Controller / Operator: Blood Health AI LLC, 406 E 3rd Ave, San Mateo, CA 94401, USA. Contact: info@bloodhealthai.com.
Effective date: June 1, 2026. Last updated: June 1, 2026.
1. Overview
Blood Health AI LLC (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and safeguard your personal and health-related information when you use our website and mobile application (collectively, the “Services”). The Services are general wellness tools and are not medical devices.
2. Information we collect
Health and wellness data (sensitive personal information). Self-reported blood pressure readings, wellness scores generated by the app, and other wellness signals you choose to log. This is treated as “sensitive personal information” under the California Privacy Rights Act (CPRA) and a “special category of personal data” under the EU/UK GDPR.
Account data. Name, email address, age range, and other profile details you provide during registration.
Device & usage data. App interactions, feature usage, crash logs, and device identifiers used to improve reliability.
Food & lifestyle data. Photos and descriptions of meals, supplements, exercise, and sleep patterns that you voluntarily log.
3. How we use your information & lawful basis (GDPR)
- To provide the app's general wellness features (lawful basis: performance of a contract).
- To operate, maintain, secure, and improve the Services (lawful basis: legitimate interests in operating a reliable product, balanced against your rights).
- To communicate with you about your account or material changes (lawful basis: performance of a contract and legitimate interests).
- To process health and wellness data (lawful basis under GDPR Art. 9: your explicit consent, which you may withdraw at any time).
- Only with your explicit, opt-in consent — to improve our models using de-identified, aggregate data (lawful basis: explicit consent).
- To comply with legal obligations (lawful basis: legal obligation).
4. What we never do
- We do not sell or “share” (as defined under the CPRA) your personal or health-related data to advertisers, data brokers, or third parties.
- We do not share identifiable health-related data with insurers, employers, or other organizations without your explicit written consent.
- We do not retain raw health-related data after you complete account deletion (see Section 7).
- We do not use your data for targeted advertising or for any profiling that produces legal or similarly significant effects.
5. Service providers we use
We engage a limited number of vetted service providers (“processors” under GDPR, “service providers” under CPRA) under written agreements that require them to provide protections substantially equivalent to those described in this policy and to process data only on our documented instructions. Current categories include:
- Cloud hosting & infrastructure — for example, Amazon Web Services (data storage and compute).
- Authentication & backend services — for example, Supabase (account, session, and database management).
- Crash reporting & product analytics — aggregated, de-identified usage and stability data only.
- Transactional email — for account, security, and support messages.
We do not allow service providers to use your personal information for their own purposes. A current list of subprocessors is available on request from info@bloodhealthai.com. We may also disclose information to legal authorities when required by applicable law, and to your healthcare provider only if you explicitly authorize an export.
6. Data security
We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access is restricted to authorized personnel under the principle of least privilege. We log administrative access and review our infrastructure on a regular basis. While we take every reasonable precaution, no system is entirely immune to risk; in the event of a personal data breach affecting your data, we will notify you and applicable authorities as required by law.
7. Data retention & account deletion
We retain your data for as long as your account is active. You can delete your account at any time inside the app: Settings → Account → Delete Account. If you cannot access the app, email info@bloodhealthai.com from the address on file and we will process the deletion. Upon a verified deletion request, we begin a 30-day purge of all personally identifiable and health-related data. Fully de-identified, aggregated analytics that cannot be reasonably linked back to you may be retained. Limited records may also be retained where required by law (for example, financial or fraud-prevention records).
8. Your rights
Depending on where you live, you may have the right to:
- Access, correct, or delete your personal data.
- Export your data in a portable format.
- Withdraw consent for optional data uses at any time.
- Object to or restrict certain types of processing.
- Lodge a complaint with a data protection authority (EU/UK/EEA).
California residents (CCPA / CPRA). You have the right to know what personal information we collect, to delete it, to correct it, to limit the use of sensitive personal information, and to opt out of any “sale” or “sharing” of your personal information. We do not sell or share your personal information. To submit a verifiable consumer request or a “Do Not Sell or Share My Personal Information” request, email info@bloodhealthai.com with the subject line “CCPA Request”. We will not discriminate against you for exercising any of these rights.
EU/UK/EEA residents (GDPR / UK GDPR). The controller is Blood Health AI LLC. To exercise any GDPR right, including withdrawal of consent for health-data processing, email info@bloodhealthai.com. You also have the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, contact us at info@bloodhealthai.com.
9. Cookies & analytics
Our website uses strictly necessary cookies for authentication and security. We also use limited, aggregated analytics. We do not use cookies for cross-site advertising or third-party ad targeting. EU/UK visitors may be asked for consent before non-essential cookies are set; you can manage cookie preferences in your browser settings.
9a. SMS / text messaging (A2P 10DLC)
If you provide your mobile number and opt in to our SMS program, we collect your mobile number, your opt-in timestamp and source (for example, the contact form, waitlist form, or in-app), and the content and delivery status of messages we send to you. We use this information solely to operate the SMS program described in our SMS Terms — for example, to send account, support, waitlist, and product messages you have requested, and to honor opt-out (STOP) requests.
We do not sell, rent, share, or otherwise disclose your mobile number, SMS opt-in status, or message content to any third party or affiliate for their own marketing or promotional purposes. We share this information only with the service providers that help us operate the SMS program (such as our SMS gateway / messaging provider) under written agreements that restrict use to providing the service on our behalf. Message and data rates may apply from your wireless carrier. You can opt out at any time by replying STOP to any message, or by emailing info@bloodhealthai.com.
10. International transfers
Your data may be processed on servers located in the United States. Where required for transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or other lawful transfer mechanisms, together with supplementary measures as appropriate.
11. Children's privacy (COPPA & GDPR-K)
Our Services are not directed to and may not be used by children. Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. Consistent with EU/UK GDPR-K rules, we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact info@bloodhealthai.com and we will delete it.
12. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice and update the “Last updated” date above. Continued use of the Services after changes constitutes acceptance.
13. Contact
Blood Health AI LLC
406 E 3rd Ave, San Mateo, CA 94401, USA
info@bloodhealthai.com