i-Virtual (hereinafter “the company” or “we”) is aware of the importance of protecting privacy and individual freedoms. Consequently, we are dedicated to safeguarding personal data in compliance with applicable law, specifically the EU Regulation N°2016/679 of April 27, 2016 (the “GDPR”) and the French Law n°78-17 of January 6, 1978, as amended.
The purpose of this privacy policy (the “Policy”) is to inform you about the principles governing our processing of your personal data when you use the Saphere Sense BP mobile application (the “App”).
- No account required: the App does not require a username, password, or user profile to function.
- Camera permission: used only to capture a short video for on-device processing.
- On-device processing: the video is processed locally on your device to extract a physiological signal; images/frames are not transferred outside your device.
- No synchronization: the extracted signal and measurements are not automatically synced to another service.
- Optional identifiers: you may optionally enter an ID (e.g., participant/patient code) to label a measurement; this is not required.
- Blood pressure entry: you may manually enter blood pressure values; these remain stored locally in the App on your device.
- No advertising: the App does not display ads and does not use advertising identifiers.
- Logs: the App may generate technical logs to help us diagnose issues and improve performance.
1. Processing carried out as a data controller (App use)
1.1. Categories of personal data and purposes of processing
Depending on how you use the App, we may process the following categories of data. We only use data for the purposes described below, in accordance with their respective legal bases.
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Technical & usage data (logs) | Device information (OS version, app version), crash reports, diagnostic logs, timestamps | Security, troubleshooting, bug fixing, service improvement | Our legitimate interest in ensuring the App’s security and reliability |
| Optional identifiers (entered by you) | Participant / patient code or other label you choose to input | Allow you to label and organize measurements inside the App | Your choice / performance of the service (depending on the context) |
| Health & well-being data (derived locally) | Physiological signal extracted from the video (rPPG), and derived metrics (e.g., heart rate, respiratory rate, etc.) | Provide you with measurements and in-app feedback | Performance of the service; and/or your explicit consent where required by law |
| Health data you manually enter | Blood pressure values you type in | Store and display your entries locally in the App | Performance of the service (data stored on your device) |
1.1.1. Video processing and local-only principle
The App uses the camera to capture a short video, solely to extract a physiological signal on your device. The video images are processed locally and are not transferred outside your device. The extracted signal is not automatically synchronized with a third-party service.
1.1.2. What we do not collect
- We do not require or collect usernames and passwords for the App.
- We do not run advertising trackers and do not sell your data.
- We do not request photo/video library permissions for normal operation (other than the camera for live capture).
2. Retention periods
Personal data is retained only for as long as necessary to fulfil the intended purposes, while considering applicable limitation periods and the principle of proportionality.
- In-app manual blood pressure entries: stored locally on your device until you delete the App / clear its data.
- On-device video: not transferred outside the device; if temporarily buffered for analysis, it is deleted promptly after processing.
- Technical logs: retained for a limited period necessary for troubleshooting and improvement (according to our internal retention rules).
3. Recipients of data
Internally, recipients are the departments that require access depending on the type of processing (e.g., engineering/quality for logs). We do not share your personal data with unauthorized third parties.
4. How to exercise your rights
Pursuant to applicable legislation, you are entitled to rights in relation to your personal data (access, rectification, objection where applicable, restriction, deletion, portability, and withdrawal of consent).
You can contact us:
- By email: privacy@i-virtual.ai
- By postal mail: i-Virtual, Attn: DPO, 19 avenue Foch, 57000 Metz, France
You also have the right to lodge a complaint with the supervisory authority, the French data protection authority (CNIL).
5. Security measures
We are committed to maintaining the confidentiality, integrity, availability and security of your personal data. In accordance with Article 32 GDPR, we implement appropriate technical, logical and organizational measures to ensure a level of security tailored to the risks associated with processing your personal data, and to prevent loss, accidental destruction, alteration or unauthorised access.
6. Data protection officer
We have appointed EDOS, whose registered office is located at 9 rue Schimper in Strasbourg, as our Data Protection Officer (DPO). You can contact our DPO at privacy@i-virtual.ai.
7. Policy updates
i-Virtual may modify this Policy if necessary. We will inform you of any changes through a notice on our website or within the App.