Bloodworks.app ("we", "our", or "us") operates the website https://bloodworks.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
1. Information We Collect
Personal Information You Provide
When you create an account or use our services, we may collect:
- Account information: name, email address, and password
- Health data: blood test results, biomarker values, and related health information you upload for AI analysis
- Payment information: billing details processed securely through our payment provider (Stripe). We do not store your full card details.
- Communications: messages you send through our support or chat features
Information Collected Automatically
When you visit our website, we may automatically collect:
- Device information: browser type, operating system, device type
- Usage data: pages visited, time spent, referral source
- IP address: used for security, analytics, and fraud prevention
- Cookies: authentication tokens and session management (see Section 6)
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our AI-powered blood test analysis service
- Process your account registration and manage your subscription
- Analyse your uploaded blood test results and generate personalised health insights
- Send you important service updates and security notifications
- Respond to your enquiries and provide customer support
- Detect, prevent, and address technical issues and security threats
- Publish and share blog content on social media platforms (Facebook, X/Twitter, Pinterest, Instagram) to promote health education
3. Health Data
We understand the sensitivity of health-related information. Your blood test results and health data are:
- Stored securely using industry-standard encryption
- Never sold to third parties
- Never shared with insurance companies, employers, or other third parties without your explicit consent
- Used solely to provide you with AI-powered analysis and insights
- Deletable at your request — you can delete your account and all associated data at any time
Important: Bloodworks.app provides AI-generated health insights for educational purposes only. Our analysis does not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for medical decisions.
4. Third-Party Services
We use the following third-party services to operate Bloodworks.app:
- Stripe: secure payment processing. Stripe Privacy Policy
- OpenAI: AI analysis of blood test results and content generation. Data sent to OpenAI is subject to their Privacy Policy
- Bunny.net CDN: content delivery and image hosting. Bunny.net Privacy Policy
- Social media platforms (Facebook, X/Twitter, Pinterest, Instagram): blog content sharing only — no user data is shared with these platforms
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our services. You may request deletion of your account and data at any time by contacting us. Upon account deletion:
- Your personal information and health data will be permanently deleted
- Anonymised, aggregated data may be retained for analytics purposes
- Data required by law (e.g. financial records) may be retained as legally required
6. Cookies
We use essential cookies to:
- Authentication: keep you signed in to your account
- Security: prevent cross-site request forgery and protect your session
We do not use third-party tracking cookies or advertising cookies. We do not track you across other websites.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data
- Portability: request your data in a portable format
- Objection: object to certain processing of your personal data
To exercise any of these rights, please contact us at the email address below.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal information, including:
- HTTPS encryption for all data in transit
- Secure password hashing
- Regular security reviews and updates
- Access controls limiting who can view personal data
While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
9. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: