What We Collect
A complete inventory of data Circadify processes, stores, and discards.
Transparency is core to our approach. This page is the complete inventory of every category of data Circadify processes — including which categories we don't retain.
Per-Scan Data
| Category | Where it goes |
|---|---|
| Raw camera video / frames | Stay on the user's device. Never uploaded. |
| Measurement payload | Uploaded securely for processing and discarded after processing. |
| Vital sign results | Returned in the API response. Not stored on our side. |
| Usage record | One scan credit decremented from the developer's monthly quota. This is the only artifact retained from a scan. |
The usage record is a counter (e.g. "this developer used 1 scan at this timestamp"). It contains no health data, no session payload, and no identifiable user data — only the developer/key reference and a timestamp for billing and quota.
Vital sign results are returned to your application and never stored on Circadify's side. If you need to retain a user's results, persist them in your own application database.
Vital Sign Result Schema (returned to your app)
The result returned in the API response is computed by Circadify and handed back to your application. It is not stored on our side.
- Heart rate — Beats per minute (BPM)
- Respiratory rate — Breaths per minute
- Heart rate variability (HRV) — Milliseconds (ms)
- SpO2 — Blood oxygen output (%) when enabled
- Blood pressure — Systolic and diastolic trend output (mmHg) when enabled
- Confidence score — 0–1 reliability indicator
- Session ID — UUID identifying that scan request
Developer Account Data
What we do persist for accounts:
- Email, name, company — Provided during developer signup
- API key hashes — Keys are stored as one-way hashes; the full key is shown once at creation
- Usage counters — Aggregate scan counts per key for billing and quota enforcement
- Audit log entries — Account-administration events (key creation, login, etc.). No health data.
Technical Telemetry
For debugging and compatibility:
- SDK version — For compatibility tracking
- Browser/device class — Hardware capability tier (used for processing optimization)
No persistent device identifiers, fingerprints, or precise location data are collected.
What We Don't Collect
Circadify does not collect, transmit, or store: raw camera frames, raw video, vital sign results after returning them to you, measurement payloads after processing, biometric templates, persistent device identifiers, precise geolocation, or data from non-camera sensors.
See Data Minimization for more detail.
Next Steps
- Retention — How long data is kept (spoiler: health data isn't)
- Deletion — How deletion works given nothing health-related is stored
- Data Minimization — Our minimization approach