Privacy Policy

Last Updated: January 7, 2025

At Blood Buddy ("Blood Buddy AI," "Blood Buddy," "we," "us," or "our"), your privacy matters to us. This Privacy Policy outlines how we collect, use, disclose, and protect the limited information we collect from you in connection with your use of the Blood Buddy platform. By using our services, you agree to the practices described herein.

Commitment to Data Minimisation and Local Processing

Blood Buddy is committed to minimizing the collection and storage of personal data. We have designed our platform to process the majority of data locally on your device, with only de-identified information being transmitted and stored to our servers. Blood Buddy developers have zero access to user data at any time.

User Classification and Agreement to Terms

This Privacy Policy applies to:

Visitors: Individuals browsing our publicly available website.

Customers: Users of the Blood Buddy platform.

By accessing our website or platform, you agree to the terms outlined in this Privacy Policy.

Information We Collect

To ensure privacy and minimise data collection, the Blood Buddy platform operates with the following principles:

Local Data Processing: The vast majority of data processing, including the extraction of key markers and values from your blood test results, occurs locally on your device using secure algorithms. This helps ensure that sensitive information remains under your control.

Text Transformation: The data is transmitted in text, with other functions performed (see below).

De-identified Data Transmission: Only de-identified data in the form of text is transmitted to our servers.

Universally Unique Identifier (UUID): A UUID is generated locally on your device when you install the Blood Buddy app. This UUID is primarily used for device identification to ensure proper functioning of the app. It is not retained for long-term analytical purposes.

Temporary PIN: When syncing data between devices, a temporary PIN is generated. This PIN is only used for the synchronization process and is not stored on our servers.

Anonymized Blood Test Data: We collect and store only the anonymized blood test results, markers, and their values in the form of text.

Details on De-identification Techniques:

To protect your privacy and ensure that your data cannot be linked back to you, we employ the following de-identification techniques when processing blood test results, markers, and values:

Pseudonymization: Direct identifiers (such as name, date of birth, address, or contact information) are never collected or stored. Instead, a temporary pseudonym is used to track your interactions with the platform for usage analytics.

Generalization: Potentially sensitive numerical values (e.g., specific cholesterol levels) may be generalized into broader categories (e.g., "low," "normal," "high"). This reduces the granularity of the data and makes it more difficult to re-identify individuals.

Removal of Direct Identifiers: We actively remove any information that could directly identify you, such as names, addresses, contact details, or any other PII.

Data Minimization: When transmitting data to our servers for AI learning or other models, data is used in the smallest form factors to ensure that data is only used as needed. Data processed by AI models is not retained after processing.

AI Interactions: Any interactions with AI chatbots or similar features are stored locally on your device and are not transmitted to our servers.

We continuously evaluate and update our de-identification techniques to ensure they meet or exceed industry best practices and comply with all applicable data privacy laws.

Usage Data: We may collect anonymized and aggregated usage data, which does not identify you personally. This data includes information about how you use the platform, such as the features you access and the frequency of use.

Feedback Data: If you contact us with feedback or questions, we may collect your email address and the content of your communication.

Payment Data: If you purchase a subscription, your payment information is processed by our third-party payment processor (as defined in the Terms of Use). We do not directly store your credit card details or other financial information.

Disclaimer: While we take extensive measures to de-identify your data, please be aware that no de-identification technique is perfect, and there is always a theoretical risk of re-identification. We are committed to minimizing this risk and protecting your privacy to the best of our ability.

How We Use the Information We Collect

We use the limited information we collect for the following purposes:

Improving the Platform: We use aggregated and anonymized usage data, including text data from the anonymized blood test results, to understand how users interact with the platform, to improve the AI and models in the app, and to identify areas for improvement. Under no circumstances can any individual be identified.

Provide Service: We use anonymized blood test data, markers and values in the form of text, to provide the service to users on devices.

Providing Support: If you contact us with questions or feedback, we may use your email address to respond to your inquiry.

Processing Payments: Payment information is used by our third-party payment processor to process your subscription payments.

We do not use your information for marketing, advertising, or any other commercial purposes without your explicit consent.

Data Security

We take reasonable measures to protect the limited information we collect from unauthorized access, use, or disclosure. These measures include:

Data Security For Blood Test Data: All anonymised blood test data is strongly encrypted to prevent breaches and third parties from understanding that data.

Encryption: All data transmitted between your device and our servers is encrypted using industry-standard protocols.

Access Controls: Access to our servers is restricted to authorized personnel only.

Regular Security Audits: We conduct regular security audits to identify and address potential vulnerabilities.

However, please be aware that no method of transmission over the internet or method of electronic storage is completely secure.

Data Retention

We retain the limited information we collect for only as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Temporary PIN: Temporary PINs are not stored on our servers after the synchronization process is complete.

Usage Data: Anonymized and aggregated usage data may be retained indefinitely for analytical purposes.

Blood Test Data: Blood test data is kept to ensure the product can improve and continue to function. This will stay in place unless we are required to remove it by UK law or the user requests it. You have the right to request that we erase your personal data. This includes the option to delete all data and UUID associated with your use of the service by deleting your account from within the app. This action is not reversable. Please note that deleting your account does not cancel your Blood Buddy subscription. To cancel your subscription, you must do so directly through the Apple App Store, Google Play Store or third-party services, depending on how you initially subscribed.

Feedback Data: Email addresses and communication content are retained for as long as necessary to resolve your inquiry.

Third-Party Services

We use third-party services, including payment processors, to provide certain functionality within the Blood Buddy platform. These third-party services have their own privacy policies, which you should review carefully. We are not responsible for the privacy practices of these third-party services.

Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have certain rights with respect to your personal data:

Right to Access: You have the right to request access to the limited personal data we hold about you. We will respond to your request in a timely manner.

Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data. This includes the option to delete all data and UUID associated with your use of the service by deleting your account from within the app. This action is not reversible. Please note that deleting your account does not cancel your Blood Buddy subscription. To cancel your subscription, you must do so directly through the Apple App Store, Google Play Store or third-party services, depending on how you initially subscribed.