Privacy Policy and Data Processing Agreement

Data Processing Details

File Types and Upload:

• We accept blood test results in PDF, JPG, and PNG formats
• You can upload historical test results to build a comprehensive health timeline
• Files are securely encrypted upon upload

Data Analysis

• We use artificial intelligence to extract data from your blood test results
• Analyze patterns and trends
• Provide general information about your test results
• Generate visualizations of your historical data
• Our AI provides general advice and information based on publicly available medical knowledge
• This analysis is automated and not reviewed by healthcare professionals

Important Disclaimers

• Our service is for informational purposes only
• Analysis and advice are generated by AI and are not verified by medical professionals
• This is not a substitute for professional medical advice, diagnosis, or treatment
• Always consult qualified healthcare professionals for interpretation of your test results
• Never disregard professional medical advice or delay seeking it because of information provided by our service

• Create an account with a valid email address
• Verify your email by clicking the verification link
• Explicitly consent to storage and processing of your health data
• Accept processing of your data in the United States
• Accept our Privacy Policy and Terms of Service
• Self-declare that you are 18 years or older

• End-to-end encryption for all data transmissions
• Secure storage using advanced encryption protocols
• Strict access controls and multi-factor authentication
• Regular security audits and monitoring
• Secure deletion of data upon account termination

Full compliance with:

• APP 8 and APP 11 for overseas disclosure and data security
• UK GDPR requirements for special category data
• EU GDPR data protection principles, including data minimization and purpose limitation
• HIPAA requirements for protecting PHI

• Access: View your stored personal and health information
• Correction: Request corrections to your data
• Withdrawal: Withdraw consent and request data deletion
• Copy: Receive a copy of your stored data
• Complaints: Lodge complaints about data handling
• Breach Notification: Be notified of any data breaches affecting your personal information

These rights are granted under:

• Australian Privacy Act 1988
• UK GDPR
• EU GDPR
• HIPAA

• Self-declaration of being 18 years or older
• A valid, verified email address
• Enforced strong password requirements
• Optional two-factor authentication for enhanced security

We do not knowingly collect or process data from individuals under 18. If discovered:

• Data processing will immediately cease
• All collected data will be deleted
• Relevant authorities will be notified where required

We may share your data with:

• Service Providers: To assist in delivering our services
• Data processing will immediately cease
• Legal Authorities: When required by law
• Emergency Services: In cases of imminent harm

All third parties are bound by:

• Strict confidentiality agreements
• Data processing agreements
• igorous security requirements

We ensure compliance with:

• APP 8 for overseas disclosure
• UK GDPR and EU GDPR for data processing agreements
• HIPAA for third-party business associate agreements (BAAs)

We use cookies for:

• Essential Functions: To enable account functionality
• Session Security: To maintain session integrity
• Legal Authorities: When required by law
• Analytics: With your explicit consent

Cookie preferences can be managed via your browser settings.

Your data will be processed in the United States and stored securely in compliance with:

• APP 8 for cross-border data transfers
• UK GDPR and EU GDPR for international data transfers
• HIPAA for secure data processing and storage

We ensure that any international data transfer:

• Complies with cross-border data transfer regulations
• Is safeguarded by appropriate measures, including Standard Contractual Clauses (SCCs)
• Is necessary for delivering our services
• Is disclosed to you before the transfer

Our security measures include:

• Regular security assessments and vulnerability testing
• Employee access controls and training
• Incident response protocols
• Data backup and recovery systems
• Continuous system monitoring and logging

Compliance with:

• ISO 27001 standards for information security management
• NIST Cybersecurity Framework for risk management

• Our service provides AI-based analysis only and is not a substitute for medical advice
• Users should consult qualified healthcare professionals for medical interpretation
• We do not sell or share your data with third parties
• We comply with lawful requests from authorities when required

• Data is retained while your account is active
• Automatic deletion occurs 30 days after account termination
• Backup copies are retained for a maximum of 90 days
• Usage logs are retained for up to 12 months

In the event of a data breach:

• Affected users will be notified within 72 hours
• Details of the breach will be provided
• Steps taken to mitigate risks will be outlined
• Guidance on recommended actions will be shared

We comply with:

• APP 11 for security and data breach response
• UK GDPR and EU GDPR breach notification requirements
• HIPAA breach notification rules

Email:

• support@smarterblood.org