Privacy Policy

1. Introduction

Welcome to HemoAI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our mobile application and related services.

Important: HemoAI provides health information for educational purposes only. It is not a substitute for professional medical advice, diagnosis, or treatment. Always consult with qualified healthcare providers.

2. Information We Collect

2.1 Health and Fitness Data

With your explicit permission, we collect and store:

• Blood test results (hemogram values, biomarkers, lab parameters)
• Medication information (names, dosages, schedules)
• Health reminders (appointments, tests, medications)
• Family health records (if you choose to use family features)
• Diet and wellness tracking data

2.2 Personal Information

To provide personalized insights, we may collect:

• Age, gender, height, weight, BMI
• Profile information (optional)
• Usage preferences (language, theme, notifications)

2.3 Device and App Information

Automatically collected technical data:

• Device type, operating system, app version
• Crash reports and performance metrics (if you enable diagnostics)
• Localization preferences
• Anonymized subscription status metadata required to verify premium access

3. How We Use Your Information

We use your data solely to:

• Generate personalized health insights and recommendations
• Track your health trends over time
• Provide reminders for medications, tests, and appointments
• Offer diet and lifestyle suggestions based on your values
• Improve app functionality, reliability, and user experience (including crash diagnostics)
• Deliver transactional emails that you explicitly request
• Ensure data security and backup integrity

4. Data Storage and Security

4.1 Local Storage

Primary Principle: All your health data is stored locally on your device. We use SQLite databases and secure storage mechanisms to keep your information private.

4.2 Encryption

When you create backups, your data is encrypted using:

• AES-256-GCM encryption with random salt and nonce
• PBKDF2-HMAC-SHA256 for key derivation (100,000 iterations)
• Your password is never stored or transmitted to our servers

4.3 Cloud Sync (Optional)

Cloud backup is disabled by default. If you explicitly enable it:

• You control which data to sync
• All data is encrypted before upload
• You can disable sync at any time

5. Data Sharing and Disclosure

We do not sell, rent, or share your personal health data with third parties.

Limited data sharing may occur only:

• Within your family group: If you explicitly invite family members, they can view shared records you authorize
• With your explicit consent: When you use "Share Report" to export PDF/Excel files
• Legal requirements: If required by law or to protect our rights

6. Permissions

HemoAI may request the following permissions:

• Internet & Network: For optional cloud features (disabled by default)
• Camera: Optional OCR scanning of lab reports
• Photos/Media: To pick images for OCR or export reports
• Notifications: For health reminders
• Biometric: Optional app lock security

All permissions can be revoked anytime in your device settings.

7. Your Rights and Control

You have full control over your data:

• Access: View all your stored data in the app
• Export: Download your complete data as encrypted backups
• Delete: Remove individual records or wipe all data
• Opt-out: Disable analytics, notifications, or cloud sync anytime
• Correction: Edit or update any information

8. Children's Privacy

HemoAI is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided personal information, please contact us immediately.

9. International Users

HemoAI is designed to comply with:

• GDPR (European Union): Right to access, rectify, erase, restrict processing, data portability
• HIPAA Awareness (US): While we do not qualify as a "covered entity," we follow medical data security best practices
• Turkish Data Protection Law: KVKK compliance

10. Third-Party Services

HemoAI integrates with the following processors to deliver specific features; each integration is limited to the minimum data required:

• Firebase Crashlytics & Performance Monitoring (Google LLC): Crash stacks, device model, OS version, anonymized session identifiers. Crash reports are retained for up to 90 days unless you request deletion.
• Firebase Cloud Functions (Google LLC): Handles secure premium status checks and Stripe checkout sessions. Requests include plan type, anonymized user ID, and success/failure metadata.
• Stripe: Processes subscription purchases. Card data never touches our servers.
• SendGrid (Twilio SendGrid, Inc.): Sends transactional emails (verification codes, receipts, support responses).
• Google ML Kit: Provides OCR functionality; data is processed on-device when possible.
• Supabase (optional): If you enable future cloud sync features — all payloads are end-to-end encrypted before they leave your device.

11. Data Retention

Your data is stored on your device until you:

• Delete it manually
• Uninstall the app
• Use the "Clear All Data" option in settings

If cloud sync is enabled, you can delete your cloud data at any time. Crash diagnostics and delivery logs are automatically purged within 90 days unless we are legally required to retain them longer.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via:

• In-app notification
• Email (if you provided one)
• Update to this page with a new "Last updated" date

Continued use of the app constitutes acceptance of the updated policy.

14. Medical Disclaimer

Important: HemoAI provides health information and analysis tools for educational and informational purposes only. This application is not intended to diagnose, treat, cure, or prevent any medical condition or replace professional medical advice. Always seek the advice of your physician with any questions regarding a medical condition.

15. Consent

By using HemoAI, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and storage of your information as described herein.