Privacy Policy

Effective: April 15, 2026

1. Introduction

BloodSight.com ("we", "us", "our") operates a web-based personal data organization tool for lab results (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service. For questions, contact support@bloodsight.com.

2. Information We Collect

Account Data

Name, email address, and authentication method (email/password or Google sign-in).

Profile Data

Name, date of birth, biological sex, height, and weight — provided optionally to improve the accuracy of organized results.

Uploaded Lab Data

Values, units, reference ranges, and plain-language descriptions extracted from the lab result documents you upload. We treat this as sensitive personal information.

Usage Data

IP address, browser type, device information, and timestamps collected automatically through server logs.

Billing Data

Subscription status and transaction identifiers. Payment details (credit card numbers, billing addresses) are handled entirely by Paddle and are never stored on our servers.

3. How We Use Your Information

  • Providing the lab result organization service
  • Storing your record history for trend tracking
  • Sending your data to third-party AI service providers to generate plain-language descriptions
  • Sending transactional emails (processing completion, billing notifications)
  • Maintaining security and preventing abuse of the Service

4. AI Processing

To generate plain-language descriptions, we send your extracted lab data (names, values, units, and reference ranges) along with basic profile information (age, sex) to third-party AI service providers. These providers process your data under contract and do not use it to train their AI models. Generated outputs may contain errors and are provided for informational purposes only.

5. Third-Party Service Providers

  • AI service providers — generate plain-language descriptions from your lab data
  • Paddle — our Merchant of Record, handles payment processing and billing. See Paddle's privacy policy for details.
  • Google — provides optional sign-in authentication
  • Infrastructure providers — hosting and data storage

We do not sell your personal data.

6. Data Retention and Deletion

  • Uploaded files — deleted together with extracted data when you delete a report or your account
  • Extracted lab data and generated descriptions — retained until you delete the specific report or your account
  • Account data — retained while your account is active. Permanently deleted when you delete your account
  • Billing records — retained as required by applicable tax and accounting laws

When you delete a report, all associated data — the uploaded file, extracted values, and generated descriptions — is permanently removed. When you delete your account, all your data is permanently deleted.

7. Data Security

We protect your data using encryption in transit (HTTPS/TLS), hashed passwords, and access controls. While we implement industry-standard security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. Shared Links

You may create shareable links to your reports. Anyone with the link URL can view the shared report. You can deactivate shared links at any time. Shared links have expiration dates.

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from a minor, we will promptly delete it. If you believe a minor has provided us with personal information, please contact support@bloodsight.com.

10. Your Rights

You have the right to:

  • Access your data — your record history and profile information are visible in your dashboard
  • Delete your data — delete individual reports or your entire account from settings
  • Export your data — contact support@bloodsight.com to request a data export
  • Withdraw from AI processing — you may cancel your subscription and delete your data at any time

11. Cookies

We use minimal cookies for essential functionality only:

  • Session cookie — maintains your login session (functional, required)
  • Sidebar preference — remembers your sidebar state (functional, optional)

We do not use tracking cookies, advertising cookies, or third-party analytics.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. The "Effective" date at the top of this page indicates the latest revision.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at support@bloodsight.com.