No Bad Ideas

← Home

Privacy policy

Last updated: March 30, 2026

We care about protecting your personal information. This Privacy Policy (“Policy”) explains how the No Bad Ideas team (“No Bad Ideas,” “we,” or “us”)—individual creators operating together as a small team, not a registered company—collects, uses, and shares your personal information when you access or use the Hearty mobile application or any associated features, content, or pages we operate (collectively, the “Services”). Our app offers experiences similar in nature to apps like Cardiac Link. This Policy does not address the privacy practices of third parties we do not own or control.

Please read this Policy and any Terms of Use carefully. By choosing to use Hearty or the Services, you acknowledge and agree that your personal information may be used as described in this Policy. If you do not agree with any part of this Policy, you must not use or access our Services.

We may update this Policy from time to time. If we make a material change, we will strive to notify you by displaying a notice in the Services or through other reasonable means. By continuing to use the Services after changes take effect, you agree to the revised Policy.

Personal information that we collect

Personal information means information that, alone or combined with other information, may be used to identify you. It includes, for example, name, username, email address, mailing address, and phone number. When you use our Services, we may collect the following about you.

Information you provide to us

We collect personal information you voluntarily provide—for example, account details, language or regional preferences, or information you submit when participating in surveys, promotions, or events (such as contact information). You are responsible for ensuring the information you provide is accurate and up to date.

Hearty app data

When you use features of Hearty, we may collect information such as measurement or session history within the app (for example, heart-related readings you choose to save or sync), logs and metadata related to app performance, session or usage duration, and purchase or subscription history where applicable.

Camera and on-device processing: Hearty may use your device's camera for heart-related measurement similar in nature to apps like Cardiac Link. Frames used for measurement are processed on your device to provide core functionality. We do not upload photos or video from the camera for that purpose to our servers unless we clearly disclose otherwise in the app or in an updated version of this Policy.

Activity and usage data

While you access or use the Services, we or our providers may automatically collect information about how you interact with the Services. This may include your Internet Protocol (“IP”) address, device identifier, advertising identifier, MAC address, operating system, browser type, language preferences, referring and exit pages, crash data, approximate location derived from IP or device settings, purchasing activity, and other data regarding your use of the Services.

How we use your personal information

We use personal information for purposes including:

  • To provide our Services: Operate Hearty and fulfill your requests, including processing transactions, delivering features, syncing data across devices when you use an account (if offered), and providing customer support.
  • To personalize your experience: For example, use language or region to show appropriate content or time zone, and use device characteristics to improve display and compatibility.
  • Service-related communications: Send notices about your account, transactions, and material changes to our policies. You may not be able to opt out of all such communications where they are necessary to operate the Services.
  • Analytics and internal purposes: Measure usage, improve quality, conduct internal auditing, and evaluate how the app and related campaigns perform.
  • Security: Verify identity, detect fraud, protect users and systems, maintain backups, and safeguard the integrity of the Services.
  • Research and development: Improve existing Services and develop new ones, using reasonable safeguards and access controls where appropriate.
  • Marketing: Promote our Services and, where permitted, send information about products, events, or studies that may interest you (subject to your choices and applicable law).
  • Legal and regulatory compliance: Meet tax, accounting, and other obligations, and manage risk as required by applicable law.

How we share your personal information

Third-party service providers

We may engage vendors to perform functions on our behalf, such as processing payments (including through Apple App Store or Google Play where you purchase through those platforms), hosting or storing data, security services, and market research. We seek contractual commitments that they use appropriate safeguards when handling personal information.

Legal obligations and safety

We may disclose personal information if it is reasonably necessary to:

  • Comply with a valid legal process (for example, subpoenas, warrants, or court orders);
  • Comply with valid requests or investigations by public authorities;
  • Comply with applicable laws or regulations;
  • Enforce our policies, agreements, and terms in litigation, disputes, or otherwise;
  • Protect our legitimate interests, including legal interests;
  • Protect the security or integrity of the Services; or protect the rights, property, or safety of you, other users, our team, collaborators, partners, or others.

We may, where permitted, give you advance notice if we are required to disclose personal information to law enforcement, public authorities, or other governmental entities, unless we are prohibited from doing so.

Cookies and similar technologies (“tracking technologies”)

What are cookies and tracking technologies?

Cookies are small data files, often letters and numbers, placed on your device by a server. We and companies we work with may use cookies and similar technologies—including pixel tags, web beacons, mobile analytics features, and mobile identifiers (collectively, “tracking technologies”)—to keep you signed in, remember preferences and settings, analyze how the Services are used, measure performance and advertising campaigns, and help keep the Services secure. Some tracking is strictly necessary to offer the Services; other uses give us insight into how we can improve or market the Services.

How to manage tracking technologies

We may use third-party tracking technologies that automatically collect information through the Services and may recognize your device when you use our Services and when you visit other sites or apps. We encourage you to read those providers’ policies for details on how they use data they collect.

Through your browser or mobile settings: You can enable, disable, or delete many tracking technologies via your browser or device settings (often under “Help,” “Tools,” or “Privacy”). If you turn off tracking technologies, secure or personalized parts of the Services may not work fully—for example, saved preferences, referral links, or sign-in state on web properties.

Marketing

We may use your personal information to send you messages about new products or services, events, or other information that may interest you, by email or other methods you agree to. If you do not wish to receive such messages, change your account settings (where available) or use the “unsubscribe” link in email communications. You cannot opt out of all transactional communications about your account or the Services without missing important information.

Security

We take the security of personal information seriously. We adopt practices common in our industry to help protect your personal information from unauthorized access, disclosure, use, alteration, and loss or corruption. We take reasonable measures to keep information accurate and up to date where we control it.

Because of how the internet works, no system is perfectly secure. Malicious actors and factors outside our control can still pose risks. You help protect your information by keeping passwords and device access private and taking sensible precautions so others cannot access your account.

Retention

In general, we keep your information for as long as needed to fulfill the purposes described in this Policy or to meet applicable law. We try to delete personal information when you ask us to or when we no longer need it for why we collected it, except we may keep it where necessary to establish or defend legal claims, for audit, or for fraud or crime prevention. We will not delete personal information that also relates to another person unless that person agrees to deletion at the same time, where applicable.

Account information: We retain information tied to your account while your account stays active or as needed to provide the Services you request.

Information from tracking technologies: We generally keep this as long as needed for usage analytics and similar purposes, and for legal claims, audit, or fraud or crime prevention where applicable.

Marketing data: Contact details you give us for marketing (such as name, email, or phone) are kept until you unsubscribe from marketing messages. If you unsubscribe, we add you to a do-not-contact list where appropriate to honor your choice.

Children

Our Services are not intended for children under sixteen (16). We do not knowingly collect personal information directly from children under 16 without parental consent. If you are under 16, do not provide us with information of any kind. We encourage parents and guardians to spend time with their children online and understand the apps and sites they use.

If you believe we may have received information from a child under 16 by mistake, contact us immediately at privacy@404badideas.com.

Do not track

Some browsers—such as Firefox, Safari, and others—can send “Do Not Track” (“DNT”) signals. Because uniform standards for DNT are not widely adopted, we do not currently process or respond to DNT signals on our Services.

Your California privacy rights

If you live in California, you can ask us for a list of third parties with whom we have shared your personal information for marketing purposes, where applicable. California law also lets residents request a notice that identifies categories of personal information we share with partners and/or third parties for marketing, with contact information for those parties where required. To make a request, email us at the address below with “My California Privacy Rights” in the subject line and include your name, relevant account information, and proof of California residence as needed so we can verify and respond.

Special notice for individuals in the European Economic Area, United Kingdom, and Switzerland

This section applies only if you are located in the European Economic Area, the United Kingdom, or Switzerland (the “Designated Countries”) when we collect your data. We may ask which country you are in, or rely on your IP address to infer location. If you mask or hide your location so that you do not appear to be in the Designated Countries, we may not be able to apply this section to you. If any part of this section conflicts with other parts of this Policy, this section controls for people in the Designated Countries.

Individual rights

Where applicable law gives you the rights below, we provide them as described. We may limit individual rights requests when: (a) denial of access is required or allowed by law; (b) granting access would harm someone else’s privacy; (c) we need to protect our rights and property; or (d) the request is frivolous or excessively burdensome. To exercise your rights, contact us using the information at the end of this Policy. We may verify your identity before we act on a request to protect your personal information. When we correct, delete, or restrict processing as you request, we will tell other parties processing that data where we can, unless that is impossible or would require disproportionate effort.

Right of access and portability

You may ask for a copy of the personal information we hold about you without undue delay and free of charge, unless the law lets us charge a fee. In some cases you may ask to receive your information in a structured, commonly used, machine-readable format, and to have us send it to another controller where that is technically feasible.

Right to rectification

You may ask us to correct or update inaccurate or incomplete personal information we hold about you.

Right to erasure

In certain situations, you may have the right to have personal information we hold about you deleted.

Right to restriction

Under certain conditions, you may have the right to restrict how we process your personal information.

Right to object

Where we process your personal information on the legal bases of consent, contract, or legitimate interests, you may object to that processing as allowed by applicable law.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects on you, unless an exception applies under applicable law.

Right to lodge complaints

If you believe we have infringed your privacy rights under applicable law or this Policy, contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with a competent supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.

Contact us

For questions about this Policy or our privacy practices, contact us at contact@404badideas.com.