meBlood

Privacy Policy

Last updated: 6 March 2026

This Privacy Policy describes how meBlood ("we", "us", or "our") collects, uses, and protects your information when you use our blood test analysis service ("the Service").

By using the Service, you consent to the data practices described in this policy.

1. Information We Collect

Information You Provide

  • Email address — used for account authentication and to send you your reports and login codes.
  • Profile information — age, gender, and weight, if you choose to provide them. This information is used solely to personalise your blood test analysis.
  • Blood test documents — PDFs, images, or Word documents you upload for analysis.

Information Generated by the Service

  • Extracted blood test data — marker names, values, units, and reference ranges extracted from your uploaded documents.
  • AI-generated reports — personalised HTML reports created from your blood test data.
  • Credit and billing records — transaction history for credit purchases.

Information Collected Automatically

  • Usage data — pages visited, features used, and actions taken within the Service.
  • Log data — IP address, browser type, and access times for security and debugging purposes.
  • Cookies — session cookies required for authentication. We do not use tracking or advertising cookies.

2. How We Use Your Information

We use your information solely to:

  • Provide the Service — process your blood test documents, generate reports, and deliver them to you.
  • Authenticate you — send magic code login emails and maintain your session.
  • Personalise reports — use your age, gender, and weight to provide contextually relevant analysis.
  • Process payments — facilitate credit purchases through our payment processor (Stripe).
  • Improve the Service — analyse aggregate, anonymised usage patterns to improve performance and features.
  • Communicate with you — send transactional emails (login codes, report notifications) and respond to support requests.

We do not use your information for:

  • Advertising or marketing to third parties
  • Selling or renting your personal or health data
  • Building advertising profiles
  • Any purpose unrelated to providing and improving the Service

3. How We Handle Your Uploaded Files

Your privacy regarding uploaded health documents is our highest priority:

  • Temporary processing only. Uploaded files are saved to temporary server memory for text extraction and are permanently deleted immediately after processing. We do not retain your original uploaded files.
  • De-identification. Before AI analysis, extracted text is processed to remove personally identifiable information including dates, patient IDs, phone numbers, email addresses, and physician names.
  • No permanent file storage. We do not use cloud storage services (such as Amazon S3) to store your uploaded documents.

4. Data Storage and Retention

  • Reports and extracted data are stored in a secure PostgreSQL database and associated with your account.
  • You may delete your reports at any time from your dashboard. Deletion is permanent and cannot be undone.
  • Account data is retained as long as your account is active. If you wish to delete your account entirely, contact us at [email protected].
  • Credit and billing records are retained for accounting and legal compliance purposes.
  • Action logs (processing metadata such as token usage and timing) are retained for operational monitoring and do not contain your health data.

5. Data Sharing and Third Parties

We share your data only with the following third-party service providers, and only to the extent necessary to operate the Service:

Provider Purpose Data Shared
Anthropic (Claude AI) Blood test analysis and report generation De-identified extracted text, age, gender, weight
Amazon Web Services (SES) Transactional email delivery Email address, email content
Stripe Payment processing Email address, payment details (handled directly by Stripe)

Important notes:

  • Anthropic processes de-identified text only. Your name, date of birth, and other personal identifiers are removed before any data is sent to the AI.
  • Stripe handles all payment card data directly. We never see or store your full card number.
  • We do not share your data with data brokers, advertisers, or any other third parties.

6. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • All data in transit is encrypted using TLS/SSL.
  • Database access is restricted and authenticated.
  • Session tokens are cryptographically signed.
  • Magic code authentication eliminates password-related vulnerabilities.
  • Uploaded files are deleted from server memory immediately after processing.

While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate personal data.
  • Deletion — Request deletion of your personal data and reports.
  • Portability — Request your data in a portable format.
  • Objection — Object to certain processing of your personal data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18 without parental consent, we will take steps to delete that information.

9. International Data Transfers

Your data may be processed in countries other than your country of residence, including countries where data protection laws may differ. By using the Service, you consent to the transfer of your data to these countries. We ensure appropriate safeguards are in place for such transfers.

10. Cookies

We use only essential cookies required for the Service to function:

  • Session cookie — maintains your authenticated session. Expires when you close your browser or after a period of inactivity.

We do not use analytics cookies, tracking cookies, or advertising cookies. We do not use any third-party cookie-based tracking services.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Summary of Key Points

  • We never store your uploaded files beyond temporary processing.
  • We de-identify your data before AI analysis.
  • We never sell your data.
  • We use no tracking cookies.
  • You can delete your reports at any time.
  • You can request full account deletion by emailing us.