Draft pending legal review

Privacy Policy

Effective date: to be finalized before public release.

This Privacy Policy describes how the Smart Hajj app and the Hajj Health Gateway pilot system may collect, use, and protect data during internal beta testing, research feasibility work, and controlled demonstrations. Smart Hajj is a research prototype and is not a medical diagnostic device.

Who This Policy Is For

This policy is intended for internal team members, invited TestFlight testers, research collaborators, and project reviewers who use the beta Smart Hajj app or visit smarterhajj.com.

Data We May Collect

The system may collect or process the following categories of data:

• Prototype health-related measurements such as body temperature, heart-rate values, ECG-like waveform samples, and derived heart-rate estimates.
• Motion and device telemetry such as IMU readings, capture window metadata, BLE transfer metrics, battery status, firmware version, and connection status.
• Pseudonymous participant IDs, ESP32 device IDs, BLE names, session IDs, and app timestamps.
• App settings, privacy notice acknowledgement state, upload queue records, and local debug/export files stored on the device.
• Server request logs, API health checks, telemetry payloads, CSV exports, and operational logs needed to run the pilot backend.
• Contact information you choose to provide when requesting support or beta access.

How We Use Data

We use pilot data to operate the prototype, test BLE and server reliability, debug upload behavior, evaluate feasibility, generate research exports, and support invited testers. We do not use the app for advertising tracking.

Health And Safety Limits

Smart Hajj is for pilot testing, research, and feasibility evaluation. The app and server may show activity labels or risk indicators, but those outputs are mock or research outputs unless a future validated clinical workflow is explicitly approved. They are not medical diagnosis, emergency triage, or a substitute for professional medical care.

Storage And Retention

The app may temporarily store telemetry and failed uploads in a local queue so records can be retried later. The pilot server may store data in SQLite, JSONL backup files, and CSV exports. Retention periods should be finalized by the project owner, institution, and legal/privacy review before any real participant study or broader public release.

Sharing

Pilot data should be shared only with authorized project team members, research collaborators, infrastructure operators, or reviewers who need access for testing, support, security, or research governance. Do not enter real names, passport numbers, national IDs, phone numbers, or other directly identifying information into the prototype unless a formally approved study protocol requires it.

Security

Production or staging deployments should use HTTPS, access controls, monitored infrastructure, and approved data governance. Local HTTP server URLs are for development only. Testers should report lost devices, suspected data exposure, or unexpected app behavior promptly through the support page.

Your Choices

Testers may stop using the beta app at any time. The app includes a first-launch privacy and safety acknowledgement. Project owners should define a formal deletion/export process before collecting real participant data under an approved study.

Contact

For beta support, visit smarterhajj.com/support. Before external testing or public release, confirm that the listed support mailbox is monitored by the project team.