Privacy Policy

Last updated: March 3, 2026

Hemoly ("we," "our," or "us") operates the Hemoly mobile application (the "App") and the website at hemoly.com (the "Website"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App and Website.

By using Hemoly, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address — used for authentication and account management
• Display name — used to personalize your experience
• Authentication credentials — managed securely through Firebase Authentication (email/password, Apple Sign In, or Google Sign In)

1.2 Health Data

When you use the App, we collect and process:

• Blood test results — biomarker names, values, units, and reference ranges extracted from uploaded lab reports
• Lab report images/PDFs — uploaded files are stored temporarily for processing and then stored in your account
• Health scores and trends — calculated from your biomarker data
• AI-generated insights — educational explanations and correlations based on your results

1.3 Usage Data

• Chat messages — conversations with the AI health assistant are stored to maintain session history
• Feature usage — quota tracking (number of health scans and chat messages used)
• Subscription status — whether you have a free or premium account
• Country and language preferences — your selected region and language

1.4 Information We Do NOT Collect

• Precise or coarse location data
• Contact lists or address books
• Financial or payment information (handled entirely by Apple)
• Device identifiers for advertising purposes
• Browsing history outside the App

2. How We Use Your Information

We use the collected information solely for the following purposes:

• App Functionality — to authenticate you, scan your lab reports, display your results, calculate health scores, generate educational insights, and provide the AI chat assistant
• Personalization — to tailor AI explanations and insights based on your biomarker results and language preference
• Product Improvement — to understand which features are used and improve the App
• Account Management — to manage your subscription, quotas, and preferences

We do NOT use your data for advertising, marketing to third parties, or tracking across other apps and websites.

3. Third-Party Services

We use the following third-party services to operate the App:

3.1 Firebase (Google Cloud)

We use Firebase for authentication, data storage (Firestore), and file storage (Cloud Storage). Your data is stored on Google Cloud servers. See Firebase Privacy Policy.

3.2 OpenAI

Lab report images and chat messages are sent to OpenAI's API for processing (parsing blood test results and generating educational responses). OpenAI processes this data according to their Privacy Policy. We use the API with data retention disabled where available.

3.3 Apple (StoreKit)

Subscription purchases are processed entirely by Apple. We only receive confirmation of your subscription status, not your payment details.

3.4 Apple HealthKit

If you grant permission, the App may read from and write to Apple Health. HealthKit data is never sent to our servers or any third party. It remains on your device and within Apple's ecosystem.

4. Data Storage and Security

• Your data is stored in Firebase (Google Cloud) with industry-standard encryption at rest and in transit.
• All API communications use HTTPS/TLS encryption.
• Authentication tokens are securely managed by Firebase Auth.
• We do not store your password — authentication is handled by Firebase.

While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

• Your account data and health records are retained as long as your account is active.
• When you delete your account, we permanently delete all associated data including Firestore records, uploaded files in Cloud Storage, and your Firebase Auth account.
• Cached AI responses (non-personal, aggregated by biomarker type) may be retained for performance purposes.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — delete your account and all associated data directly in the App (Profile → Delete Account)
• Portability — request your data in a machine-readable format
• Restriction — request we restrict processing of your data
• Objection — object to certain types of processing

To exercise any of these rights, you can delete your account directly in the App or contact us through our website.

7. Children's Privacy

Hemoly is not intended for use by children under the age of 17. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own (including the United States) where our service providers operate. By using the App, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale of personal information — we do not sell your personal information
• Right to non-discrimination for exercising your rights

10. European Residents (GDPR)

If you are in the European Economic Area, our legal bases for processing are:

• Contract — processing necessary to provide the App services you requested
• Consent — for optional features like HealthKit integration
• Legitimate Interest — for product improvement and security

You may contact us through our website for data protection inquiries.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy in the App and updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please visit hemoly.com.