Privacy Policy
Last updated: [Date]
Welcome to the Blood Test Results Interpreter application. Your privacy is important to us. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our application.
Information We Collect
We collect the following types of information:
- Personal and Health Information You Provide: This includes gender assigned at birth, age, height, weight, additional health comments, and the blood/urine test results you upload (including any data extracted via OCR). This may constitute sensitive health data.
- Payment Information: Processed securely by Stripe. We do not store your full credit card details. We may receive transaction identifiers from Stripe.
- Usage Data (Optional/Future): We may collect information about how you access and use the service (e.g., error logs, performance data) for improvement purposes.
How We Use Your Information
We use the information we collect solely for the purpose of:
- Processing your payment via Stripe.
- Generating the AI-based interpretation of your submitted test results using the OpenAI API.
- Providing the generated interpretation report to you via a temporary Vercel Blob link.
- Temporarily storing processing status and the report link using Vercel KV.
- Troubleshooting issues and improving the service (using anonymized or aggregated data where possible).
Your specific health data and OCR results are processed only to generate the report you requested after payment.
Data Processing and Storage
- OCR processing occurs within your browser.
- Form data and OCR text are temporarily stored in your browser's localStorage before payment.
- After payment, your form data and OCR text are sent to our backend on Vercel and temporarily stored in Vercel KV to initiate processing via Inngest.
- The AI interpretation is generated by sending relevant data (form details, OCR text) to the OpenAI API. Please refer to OpenAI's privacy policy.
- The final PDF report is stored temporarily in Vercel Blob storage.
- Processing status and the link to the report are stored temporarily in Vercel KV.
Data Retention and Deletion
- Input data (form details, OCR text) stored temporarily in Vercel KV before processing is deleted shortly after the interpretation report is generated.
- The generated PDF report stored in Vercel Blob is **automatically deleted approximately 1 hour** after its creation by an automated cleanup process.
- You also have the option to delete your generated report data immediately after download using the "Delete My Interpretation Data Now" button. This will delete both the file from Vercel Blob and the corresponding status record from Vercel KV.
- Status records in Vercel KV related to pending or failed processes may expire after 48 hours.
- Browser localStorage data is cleared after successful submission for analysis.
Third-Party Services
We use the following third-party services:
We recommend you review the privacy policies of these third-party services.
Data Security
We implement reasonable measures to protect your information, but no system is completely secure. Data is transmitted over HTTPS. Access to backend systems and keys is restricted.
Your Rights (GDPR/Data Protection)
[Detail user rights - e.g., access, rectification, erasure (subject to deletion policy), restriction, objection. Explain how users can exercise these rights, e.g., via a contact email.]
As the service is largely anonymous after data deletion, exercising some rights might be limited once the `analysisId` and associated data are deleted.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us: [Your Contact Email or Link]