Find Your Hearing Type2-minute test

Privacy Policy

Last updated: March 14, 2026

1. Introduction

Hearo (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. Please read this policy carefully. By using Hearo, you consent to the practices described in this policy.

Because Hearo processes health-related information (hearing assessments and audiogram data), we take additional care to ensure your sensitive data is handled responsibly, even where we are not legally classified as a healthcare provider.

2. Information We Collect

Information You Provide

  • Account Information: Email address, name (if provided) when you create an account or save your results.
  • Assessment Data: Quiz responses, hearing preferences, and scenario answers from the HearingType personality quiz.
  • Audiogram Data: Uploaded audiogram images and/or manually entered hearing threshold values (dB HL at standard frequencies).
  • Contact Information: Information you provide when contacting us or submitting feedback.

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on pages, scroll depth, and interaction patterns (collected via Google Analytics 4).
  • Device Information: Browser type, operating system, screen resolution, and device type.
  • Error Data: Technical error reports and session replays for debugging purposes (collected via Sentry).
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies for functionality and analytics.

3. How We Use Your Information

  • To Provide the Service: Processing your assessments, generating your HearingType, and creating your personalized hearing profile.
  • AI Analysis: Uploading and processing audiogram images through Google Gemini API to extract hearing threshold data for HearingType classification.
  • To Improve the Service: Analyzing usage patterns and feedback to enhance features and user experience.
  • To Communicate: Responding to your inquiries and sending service-related notifications.
  • Aggregated Insights: Creating anonymized, aggregated statistics about hearing patterns (which cannot identify individual users).
  • Security and Compliance: Detecting and preventing fraud, abuse, and security incidents, and complying with legal obligations.

4. Health-Related Data

Hearo collects and processes hearing-related data, which may be considered sensitive health information under certain jurisdictions. While Hearo is not a healthcare provider and is generally not subject to HIPAA (U.S. Health Insurance Portability and Accountability Act), we treat your hearing data with the highest level of care:

  • Hearing data is used solely for generating your HearingType profile and improving the Service.
  • We do not sell your health-related data to third parties.
  • We apply encryption in transit and at rest for hearing-related data.
  • Access to health-related data is restricted to essential personnel and systems.
  • Uploaded audiogram images are processed for threshold extraction and are not used for any other purpose.

5. Third-Party Services

We use the following third-party services that may process your data:

Google Firebase (Firestore)

Purpose: Database storage for user accounts, assessment results, and hearing profiles.

Data Shared: Account information, quiz responses, HearingType results, audiogram threshold values.

Google Gemini API

Purpose: AI-powered analysis of uploaded audiogram images to extract hearing threshold data.

Data Shared: Uploaded audiogram images (processed for immediate analysis; refer to Google's AI data processing terms for retention details).

Sentry

Purpose: Error tracking and session replay for debugging and improving application stability.

Data Shared: Technical error data, anonymized session recordings, device/browser information.

Google Analytics 4 (GA4)

Purpose: Website usage analytics to understand how users interact with the Service.

Data Shared: Page views, feature usage, scroll depth, device information, anonymized user interactions.

Each third-party provider has its own privacy policy governing their use of data. We encourage you to review their respective policies.

6. Your Rights

All Users

Regardless of your location, you may:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate personal data
  • Request deletion of your personal data and account
  • Withdraw consent for data processing at any time

European Economic Area & UK (GDPR)

If you are in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Legal Basis: We process your personal data based on your explicit consent (particularly for health-related data under Article 9(2)(a) GDPR), performance of a contract, and legitimate interests.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: Request that we limit the processing of your personal data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Lodge a Complaint: You may lodge a complaint with your local data protection supervisory authority.

For health-related data (audiogram data, hearing assessment results), we rely on your explicit consent as the legal basis for processing under GDPR Article 9(2)(a).

California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

  • Right to Know: What personal information we collect, use, disclose, and sell.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of personal information. Hearo does not sell your personal information.
  • Right to Limit Use of Sensitive Personal Information: Health data qualifies as sensitive personal information under CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Canada (PIPEDA)

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with rights including:

  • The right to know why your personal information is being collected
  • The right to access your personal information and challenge its accuracy
  • The right to expect that your personal information is used only for the purposes for which it was collected
  • The right to withdraw consent for the collection, use, or disclosure of your personal information

7. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

  • Account Data: Retained for as long as your account is active. Deleted upon request.
  • Assessment and HearingType Data: Retained for as long as your account is active or as needed to provide the Service.
  • Uploaded Audiogram Images: Processed for AI analysis and threshold extraction. Images are not retained longer than necessary for processing.
  • Analytics Data: Retained in accordance with GA4 default retention policies (typically 14 months).
  • Error Tracking Data: Retained in accordance with Sentry’s data retention policies.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Access controls limiting who can access personal data
  • Regular review of data collection and processing practices
  • Secure cloud infrastructure (Google Cloud / Firebase)

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and Canada, where data protection laws may differ. When we transfer data from the EEA, UK, or Switzerland, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an adequate level of protection.

10. Children's Privacy

Hearo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised “Last updated” date, and, where appropriate, by email. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us:

Contact Page

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.