all data we store is anonymous and encrypted, ensuring that your personal data is protected at all times.
  5. Third-Party Services :

    1. We take reasonable measures to protect information including from loss, unauthorized access, theft, misuse, or unauthorized disclosures. Notwithstanding the foregoing, no data storage system or transmission of data over the internet or any other public network can be 100% guaranteed to be secure. We are not responsible for the security of information collected by third parties.
    2. In saying that, from a security standpoint, we are using the safest tools available. These include Vercel, Stripe, Supabase, Evervault & Vital
    3. We use Vital as an API to help us pull health data from your providers into Cambrean. Vital are HIPAA & GDPR compliant, where all data stored by Vital is anonymous and encrypted by default. If you are deleting your data from Cambrean and you want all of your data deleted from Vital as well, please contact us ([email protected]) ; Read more about their Privacy policy here
  6. Information automatically collected :

    1. When you use our Site, we may collect certain information automatically, such as your internet protocol (IP) address, advertising identifiers, browser information, operating system, internet service provider, pages visited before and after using our Site, the date and time of your visit, the links you click and pages viewed within our Site, and other standard server log information. We may also collect certain location information when you use our Site such as GPS information from your mobile device, or information about nearby Wi-Fi access points and cell towers.
  7. GDPR

    If you are a resident of the European Union and European Economic Area (EEA), you have certain data protection rights, covered by GDPR – see more at https://eur-lex.europa.eu/eli/reg/2016/679/oj. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please email us at [email protected]

    In certain circumstances, you have the following data protection rights :

    Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide the Services without some necessary data. You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA.

  8. Residents of California & Nevada

    1. California residents have privacy rights Under the California Consumer Privacy Act of 2018 (CCPA). These rights apply to California residents and are in addition to the rights stated in this Privacy Policy. The CCPA does not apply to information or covered entities regulated by the applicable health information laws.
    2. We do not sell your Personal Information, and only use and disclose your Personal Information as stated in this Privacy Policy.
    3. You have the right to request details about the information covered under the CCPA that we collect and disclose about you within the prior 12 months. You may also request that we delete your Personal Information. These rights are subject to the exceptions and limitations pursuant to the CCPA. You may email us at [email protected] to submit a deletion request with detail sufficient allows us to process your request. You may submit up to two requests in a 12-month period. By exercising your rights, you will not be subject to denial of services, increased fees, or otherwise treated differently.
    4. Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. To submit such a request, please contact us at [email protected] with the subject line "Nevada opt-out.”
  9. Changes to our Privacy Policy

    1. We may update our Privacy Policy periodically to reflect changes in our privacy practices, laws, and best practices. We will post any changes we make to our Privacy Policy on this page. The date this Privacy Policy was last revised is identified at the top of the page. We recommend that you review the Privacy Policy each time you visit our Site to stay informed of our privacy practices.

f you have any questions about our privacy policy, please contact us at [email protected]