Privacy Policy

Tonova — Blood Pressure Tracker

Last updated: April 2026

1. Introduction

Tonova ("the App") is a blood pressure tracking application developed and operated by Zellasoft, operated by Yurii Kuzela, based in Vienna, Austria ("we", "us", "our").

We take your privacy seriously. This Privacy Policy explains what data Tonova collects, how it is used, and what choices you have. We designed Tonova with a privacy-first approach: your health data is stored locally on your device and is never transmitted to our servers.

This policy applies to all users of Tonova on iOS and Android platforms worldwide.

Data Controller:

Zellasoft — Yurii Kuzela

Vienna, Austria

Email: support@tonova.app

2. Summary

For those who prefer a quick overview:

  • Your blood pressure data stays on your device. We cannot see, access, or read your measurements.
  • No account required. You can use Tonova without creating an account or providing any personal information.
  • No advertising. Tonova does not display ads and does not use advertising SDKs.
  • No data selling. We never sell, rent, or trade your personal data to third parties.
  • Optional cloud backup. If you choose to enable Google Drive backup, your data is stored in your own Google Drive account. We do not have access to it.
  • Anonymous analytics only. We collect anonymous usage statistics (such as which features are used) to improve the App. No health data is included in analytics.

3. Data we collect

3.1 Health data (stored locally on your device only)

When you use Tonova, you may enter the following health-related data:

  • Blood pressure readings (systolic, diastolic)
  • Pulse / heart rate
  • Date and time of measurements
  • Tags (e.g., morning, evening, medication, stress)
  • Notes attached to measurements
  • Patient profile information (name, date of birth)
  • Blood pressure classification standard preference

This data is stored exclusively on your device using a local SQLite database. It is not transmitted to our servers or any third-party service. We have no technical ability to access, view, or retrieve your health data.

Legal basis (GDPR Article 9(2)(a)): Where applicable, the processing of your health data is based on your explicit consent, which you provide by voluntarily entering your health information into the App.

3.2 Google Drive backup data (optional, user-initiated)

If you choose to enable the Google Drive backup feature, Tonova will:

  • Authenticate with your Google account using Google Sign-In
  • Store an encrypted backup file containing your blood pressure data in your personal Google Drive storage
  • Access only the backup files created by Tonova (limited scope)

Important: The backup is stored in your own Google Drive account. We do not operate any servers that store your backup data. We cannot access your Google Drive or the backup files. You can delete the backup at any time from within the App or directly from your Google Drive.

Legal basis (GDPR Article 6(1)(a)): Consent. You choose to enable this feature and can disable it at any time.

3.3 Anonymous usage analytics

We use Firebase Analytics (provided by Google LLC) to collect anonymous usage data. This helps us understand how the App is used and which features to improve.

Data collected:

  • App open events
  • Feature usage (e.g., screen views, PDF generation, analytics viewed)
  • Device type, operating system version
  • App version
  • Country/region (derived from IP address, not stored precisely)
  • Language setting

Data NOT collected:

  • Blood pressure readings or any health data
  • Patient name, date of birth, or other personal health information
  • Precise location (GPS coordinates)
  • Email address (unless you contact us directly)

Firebase Analytics may use a random identifier to distinguish between users. This identifier cannot be used to identify you personally.

Legal basis (GDPR Article 6(1)(f)): Legitimate interest in improving the App and understanding usage patterns. You can opt out of analytics in your device settings (see Section 8).

3.4 Crash reports

We use Firebase Crashlytics (provided by Google LLC) to collect crash reports when the App encounters an error. This data helps us fix bugs and improve stability.

Data collected in crash reports:

  • Device model and operating system version
  • App version and build number
  • Stack trace (technical error information)
  • Crashlytics installation UUID (anonymous identifier)

Data NOT collected in crash reports:

  • Blood pressure readings or any health data
  • Personal information (name, email, date of birth)

Legal basis (GDPR Article 6(1)(f)): Legitimate interest in maintaining App stability and fixing errors.

3.5 Subscription and purchase data

If you subscribe to Tonova Premium, your purchase is processed by:

  • Apple (via App Store) for iOS users
  • Google (via Google Play) for Android users

We use RevenueCat (RevenueCat, Inc.) as a subscription management service to verify your purchase status and manage entitlements across platforms.

Data processed by RevenueCat:

  • An anonymous app user ID
  • Purchase receipts (validated with Apple/Google)
  • Subscription status (active, expired, trial)
  • Product identifier purchased

Data NOT shared with RevenueCat:

  • Blood pressure readings or any health data
  • Patient name, date of birth, or other personal information

We do not process or store your payment information (credit card numbers, bank details). All payment processing is handled directly by Apple or Google.

Legal basis (GDPR Article 6(1)(b)): Performance of a contract (providing the Premium subscription service you purchased).

3.6 Support communications

If you contact us via email at support@tonova.app, we will collect:

  • Your email address
  • The content of your message
  • Any attachments you send

We use this data solely to respond to your inquiry. Support correspondence is retained for up to 24 months after the last communication, then deleted.

Legal basis (GDPR Article 6(1)(b)): Performance of a contract / (GDPR Article 6(1)(f)) Legitimate interest in providing customer support.

4. Data we do NOT collect

To be explicit, Tonova does not collect:

  • Blood pressure measurements or health data on any server
  • Biometric data
  • Precise location (GPS)
  • Contacts, photos, or other device data
  • Browsing history
  • Advertising identifiers (we do not use ads)
  • Data from other apps on your device

5. Third-party services

Tonova integrates the following third-party services. Each service has its own privacy policy:

ServiceProviderPurposeData shared
Firebase AnalyticsGoogle LLCAnonymous usage analyticsAnonymous events, device info
Firebase CrashlyticsGoogle LLCCrash reportingCrash data, device info
Google Sign-InGoogle LLCAuthentication for Google Drive backupGoogle account token (user-initiated)
Google Drive APIGoogle LLCCloud backup storageBackup file (user-initiated, stored in user's own Drive)
RevenueCatRevenueCat, Inc.Subscription managementAnonymous user ID, purchase receipts
App StoreApple Inc.Payment processing (iOS)Purchase data (handled by Apple)
Google PlayGoogle LLCPayment processing (Android)Purchase data (handled by Google)

Data processing locations: Firebase and Google services may process data in the United States and other countries. Google LLC participates in the EU-U.S. Data Privacy Framework. RevenueCat, Inc. is based in the United States and processes data in accordance with its privacy policy.

6. Data retention

Data typeRetention periodLocation
Health data (BP readings, tags, notes)Until you delete the App or clear dataYour device only
Google Drive backupUntil you delete itYour Google Drive
Analytics data14 months (Firebase default)Google servers
Crash reports90 days (Firebase default)Google servers
Subscription statusDuration of subscription + as required by Apple/GoogleRevenueCat, Apple, Google
Support emails24 months after last communicationOur email provider

7. Your rights

Under the General Data Protection Regulation (GDPR) and other applicable laws, you have the following rights:

  • Right of access (Art. 15 GDPR): You can request information about what personal data we process about you.
  • Right to rectification (Art. 16 GDPR): You can correct inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You can request deletion of your personal data. Since your health data is stored only on your device, you can delete it at any time by deleting the App or clearing its data. For analytics data, you can contact us to request erasure.
  • Right to restriction of processing (Art. 18 GDPR): You can request that we limit how we use your data.
  • Right to data portability (Art. 20 GDPR): Tonova provides CSV export functionality, allowing you to export all your blood pressure data in a standard format.
  • Right to object (Art. 21 GDPR): You can object to data processing based on legitimate interest (analytics, crash reporting).
  • Right to withdraw consent (Art. 7(3) GDPR): You can withdraw your consent for health data processing at any time by deleting your data within the App or uninstalling it. For Google Drive backup, you can disable the feature and delete backup files.

How to exercise your rights: Contact us at support@tonova.app. We will respond within 30 days as required by GDPR.

Right to lodge a complaint:

You have the right to lodge a complaint with a supervisory authority. The competent authority for Tonova is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
dsb@dsb.gv.at

8. How to control your data

  • Delete all health data: Uninstall Tonova from your device. All locally stored data will be permanently deleted.
  • Delete Google Drive backup: In the App, go to Settings → Backup → "Delete backup." Alternatively, delete the backup file directly from your Google Drive.
  • Opt out of analytics: On iOS, go to Settings → Privacy & Security → Analytics & Improvements → disable "Share with App Developers." On Android, go to Settings → Google → Ads → opt out of Ads Personalization. You can also reset your Advertising ID.
  • Export your data: In the App, go to Settings → "Export data as CSV" to download all your measurements.

9. Children's privacy

Tonova is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@tonova.app, and we will take steps to delete such information.

10. Security

We implement appropriate technical and organizational measures to protect your data:

  • Local storage: Health data is stored in an encrypted SQLite database on your device, protected by your device's built-in security (passcode, biometrics).
  • Encrypted transfer: All communications with third-party services (Firebase, Google Drive, RevenueCat) use TLS/SSL encryption.
  • Minimal data collection: We follow the principle of data minimization — we only collect what is necessary for the App to function.
  • No server-side storage: We do not operate servers that store your health data, eliminating server-side breach risk.

11. International data transfers

Tonova is available worldwide. If you are located in the European Economic Area (EEA), your anonymous analytics and crash report data may be transferred to Google servers in the United States. These transfers are protected by:

  • Google LLC's participation in the EU-U.S. Data Privacy Framework
  • Standard Contractual Clauses (SCCs) where applicable

Your health data is not transferred internationally — it remains on your device.

12. California residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect and how it is used.
  • Right to delete your personal information.
  • Right to opt-out of the sale of personal information. We do not sell your personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at support@tonova.app.

13. Medical disclaimer

Tonova is not a medical device and is not intended to diagnose, treat, cure, or prevent any disease or medical condition. The App is a personal health tracking tool designed to help you record and visualize blood pressure measurements.

Blood pressure classifications displayed in the App (based on ESC/ESH or ACC/AHA guidelines) are for informational purposes only and should not be used as a substitute for professional medical advice, diagnosis, or treatment.

Always consult a qualified healthcare provider for medical advice regarding your blood pressure or any health condition.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify users through the App for significant changes
  • Post the updated policy at tonova.app/privacy

We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact us

If you have questions about this Privacy Policy or our data practices, please contact us:

Zellasoft — Yurii Kuzela

Email: support@tonova.app

Website: tonova.app

Vienna, Austria