Privacy Policy for Hyu
Last Updated: November 16, 2025
This Privacy Policy governs the collection, use, disclosure, and protection of personal and health-related information by CMH Group ("we", "us", or "our") in connection with your use of the Hyu! mobile application ("App", "Service", or "Hyu!") on Android and iOS devices.
Hyu! is a comprehensive digital health platform designed to empower users through personalized health tracking, secure data management, and seamless integration with device-level health systems. We prioritize transparency, user control, and compliance with global and local privacy regulations including Indonesia’s Personal Data Protection Law (UU PDP), GDPR, and Google Play Developer Program Policies.
1. Information We Collect
1.1 Account and Profile Information
When you register or log in, we collect:
- Full name
- Email address
- Date of birth and gender
- Phone number
- Emergency contact details (if provided)
- Residential and demographic information for service personalization
1.2 Health and Biometric Data
Hyu! may access health metrics stored on your device through the operating system’s native health platform (e.g., Android Health Connect). This includes:
- Physical Activity: Steps, distance walked, active minutes, calories burned
- Vital Signs: Heart rate, resting heart rate, blood pressure (systolic/diastolic)
- Body Metrics: Weight, height, BMI, body fat percentage (if available)
- Sleep Data: Duration, sleep stages, wake-up patterns
- Oxygen Saturation: SpO2 levels
- Manual Entries: Blood glucose, medication logs, symptom notes, mental health check-ins
This data is used solely for personal health tracking within the app. Access requires your explicit permission.
1.3 Usage, Device, and Diagnostic Data
We collect non-sensitive data to improve performance and reliability:
- Device model, OS version, screen resolution
- IP address, browser type (for web interactions)
- App usage patterns: feature engagement, session duration, navigation flow
- Crash reports and error logs
- Data related to non-personalized ads (to support free app access)
1.4 Alarm and Reminder Settings
You can set recurring or one-time health reminders (e.g., take medication, measure BP). These settings are:
- Stored securely on our servers
- Never saved locally on your device
- Triggered only on scheduled days and times
1.5 Family and Relationship Data
If you add family members or dependents, we store:
- Name, relationship type, and age
- Custom labels (e.g., "Ibu", "Anak ke-2", "Wali")
- Shared health goals or alerts (with consent)
This data is stored securely with access limited to your account.
2. How We Use Your Information
Your data enables us to deliver a personalized, secure, and intelligent health experience:
- To display real-time health dashboards and lifetime progress tracking
- To sync physical activity and vital signs from your device automatically
- To provide timely reminders based on your schedule and health profile
- To analyze trends in anonymized form for research and service improvement
- To support multi-user access for family or organizational accounts
- To load ad content in a non-personalized manner
- To prevent duplicate entries of health data
Note: We do not use health data for advertising, behavioral profiling, or sale to third parties. All monetization (e.g., Pro features, ads) is decoupled from personal health information.
3. Data Storage and Security
All sensitive data is stored on secure servers located in Indonesia, with end-to-end encryption:
- Data in transit: TLS 1.3 encryption
- Data at rest: AES-256 encryption
- Authentication: Secure login and session management
- Access control: Role-based permissions
- Backups: Encrypted daily backups with retention policies
- No local storage of alarms or health records
We conduct regular security audits and comply with Indonesian health data standards such as integration with national health systems.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal or health data. We may share information only under these conditions:
- With Your Consent: Sharing health reports with doctors, clinics, or family members.
- Service Providers: Hosting, analytics, and support partners bound by DPA agreements.
- Legal Compliance: When required by law enforcement or regulatory bodies (e.g., Kominfo, Kemenkes, BPJS).
- Business Transfers: In case of merger, acquisition, or asset sale, with notice and continued protection.
- Public Health: Aggregated, anonymized data may be shared for epidemiological research (opt-in only).
5. Third-Party Integrations
Hyu! integrates with external platforms to enhance functionality:
- Google Sign-In: For secure authentication. We receive only basic profile info with your consent.
- Health Connect (Android): For automatic sync of fitness and health data. You control access at the OS level.
- Dynamic Ad System: Ads are loaded securely from our backend without personal data.
- External APIs: For future integration with BPJS, e-HSA, or hospital systems (when enabled).
6. User Rights and Control
You have full control over your data:
- Access: View all personal and health data stored in your account.
- Correction: Update inaccurate or outdated information.
- Deletion: Request account deletion; data will be removed within 30 days (subject to legal holds).
- Withdrawal of Consent: Revoke access to Health Connect anytime via device settings.
- Data Portability: Export your health history in standard formats (JSON/CSV).
- Opt-Out: Disable non-essential communications or ad personalization.
7. Data Retention
We retain data only as long as necessary:
- Active accounts: Until deletion request or inactivity for 3 years
- Deleted accounts: Soft-deleted for 30 days before permanent removal
- Logs and diagnostics: Up to 1 year for troubleshooting
- Backup archives: Encrypted and retained per compliance rules
8. Children’s Privacy
Hyu! is not intended for children under 13. We do not knowingly collect data from minors without parental consent. If you believe this has occurred, please contact us immediately.
9. International Data Transfers
If you access Hyu! from outside Indonesia, your data may be processed in jurisdictions with equivalent data protection standards. We ensure appropriate safeguards, including contractual clauses, to protect cross-border transfers.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in technology, regulations, or our services. Significant updates will be communicated via in-app notification, email, or public announcement. Continued use of Hyu! constitutes acceptance of revised terms.
11. Contact Us
If you have any questions, requests, or complaints regarding your privacy or this policy, please contact our Data Protection Officer:
Email: info@cmhgroup.id
Address: Surabaya, Indonesia
Thank you for trusting Hyu! with your health journey.