PRIVACY POLICY FOR CIRCUBLLOOD APP

Last Updated: [Date]

1. Strict Data Boundaries

• Google Analytics Use:
  • Tracks *only* metadata (e.g., screen views, session length) via **GA4’s anonymous mode** (no User-ID, no cross-app tracking).
  • Explicitly **excludes**: GPS, device IDs, pulse data, or any user-generated health inputs.
• HIPAA Exemption:
  • No collection/storage of Protected Health Information (PHI) as defined under 45 CFR §160.103.
  • App functions as a **personal wellness tool**—results never transmitted to servers.

2. COPPA Compliance

• Age Gate: First launch requires users to confirm they are **18+** (COPPA’s minimum age).
  • Under-18s blocked with message: *"Parental consent required – contact [email protected]"*.
• Zero Child Data: If age <18 is detected, analytics collection is **automatically disabled**.

3. User Controls (CCPA/GDPR Ready)

• Opt-Out:
  • Toggle in Settings: *"Share Analytics: ON/OFF"* (disables GA cookies immediately).
  • Global Privacy Control (GPC) signal honored if detected.
• July 4, 2025:
  • Submit requests to [email protected] for manual purging of GA data (processed within **30 days**).

4. Legal Safeguards

• Google Analytics Config:
  • Signed **Data Processing Amendment (DPA)** with Google.
  • Retention set to **14 months** (below GDPR’s default 26-month threshold).
• No Third-Party Sharing:
  • GA data flows only to your owned GA dashboard—no ad tech partners.

5. Audit Trail

• Biannual **Privacy Impact Assessments** (PIAs) to verify:
  • No PHI leakage.
  • COPPA age-checks are functional.

6. Changes to Policy

• Updates will be posted on this page at https://circublood.com/privacy-policy Continued use of the app implies acceptance of the updated policy.

---
**Disclaimer:** This Privacy Policy is a template. It is critical to consult with a legal professional to draft your official, legally binding Privacy Policy.