Privacy Policy
Last updated March 30, 2026
This Privacy Policy for My Health Story ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Download and use our mobile application (My Health), or any other application of ours that links to this Privacy Policy
- Visit our website at myhealthstory.ai, or any website of ours that links to this Privacy Policy
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@myhealthstory.ai.
- What Information Do We Collect?
- How Do We Handle Health Data?
- How Do We Process Your Information?
- When and With Whom Do We Share Your Personal Information?
- How Do We Use AI Features?
- How Do We Handle Your Social Logins?
- How Long Do We Keep Your Information?
- How Do We Keep Your Information Safe?
- Do We Collect Information From Minors?
- What Are Your Privacy Rights?
- Controls for Do-Not-Track Features
- Do United States Residents Have Specific Privacy Rights?
- Do We Make Updates to This Policy?
- How Can You Contact Us About This Policy?
- How Can You Review, Update, or Delete the Data We Collect From You?
1. What Information Do We Collect?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
The personal information we collect may include the following:
- Names
- Email addresses
- Date of birth
- Blood type
- Allergies
- Emergency contact information
- Profile photos
- Authentication data (via Google or Apple Sign-In)
Health Information
Our Services are designed to help you manage your health. You may choose to provide us with health-related information, including:
- Medical records (prescriptions, lab results, imaging, visit summaries)
- Medication details and schedules
- Doctor visit notes and audio recordings
- Health metrics (blood pressure, blood glucose, heart rate, weight, temperature, oxygen saturation, step count)
- Chat conversations with our AI health assistant
Information automatically collected
In Short: Some information is collected automatically when you use our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, and other technical information. This information is primarily needed to maintain the security and operation of our Services.
Information collected from other sources
If you choose to connect Apple Health or Google Health Connect, we may collect health metrics from those platforms, including blood pressure, blood glucose, heart rate, weight, body temperature, oxygen saturation, and step count. This data is only collected with your explicit permission and is used solely to display your health data within the app.
2. How Do We Handle Health Data?
In Short: Your health data is stored securely and is never sold or shared for advertising purposes.
We take the protection of your health data very seriously. Here is how we handle it:
- Storage: All health data is stored in encrypted databases hosted on Amazon Web Services (AWS) infrastructure.
- Access: Your health data is only accessible to you through your authenticated account. Our team does not access your personal health data unless required to provide technical support at your request.
- No Selling: We will never sell your health data to third parties.
- No Advertising: Your health data is never used for advertising or marketing purposes.
- AI Processing: When you use our AI chat features, your health data may be processed by third-party AI providers (Anthropic/Claude) to generate responses. This processing is done under strict data processing agreements. The app requires your explicit consent before any health data is shared with AI services.
- Deletion: You can delete your account and all associated health data at any time from within the app.
3. How Do We Process Your Information?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for a variety of reasons, including:
- To facilitate account creation and authentication and otherwise manage user accounts.
- To deliver and facilitate delivery of services to you, including medication reminders, health tracking, medical record storage, and AI-powered health insights.
- To send push notifications such as medication reminders, which you can disable at any time.
- To respond to user inquiries and provide support.
- To protect our Services, including fraud monitoring and prevention.
- To comply with legal obligations.
4. When and With Whom Do We Share Your Personal Information?
In Short: We may share information in specific situations described below.
We may share your information in the following situations:
- AI Service Providers: When you use the AI chat feature, relevant health context is shared with our AI provider (Anthropic) to generate responses. This data is processed under their data processing agreements and is not used to train their models.
- Cloud Infrastructure: Your data is stored on Amazon Web Services (AWS). AWS acts as a data processor and does not access your data.
- Authentication Providers: When you sign in with Google or Apple, we receive basic profile information (email, name) from these providers.
- Legal Requirements: We may disclose your information where required by law, such as to comply with a subpoena or similar legal process.
We do not share your personal information with advertisers, data brokers, or social media platforms.
5. How Do We Use AI Features?
In Short: AI features process your health data to provide personalized health insights. Your explicit consent is required before any data is shared. AI responses are not medical advice.
Consent: Before any health data is shared with AI services, the app presents a clear disclosure explaining what data is sent, who receives it, and how it is protected. You must explicitly agree before the AI features can access your data. You can use the app's other features (medication tracking, records, visits, metrics) without consenting to AI data sharing.
- AI Health Chat: Our AI assistant uses your health records, medications, and metrics to provide contextual responses. This data is sent to Anthropic's Claude API for processing.
- Medical Record Analysis: When you upload medical records, AI may be used to extract and organize key information such as diagnoses, medications, and test results.
- Visit Transcription: Doctor visit audio recordings may be processed using AI (OpenAI Whisper) to generate transcriptions and summaries.
- Not Medical Advice: AI-generated content is for informational purposes only and should not be considered medical advice. Always consult with a healthcare professional for medical decisions.
6. How Do We Handle Your Social Logins?
In Short: If you sign in using Google or Apple, we collect limited profile information.
We offer the ability to register and log in using your Google or Apple account. When you do so, we receive your name and email address from the provider. We do not access your contacts, photos, or other data from these providers. We use this information solely for authentication and account creation.
7. How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to provide our Services, unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.
8. How Do We Keep Your Information Safe?
In Short: We use industry-standard security measures to protect your data.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect your personal information, including:
- Encrypted data transmission (TLS/HTTPS)
- Encrypted database storage (AWS Aurora with encryption at rest)
- Secure file storage (AWS S3 with server-side encryption)
- JWT-based authentication with short-lived access tokens
- Passwords hashed using bcrypt
- Secure token storage on device (iOS Keychain / Android Keystore)
However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
9. Do We Collect Information From Minors?
In Short: We do not knowingly collect data from or market to children under 13 years of age.
We do not knowingly collect, solicit data from, or market to children under 13 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 13 years of age has been collected, we will take reasonable measures to promptly delete such data.
10. What Are Your Privacy Rights?
In Short: You may review, change, or terminate your account at any time.
Depending on your location, you may have the following rights regarding your personal information:
- Access: You can request access to the personal information we hold about you.
- Correction: You can update your profile and health information directly in the app.
- Deletion: You can delete your account and all associated data from the Profile screen in the app, or by contacting us.
- Data Portability: You can request a copy of your data in a machine-readable format.
- Withdraw Consent: You can disconnect health data sources (Apple Health, Google Health Connect) at any time.
To exercise any of these rights, please contact us at support@myhealthstory.ai.
11. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting. We do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online, as no uniform technology standard for recognizing and implementing DNT signals has been finalized.
12. Do United States Residents Have Specific Privacy Rights?
In Short: Yes, if you are a resident of certain US states, you may have additional privacy rights.
If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale or sharing of your personal information (we do not sell your data)
- Non-discrimination for exercising your privacy rights
To exercise these rights, please contact us at support@myhealthstory.ai.
13. Do We Make Updates to This Policy?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.
14. How Can You Contact Us About This Policy?
If you have questions or comments about this policy, you may email us at support@myhealthstory.ai.
15. How Can You Review, Update, or Delete the Data We Collect From You?
Based on the applicable laws of your country or state, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
You can review and update your information directly within the app's Profile section. To delete your account and all associated data, use the "Delete Account" option in the app's Profile section, or contact us at support@myhealthstory.ai.