Privacy Policy

QCS Privacy Notice

Last Updated: April 18, 2026

1. Introduction
2. Information We Collect
2a. Data Minimization
3. Use of Information
4. Data Security
5. Garmin Health API Compliance
6. Data Sharing and Disclosure
7. Data Retention
8. Your Rights
8a. Breach Notification
8b. Audit & Compliance
8c. Subprocessors
8d. Corporate Structure & Related Entities
9. Third-Party Links
10. Children's Privacy
11. Changes to This Privacy Policy
12. Contact Us

1. Introduction

QCS ("Company," "we," "us," "our") operates the qcloud.systems website and related services ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, particularly those involving Garmin Health API integration and wearable device data.

2. Information We Collect

We may collect information about you in the following ways:

Wearable Device Data: When you authorize integration with Garmin-connected devices via the Garmin Open Health API, we access specific health and fitness data including: heart rate, sleep duration and quality, daily steps, activity type and duration, calories burned, distance traveled, and optional location data. No additional data beyond what you explicitly authorize is collected.
User-Provided Information: Information you voluntarily provide, such as account credentials, profile information, and preferences.
Automatically Collected Information: Device information, IP address, browser type, and usage analytics.

2a. Data Minimization

We collect only the minimum health data necessary to provide our Service. Our principle is data minimization— we do not request or collect any health metrics beyond what is essential for the specific features you are using. Users maintain full control over which data categories are shared and can revoke access to specific data types at any time.

3. Use of Information

We use the information we collect for the following purposes:

To provide, maintain, and improve our Service
To process and authenticate Garmin Health API integrations
To analyze health and fitness trends you authorize
To communicate with you about your account and service updates
To protect against fraudulent or malicious activity

4. Data Security

We implement industry-standard security measures to protect your personal information, including encryption, secure API connections, and restricted access controls.

5. Garmin Health API Compliance

When using Garmin Health API integration, your data is handled in accordance with:

HIPAA and HITECH Act requirements for all protected health information
GDPR, CCPA, and other applicable privacy regulations
Our commitment to use your health data only for purposes you explicitly authorize
A HIPAA Business Associate Agreement (BAA) is available upon request
Our commitment to use your health data only for purposes you authorize

We do NOT sell, trade, rent, or share your personal health information with third parties for any reason, including marketing, analytics, or commercial purposes. Period. We may disclose information only:

With our service infrastructure provider (earthrhythms-mobile-api) for the sole purpose of storing and processing your data as necessary to provide our Service
When required by law or valid court order, with advance notice to you when legally permitted
To protect our rights, privacy, safety, or property
With your explicit prior written consent for a specific purposeurt order
To protect our rights, privacy, safety, or property
With your explicit consent

7. Data Retention

We retain your data only as long as necessary to provide our Service. You may request deletion of your data at any time, subject to legal retention requirements. Deletion requests will be processed within 30 days.

and receive a copy within 10 business days

Correction: Request correction of inaccurate data with documentation of changes

Deletion: Request deletion of your data (Right to be Forgotten); we will comply within 30 days

Portability: Request a copy of your data in a portable, machine-readable format (JSON or CSV)

Opt-Out: Disconnect your Garmin integration instantly and permanently; all associated data is deleted within 48 hours

Data Export: Request a complete export of all your data within 24 hours

8a. Breach Notification

In the event of a confirmed security breach involving your personal or health information, we will:

Notify all affected individuals within 48 hours of discovery
Provide clear notification of: what information was compromised, when the breach occurred, and what steps we are taking
Offer complimentary credit monitoring for 12 months if financial data is affected
Notify relevant regulatory bodies (HIPAA, state attorneys general) as required by law
Conduct and publish results of a third-party security audit within 90 days

8b. Audit & Compliance

To ensure ongoing compliance and security:

System Access Logging: All system access to health data is logged and reviewed monthly
Security Reviews: Independent security audits conducted quarterly
Compliance Audits: HIPAA compliance audits conducted annually
API Activity Monitoring: All Garmin API calls are logged with user consent and reviewed for anomalies
Data Processing Audits: User data processing audited monthly to ensure only authorized use
Certified Security Leadership: QCS security team includes ISACA Certified Information Security Managers (CISM), ensuring professional-level governance and compliance management

8c. Subprocessors

We use the following third-party service providers to process your data:

earthrhythms-mobile-api: Backend infrastructure for storing and processing your health data. Data is encrypted end-to-end and earthrhythms-mobile-api has no access to unencrypted health information.

All subprocessors are bound by data processing agreements that meet or exceed HIPAA and GDPR requirements. We maintain a current list of all subprocessors and notify users of any changes 30 days in advance.

8d. Corporate Structure & Related Entities

QCS is the parent organization responsible for all data governance, security, and privacy compliance. earthrhythms is a health and wellness innovation division of QCS that develops mobile and wearable integration platforms. The earthrhythms-mobile-api is QCS infrastructure operated under unified data governance and security policies.

All health data processed through earthrhythms-mobile-api remains under QCS's direct control and is subject to this privacy policy. Both entities operate under the same HIPAA Business Associate Agreement, security certifications, and privacy commitments. Users should understand that "earthrhythms," "earthrhythms-mobile-api," and "QCS" refer to integrated components of the same organization with unified compliance and data protection standards.

9. Third-Party Links

Our Service may contain links to third-party websites. This Privacy Policy applies only to our Service. We are not responsible for the privacy practices of other websites.

10. Children's Privacy

Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our Service constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

GitHub: github.com/qcloud-systems
Website: qcloud.systems

← Back to Home