Privacy Policy Kardiobeat Mobile App

This Privacy Notice sets forth the rules applicable to the processing of personal data of users who are natural persons and use the Kardiobeat.ai Mobile Application / Kardiobeat.ai (hereinafter the “App”). We encourage you to read this Notice in order to understand who and to what purpose processes your personal data and in order to know your rights.

Before using the App, you should read this Privacy Notice. Any person who uses the App and does not accept this Privacy Notice should refrain from using the App.

1. Who we are? Who is the data controller?

Medicalgorithmics S.A. with its registered office in Warsaw (02-001) at Al. Jerozolimskie 81 (hereinafter “Medicalgorithmics” or “We”) is a Polish company that develops advanced systems for cardiology. The Medicalgorithmics flagship product is PocketECG, a system for heart arrhythmia diagnostics. The App is a support tool for the Kardiobeat.ai recorder, which is integrated with PC Client and DRP system, depending on the version of the App.

The App is designed exclusively for Professional Users (e.g., physicians, medical technicians) and allows them to initiate, control, or terminate ECG recording sessions, manage patient enrollment, and upload recorded ECG data from the Kardiobeat.ai recorder.

Communication between the App and the Kardiobeat.ai recorder is performed via Bluetooth Low Energy (BLE) for real-time interaction (such as device initialization, ECG preview, or session control), and via USB connection for accessing and uploading recorded ECG data stored on the device

The integration type (PC Client or DRP) and availability of certain features (such as enrollment or upload modules) depend on the specific version of the Kardiobeat.ai App deployed in the healthcare environment.

Medicalgorithmics S.A. is the provider of the App. The data controller of any personal data processed through the system is the healthcare institution using the Kardiobeat.ai solution (e.g., a hospital or clinic). Medicalgorithmics acts as a data processor on behalf of the controller, based on a signed Data Processing Agreement (DPA).

2. Principles of data processing

We apply the following data processing principles: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, accountability.

3. What data is processed?

The Kardiobeat.ai Mobile Application is strictly intended for professional use. In some versions of the App, user registration is not required for functionalities related to device management (such as session initiation, recording control, or ECG preview). However, registration and authentication are always required to access features involving ECG data upload and patient enrollment, due to their sensitivity and system integration requirements.

The App primarily processes technical and operational data related to the ECG monitoring workflow. Nevertheless, certain patient personal data may be displayed or transmitted as part of session handling, enrollment processes, or data upload to integrated clinical systems.

The following types of personal data may be processed via the App:

Displayed within the App (not stored):

  • Patient’s name and surname
  • Patient’s date of birth
  • Patient identifier (linked to enrollment within the clinical system)

Operational data transmitted via the App:

  • Real-time, non-diagnostic ECG signal preview, used to verify signal presence and proper electrode placement
  • Device status information (e.g., connection state, battery level, recording status)
  • Upload status and result of data transfer to the PC Client or DRP systems
  • Patient enrollment data (e.g., demographics, patient ID, and monitoring context) submitted by the user to PC Client or DRP systems
  • User authentication data required to access protected features

Important clarifications:

  • The ECG preview is used for non-diagnostic informational purposes only and is not stored by the application.
  • The App does not collect or retain patient data locally — all data is securely transmitted to backend systems (e.g., PC Client or DRP) under the responsibility of the healthcare provider.
  • The App requires secure user authentication (e.g., via Azure Active Directory) to access sensitive functionalities such as ECG upload and patient enrollment

All personal data is processed in accordance with applicable data protection regulations. Medicalgorithmics S.A. acts solely as a data processor, under instruction from the healthcare provider acting as the data controller.

4. Data storage

The App does not store any personal data, it functions through temporary sessions (scanning the QR code from the main system). After the session ends, the App does not store any information.

5. Your rights

All persons whose personal data is processed have the right to request access, rectification, erasure, restriction of the processing and transfer of personal data. The right to file a complaint with a supervisory authority and to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The right to object to processing of personal data which is based on legitimate interest of the data controller or to processing of personal data for marketing purposes, including profiling.

6. Tracking tool

The App do not use any tracking tool, cookies etc.

7. Changes to this Notice

This Privacy Notice may be subject to change. Any revised version of this Notice shall apply from the time of its publication in the App.

8. Contact details of the data protection officer

Our data protection officer is available at the e-mail address: compliance@medicalgorithmics.com and by mail at:
Medicalgorithmics S.A.
Inspektor Ochrony Danych
Al. Jerozolimskie 81
02-001 Warsaw, Poland
Please provide information that allows ascertaining your identity and a clear and accurate description of the request.

About

Our company
About us
Our history
Management Team
Partners
Career
Work with us
Job offers
Application form
Press room
Contact for media
Media pack

Products

PocketECG
VCAST
DRAI
DRP
Kardiobeat.ai

R&D Services

Clinical Research

News

Investors

Reports and data
Financial data
Current reports
Financial reports
Strategy
Media
Presentations
Corporate calendar
Contact for investors
Stocks and bonds
Shareholders
Quotations
Dividend
Grants
Prospectus
Bonds
Corporate governance
General Meetings
Management Team
Corporate governance
Corporate documents

Contact

Contact us
Contact for investors
Contact for media
© 2024 Medicalgorithmics.com
Privacy Policy

DeepRhythm Platform (DRP)

Get Your Free Consultation, 
Custom Tailored To Your Needs.
The data administrator is Medicalgorithmics S.A. with its registered office in Warsaw (02-001) at Al. Jerozolimskie 81. The data will be processed in order to answer the query sent (legal basis: legitimate interest of the administrator), marketing (legal basis: legitimate interest of the administrator). The full text of the clause can be found on the Privacy Policy page.

The wait is almost over!

DRAI MARTINI study is set to be published soon. Be the first to know when it lands.
The data administrator is Medicalgorithmics S.A. with its registered office in Warsaw (02-001) at Al. Jerozolimskie 81. The data will be processed in order to answer the query sent (legal basis: legitimate interest of the administrator), marketing (legal basis: legitimate interest of the administrator). The full text of the clause can be found on the Privacy Policy page.

Your submission was succesfull

Software

Get more information
The data administrator is Medicalgorithmics S.A. with its registered office in Warsaw (02-001) at Al. Jerozolimskie 81. The data will be processed in order to answer the query sent (legal basis: legitimate interest of the administrator), marketing (legal basis: legitimate interest of the administrator). The full text of the clause can be found on the Privacy Policy page.

VCAST

Get a free demo
The data administrator is Medicalgorithmics S.A. with its registered office in Warsaw (02-001) at Al. Jerozolimskie 81. The data will be processed in order to answer the query sent (legal basis: legitimate interest of the administrator), marketing (legal basis: legitimate interest of the administrator). The full text of the clause can be found on the Privacy Policy page.

DeepRhythmAI (DRAI)

Get Your Free Consultation, 
Custom Tailored To Your Needs.
The data administrator is Medicalgorithmics S.A. with its registered office in Warsaw (02-001) at Al. Jerozolimskie 81. The data will be processed in order to answer the query sent (legal basis: legitimate interest of the administrator), marketing (legal basis: legitimate interest of the administrator). The full text of the clause can be found on the Privacy Policy page.

Our company

About us

Our History

Management Team

Partners

Career

Work with us

Job offers

Recommend an employee

Application form