Privacy Policy & Terms of Use

Last Updated: [Date]

Introduction

Welcome to BloodGPT (hereinafter referred to as "we," "us," or "our"). BloodGPT is an AI-based platform that interprets and explains laboratory blood test results for informational purposes only. By accessing or using our service, website, or platform (collectively, the "Service"), you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy & Terms of Use.

This document comprises two parts:

Privacy Policy: Outlines how we collect, process, and protect your personal data.

Terms of Use: Governs your use of the Service.

Please review both sections carefully.

Privacy Policy

Scope and Applicability

This Privacy Policy applies to personal data we collect or receive from individuals using the Service. It explains how we process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), as well as other relevant regulations.

Data We Collect

  1. Personal Information:
    • User-Provided Data: When you create an account or use the Service, you may provide personal information such as name (optional), age, gender, weight, height, lifestyle details, and medical history (if needed for the interpretation).
    • Blood Test Results: You may upload blood test results (in PDF or image formats). These documents can contain sensitive medical data, including test parameters and health information.
  2. Automatically Collected Information:
    • Usage Data: We may collect usage information such as pages visited, actions taken, time spent, and other diagnostic data to improve our Service.
    • Cookies & Tracking Technologies: We may use cookies or similar technologies to analyze trends, administer the website, track users' movements around the site, or store user preferences. You can control the use of cookies at the individual browser level.

How We Use Your Data

We process personal data for the following purposes:

  1. Service Delivery:
    • To provide AI-based explanations of your blood test data.
    • To personalize and improve your user experience.
  2. Platform Operation & Improvement:
    • To manage user accounts.
    • To analyze user behavior, measure engagement, and enhance functionality.
  3. Legal Compliance:
    • To comply with obligations under applicable laws and regulations.
    • To respond to lawful requests and legal processes.
  4. Communication:
    • To send administrative or technical notifications regarding the Service.
    • To respond to your inquiries, requests, or support needs.

We do not use your personal or sensitive data for advertising or marketing unless you have explicitly consented to such use.

Legal Basis for Processing (GDPR)

We rely on one or more of the following legal bases for processing your personal data:

  • Consent (Article 6(1)(a) GDPR): When you explicitly provide us with your data for analysis, you consent to our processing of that data for this purpose.
  • Legitimate Interests (Article 6(1)(f) GDPR): We may process certain non-sensitive data to improve the Service's functionality.
  • Legal Obligations (Article 6(1)(c) GDPR): We may process your data to comply with legal or regulatory requirements.

Data Retention

  • Storage Duration: We retain your personal data only for as long as is necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.
  • Blood Test Files: Uploaded files are stored only for the duration necessary to analyze and provide the explanations. We have a defined retention schedule after which test results are automatically deleted or anonymized, unless we are obligated by law to store them longer.

Data Sharing and Transfers

  • Third-Party Service Providers: We may share certain data with third-party service providers who help us operate the Service (e.g., cloud hosting, analytics). Such providers process data on our behalf and adhere to data protection obligations.
  • Legal Compliance and Protection: We may disclose information if required by law, subpoena, or to protect our rights, users' safety, or the security of our Service.
  • International Data Transfers: If your data is transferred to jurisdictions outside the European Economic Area, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) in compliance with GDPR requirements.

Your Rights

Under applicable data protection laws, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccuracies or incomplete personal data.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data under certain conditions.
  • Restriction of Processing: Ask us to restrict the processing of your data in specific circumstances.
  • Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
  • Withdrawal of Consent: If processing is based on consent, you can withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact us at: [Contact Email/Address]

Security Measures

We implement appropriate technical and organizational measures to protect the confidentiality, integrity, and availability of your personal data. This includes the use of encryption, secure data centers, and restricted access protocols. However, no method of transmission or electronic storage is completely secure, so we cannot guarantee absolute security.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data practices or legal requirements. If we make material changes, we will notify users by posting an updated version on the Service with a new effective date. Your continued use of the Service after any changes indicates your acceptance of the updated Policy.

Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy, you may reach us at:

  • Email: [Support/Legal Email Address]
v. 1.4.6