Privacy Policy

1. Introduction

Welcome to MediSync Labs (“MediSync Labs,” “we,” “us,” or “our”). This Privacy Policy explains what information we collect, how we collect it, how we use it, when we share it, and how we protect it when you use our website, mobile applications, and related services (collectively, the “Service”).

By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

• Account Information: your email address, password, first name, last name, creator code, referral code information, and subscription or plan status.
• Profile and Demographic Information: age, birthday, sex, ethnicity, pregnancy status, smoking status, height, weight, and related profile details you choose to enter.
• Health and Wellness Information: blood test results, lab values, test names, units, test dates, medications, medical conditions, symptoms, health goals, lifestyle inputs, notes, follow-up dates and times, progress entries, meal entries, and other health-related information you choose to provide.
• Health Outputs Stored in Your Account: interpretations, recommendations, trend forecasts, risk indicators, unique insights, global averages, meal recommendations, reminder data, progress records, AI-generated summaries, and other outputs generated for your account.
• Uploaded Files and Images: PDFs, screenshots, photos, lab report images, scanned documents, and other files you upload or capture for supported features.
• Genetic Information: if you choose to use genetic analysis features, we may collect genetic files, SNPs, genotypes, genetic insights, and related genetic information you upload or request us to analyze.
• AI Feature Inputs: prompts, questions, symptom descriptions, chat messages, health notes, uploaded materials, and other content you submit while using AI-assisted features.
• Support and Communication Information: information you send through support requests, feedback forms, reviews, reports, or direct communications with us.

2.2 Information Collected Automatically

• Usage Information: pages or screens viewed, features used, buttons clicked, account actions taken, time spent, upload counts, and similar usage events.
• Feature Usage Status: whether certain features were used, such as meal planning, symptom checker, AI chat, trend analysis, lifestyle simulation, checklist completion, and related engagement status.
• Device and Technical Information: IP address, browser type, operating system, device type, app version, language, approximate region, and device or browser identifiers.
• Log and Diagnostics Information: crash logs, error reports, server logs, performance logs, and diagnostics data used to maintain and improve the Service.
• Tracking and Measurement Information: cookie identifiers, local storage identifiers, pixel identifiers, event IDs, campaign parameters, Meta browser identifiers, TikTok identifiers, Google advertising identifiers, and similar advertising or analytics measurement data where enabled.

2.3 Information From Payment, Subscription, and Platform Providers

• Payment and Subscription Information: subscription plan, trial status, payment status, billing status, renewal status, subscription start or end dates, and transaction-related information from payment processors or app marketplace platforms. We do not store full payment card numbers in MediSync Labs.
• Stripe-Related Information: Stripe customer ID, Stripe subscription ID, invoice-related status, and Stripe event information needed to manage billing and prevent duplicate processing.
• Apple Subscription Information: Apple original transaction ID, last transaction ID, app account token, product ID, environment, and subscription-provider information used to validate iOS subscriptions and link entitlements to your account.
• Google or Other Platform Information: if you access MediSync Labs through Google Play or another platform, we may receive limited information needed to validate app access, subscriptions, or entitlements.

2.4 Consent Records

• AI Consent Information: whether you gave consent for certain AI-assisted processing, the date and time of consent, and the consent version presented to you.

2.5 Cookies, Pixels, SDKs, and Similar Technologies

We use cookies, pixels, SDKs, local storage, server-side event tracking, and similar technologies to operate the Service, keep you signed in, remember your preferences, improve performance, understand how the Service is used, measure marketing or advertising performance where such tools are enabled, and detect abuse or technical issues.

2.6 Sensitive and Health-Related Data

Some information you provide to MediSync Labs may be sensitive personal information, including health-related information and, if you choose to use applicable features, genetic information. We collect and process this information only to provide the features you request, personalize your experience, generate insights, maintain your account, improve the Service, comply with law, and for the other purposes described in this Privacy Policy.

3. How We Collect Your Information

We collect information in the following ways:

• From forms you complete: signup forms, profile forms, health profile forms, symptom forms, payment or upgrade flows, consent dialogs, reviews, support forms, and similar inputs.
• From information you type into the Service: health questions, symptom descriptions, medications, conditions, chat messages, notes, goals, and profile details.
• From files, photos, and documents you upload: lab reports, images, PDFs, screenshots, genetic files, and similar materials.
• From camera or scanning features you choose to use: including when you capture or upload a document or image for processing.
• From your use of AI-assisted features: when you request AI-generated insights, summaries, explanations, health guidance, chatbot responses, genetic analysis, or document analysis.
• Automatically from your device and browser: through logs, cookies, pixels, SDKs, analytics tools, and server-side event processing.
• From payment and platform providers: such as Stripe, Apple, Google, and similar providers for subscription confirmation, entitlement validation, or transaction status.
• From your communications with us: such as support requests, reports, reviews, or feedback.

4. How We Use Your Information

We use information for purposes such as:

• Providing the Service: creating accounts, authenticating users, saving profiles, processing uploads, displaying results, reminders, dashboards, meal plans, progress items, and insights.
• Personalization: tailoring outputs based on information you provide, including your profile, symptoms, medications, health goals, uploaded materials, lab results, and usage patterns.
• AI-Assisted Features: generating health-related explanations, interpretations, summaries, guidance, chatbot responses, symptom support, trend analysis, document analysis, and optional genetic insights when you choose to use those features and provide required permission.
• Subscriptions and Payments: managing billing, trials, subscriptions, receipts, access levels, account entitlement, Apple or Google marketplace subscription verification, and service access.
• Support and Communication: responding to support requests, service questions, account issues, and product feedback.
• Security and Fraud Prevention: protecting accounts, detecting abuse, preventing unauthorized access, preventing duplicate or conflicting billing events, enforcing our Terms, and maintaining platform integrity.
• Analytics and Product Improvement: understanding feature usage, improving performance, fixing bugs, testing new features, and improving Service quality.
• Communications: sending service messages, account alerts, onboarding emails, reminders, receipts, subscription notices, and marketing communications where permitted by law.
• Legal and Compliance: complying with legal obligations, resolving disputes, enforcing agreements, and protecting our rights and users.

We do not sell your personal information.

5. AI-Assisted Features, Consent, and Third-Party AI Processing

Some MediSync Labs features use AI-assisted processing to generate health-related insights, explanations, summaries, recommendations, and responses based on the information you choose to provide.

5.1 Third-Party AI Provider

Certain AI-assisted features in MediSync Labs use technology provided by OpenAI. When you choose to use those features and grant permission in-app, MediSync Labs may transmit relevant information to OpenAI so the requested AI-assisted feature can function.

5.2 AI Features That May Involve OpenAI

Depending on the feature you choose to use, OpenAI may be used to support features such as:

• AI chat or chatbot responses;
• blood test interpretation, summaries, and explanations;
• symptom-related responses or summaries;
• trend analysis explanations and health insight generation;
• uploaded document, image, or PDF analysis;
• optional genetic analysis or genetic summary features;
• personalized health guidance or educational responses requested by you.

5.3 What Data May Be Sent to OpenAI

Depending on the feature you use and the information you choose to provide, the information sent to OpenAI may include:

• blood test data, lab values, test names, units, dates, interpretations, trends, risk indicators, and related uploaded health records;
• symptoms, health-related questions, notes, chat messages, prompts, and text you enter;
• medications, supplements, and known medical conditions you provide;
• health goals and lifestyle inputs you provide;
• profile details relevant to generating a response, such as age, birthday or age-derived information, sex, ethnicity, smoking status, pregnancy status, height, weight, and similar health-related profile factors;
• uploaded files, images, screenshots, PDFs, or scanned health documents used in applicable features;
• genetic files, SNPs, genotypes, and related genetic information, but only if you choose to use a genetic analysis feature;
• instructions or prompts you provide while using AI-assisted tools.

5.4 What We Do Not Intend to Send to OpenAI for These Features

MediSync Labs does not intend to send full payment card numbers, full bank account information, or full government-issued identification numbers to OpenAI in order to provide the AI-assisted features described in this Privacy Policy.

5.5 When We Send Data to OpenAI

MediSync Labs requests your permission before sending covered personal, health-related, uploaded, or genetic information to OpenAI for AI-assisted features. If you do not provide permission, MediSync Labs will not send that covered information to OpenAI for those features, and certain AI-assisted features may be unavailable or limited.

5.6 How We Record Your AI Consent

We may store a record of whether you gave AI data processing consent, the date and time of that consent, and the consent version shown to you, in order to demonstrate compliance, manage your preferences, and help ensure consent is obtained before covered information is sent to OpenAI.

5.7 Why We Send Data to OpenAI

We send only the information reasonably necessary for the requested feature in order to:

• analyze user-provided health information;
• generate personalized health-related insights, explanations, summaries, and educational responses;
• answer health-related questions you submit through AI-assisted features;
• process uploaded health documents or files used with AI-assisted tools;
• support optional genetic analysis features you choose to use;
• improve the relevance and usefulness of the AI-generated response for the feature you requested.

5.8 Data Minimization

We aim to send only the minimum information reasonably necessary for the AI-assisted feature you chose to use.

5.9 Advertising Restriction

Information sent by MediSync Labs to OpenAI for AI-assisted features is used to support those features within MediSync Labs and is not sent by MediSync Labs for advertising purposes.

5.10 Third-Party Protection Standards

When MediSync Labs shares personal, health-related, uploaded, or genetic information with OpenAI or another service provider acting on our behalf, we do so only for authorized Service functionality and only with providers that are required by contract, terms, or equivalent obligations to protect the information they receive with confidentiality and security safeguards designed to provide the same or equal protection described in this Privacy Policy and required by applicable law.

5.11 Future AI Providers

If MediSync Labs adds a different third-party AI provider in the future for AI-assisted features, we will update this Privacy Policy and any required in-app disclosure to identify that provider and describe the applicable data use and sharing before using that provider for covered features.

6. Legal Bases for Processing (EEA/UK)

If you are located in the EEA or UK, we process personal information only when we have a valid legal basis, including:

• Contract: to provide the Service and features you request.
• Legitimate Interests: to secure, maintain, support, and improve the Service, balanced against your rights.
• Consent: for certain optional features, certain sensitive or health-related processing where applicable, certain marketing, and before sending covered information to OpenAI for certain AI-assisted features.
• Legal Obligation: to comply with laws, regulations, and lawful requests.

7. How We Share Information

We may share information in the following situations:

7.1 OpenAI

As described in Section 5, MediSync Labs may share relevant personal, health-related, uploaded, or genetic information with OpenAI when you choose to use an AI-assisted feature and provide the required permission in-app.

7.2 Payment and Billing Providers

We may share relevant account, subscription, or transaction information with payment and billing providers such as Stripe to process payments, manage billing, handle subscriptions, send receipts, prevent fraud, and maintain account access.

7.3 App Store and Platform Providers

We may share or receive relevant account, entitlement, and transaction information with platform providers such as Apple or Google to validate subscriptions, link purchases to accounts, confirm entitlements, and support app access or purchase restoration.

7.4 Cloud, Hosting, Database, Security, and Infrastructure Providers

We use service providers to host, secure, store, and support MediSync Labs. These providers may process information on our behalf only for authorized purposes and under confidentiality and security obligations.

7.5 Email and Communication Providers

We may use email or communication service providers to send account emails, receipts, welcome emails, reminders, product notices, and support communications.

7.6 Analytics and Advertising Measurement Providers

Where enabled and permitted by law, we may share limited device, browser, event, campaign, or conversion information with analytics and advertising measurement providers such as Meta, TikTok, or Google to understand app performance, measure campaign effectiveness, and track conversions or feature usage.

7.7 Legal and Safety

We may disclose information if required by law or if we reasonably believe disclosure is necessary to protect the rights, safety, and security of users, the public, MediSync Labs, or the Service.

7.8 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable safeguards.

7.9 With Your Direction or Consent

We may share information when you direct us to do so or when you otherwise provide consent.

8. Analytics, Advertising, and Tracking Technologies

We may use analytics tools and advertising measurement technologies to understand use of the Service and measure marketing performance. These tools may use cookies, pixels, SDKs, local storage, or server-side events.

• Analytics: helps us understand which features are used, how people move through the Service, and where improvements are needed.
• Advertising Measurement: helps us understand whether an ad, click, or visit led to a signup, subscription, or other event.
• Identifiers and Event Data: may include device or browser identifiers, event IDs, campaign parameters, IP address, pixel identifiers, app/browser metadata, and related measurement information.

You can typically control cookies through your browser settings. On mobile devices, you may also be able to limit certain forms of tracking through device settings, subject to platform capabilities and app functionality.

9. Data Retention

We retain information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain account history, support your requested features, comply with law, resolve disputes, and enforce agreements.

• Account Information: retained while your account is active and for a reasonable period afterward for legal, accounting, security, or support purposes.
• Health, Uploaded, and Genetic Information: retained to provide your account history, health insights, and requested features unless you delete it where supported or request deletion, subject to legal, security, and operational limitations.
• AI-Related Inputs and Outputs: may be retained as necessary to provide requested features, maintain records of your activity inside the Service, troubleshoot issues, and improve Service reliability, subject to applicable law and provider practices.
• Consent Records: may be retained to document your privacy choices and demonstrate that required consent was obtained.
• Logs and Diagnostics: retained for a limited period to maintain performance, security, and system integrity.
• Billing and Subscription Records: may be retained as needed for tax, accounting, fraud prevention, dispute resolution, subscription management, and legal compliance.

10. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include encrypted transmission where appropriate, access controls, authentication measures, logging, monitoring, and secure infrastructure practices.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your Choices and Rights

Depending on where you live, you may have rights such as:

• Access: request a copy of personal information we hold about you.
• Correction: request corrections to inaccurate or incomplete information.
• Deletion: request deletion of your information, subject to legal, operational, and security limitations.
• Restriction or Objection: request restriction of certain processing or object to certain processing where applicable.
• Portability: request a portable copy of certain information where available.
• Marketing Preferences: opt out of promotional communications. We may still send transactional or service-related messages.
• AI Feature Choice: you may decline permission for certain AI-assisted features. If you do, covered data will not be sent by MediSync Labs to OpenAI for those features, but those features may be unavailable or limited.
• Withdrawal of Consent: where consent is the basis for processing, you may withdraw consent for future processing by contacting us, subject to legal or operational limitations. Withdrawal will not affect processing already carried out before withdrawal.

To make a privacy request, contact us at support@medisynclabs.ca. We may need to verify your identity before fulfilling certain requests.

12. Additional U.S. State Privacy Notice (If Applicable)

If you are located in a U.S. state that provides specific privacy rights, such as California, you may have additional rights to know, access, delete, correct, and opt out of certain disclosures or uses of personal information as defined by applicable law.

Do Not Sell/Share. We do not sell personal information. Depending on how tracking technologies are configured, certain disclosures to advertising measurement or analytics partners may be considered “sharing” under some state laws. To request an opt-out where applicable, contact us at support@medisynclabs.ca and include “Do Not Sell/Share” in your request.

We will not discriminate against you for exercising your privacy rights.

13. International Data Transfers

Your information may be processed or stored in countries other than your own. Where required by law, we take steps designed to ensure appropriate safeguards are in place for international transfers.

14. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us so we can take appropriate steps.

15. Third-Party Links and Services

The Service may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before using them.

16. App Store and Platform Notes

If you access MediSync Labs through a platform such as Apple App Store or Google Play, that platform may independently collect information subject to its own privacy practices and policies.

Apple is not responsible for MediSync Labs or for our handling of data. Questions about this Privacy Policy should be directed to MediSync Labs using the contact details below.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by updating the effective date, posting an in-app notice, updating the consent version where applicable, or using other reasonable notice methods. Your continued use of the Service after an update means you accept the revised Privacy Policy, except where additional consent is required by law.

18. Contact Us

If you have questions or privacy-related requests, contact us at: