Privacy Policy

Effective date: May 2, 2026 (last reviewed)

This policy explains what information BloodWorker ("we", "us") collects when you use the service, how we use it, who it's shared with, and the choices you have. By creating an account or uploading content, you agree to this policy.

Information we collect

Account information

• Email address (used as your login and to send the email-verification link)
• A salted bcrypt hash of your password — we never store the plain password
• An optional display name
• Account creation time, last login time, email verification status

Health profile you enter

• Age, biological sex, weight, height
• Active medical conditions, medications, past surgeries, current symptoms

This profile is shown back to you in the workspace and sent to the AI model as context for your analysis. It is not used for any other purpose.

Files you upload

• Lab reports, imaging, DICOM files, photos, text notes, and ZIP archives you upload
• Filenames, file types, file sizes, and study dates extracted from the files
• Text content extracted from PDFs and similar documents (used to build the analysis prompt)

Generated reports

• The AI-generated analysis report tied to your account
• Token counts and the model identifier used to produce it

Operational logs (audit log)

To meet HIPAA audit requirements, we record an event for security-relevant actions: account creation, email verification, login (success and failure), uploads, analysis runs, and report views. Each entry includes a timestamp, action, your user ID (when applicable), IP address, and user-agent. We do not store the contents of uploaded files in this log. The audit log is itself stored on the encrypted volume and reviewed periodically by our Security Officer.

How we use your information

• To create and operate your account
• To send the one-time email verification link, password-related notifications, and (rarely) service announcements
• To run AI analysis on the documents you upload and produce a report you can read, download, and print
• To detect and investigate abuse, fraud, or security incidents using the audit log

We do not sell your data. We do not use your health data for advertising. We do not train AI models on your content.

Who we share information with

Service providers we rely on

• Amazon Web Services (Amazon Bedrock) — runs the AI model that produces your analysis. The contents of your uploads, your profile, and your notes are sent to AWS for inference. AWS processes data under its standard processor terms and does not train its models on customer Bedrock prompts.
• Email delivery — verification email is delivered via the same server's mail transport. Mail provider relays may see envelope information (your email address, our sending address, and the message contents in transit).

When required by law

We may disclose information if compelled by valid legal process, or where necessary to protect the rights, safety, or property of BloodWorker, our users, or the public.

Where your data lives

• Account, profile, session, audit, and upload-metadata data are stored in a PostgreSQL database on our servers in the United States. The bloodworker tables live in a dedicated tablespace on the encrypted volume described below.
• Uploaded files are stored on the same server's filesystem in a per-user directory, accessible only to the BloodWorker service account.
• Generated reports are stored on the server filesystem and tied to your account.
• All three of the above (uploads, reports, and the bloodworker database tablespace) live on a LUKS-encrypted volume (AES-XTS, the cipher recognized by HHS guidance for "secured" PHI). The encryption key is sealed in the server's TPM at boot; the disk on its own is unreadable without the running system.
• Backups are taken nightly to a separate device on the same local network. Each backup is independently encrypted by the backup tool with its own passphrase before being written; the backup destination cannot read the contents without that passphrase.

All traffic between your browser and BloodWorker is protected with TLS 1.2 or higher. Off-site (cloud) backup is a planned addition once revenue supports the recurring cost; until then, the on-LAN encrypted backup plus a physically-separated recovery device serve the same disaster-recovery purpose.

How long we keep things

• Account, profile, files, and reports: kept for as long as your account is active. If you ask us to delete your account, we remove these within 30 days.
• Audit log: retained for at least six years to align with HIPAA's audit retention guidance, even after account deletion. The audit log does not contain the contents of uploads or reports.
• Email verification tokens: 24-hour expiry, single-use.
• Authentication tokens (JWT): 7-day expiry; stored only in your browser's localStorage, never on our servers.

Your choices and rights

• Access and download: any report you've generated can be viewed, downloaded as HTML/Markdown/text/JSON, or printed from your account.
• Update: you can edit your profile fields any time from the workspace.
• Delete an individual report or file: contact us and we'll remove it.
• Delete your entire account: contact us at the address below and we'll erase your account, profile, files, and reports within 30 days. The audit log entries tied to your account remain (see retention above) but no longer reference active personal data.
• Withdraw consent: you can stop using BloodWorker at any time. Past audit entries are kept; nothing new is added.

Cookies and similar storage

We don't use third-party tracking cookies or analytics SDKs. The site uses your browser's localStorage to keep your authentication token and email so you stay signed in across page loads. Clearing site data signs you out.

Children

BloodWorker is not intended for use by anyone under 18. We don't knowingly collect information from children. If you believe a child has registered, contact us and we'll delete the account.

Security

We use bcrypt for password hashing, JWTs for session tokens, TLS for all network traffic, LUKS encryption for the volume holding all PHI, encrypted nightly backups, file system permissions to isolate per-user directories, and an append-only audit log for security-relevant events. We have a designated Security Officer, written security policies covering risk analysis, contingency planning, breach notification, and emergency access, and we maintain a Business Associate Agreement with AWS for the AI-analysis component. No system is perfectly secure; if you suspect your account has been compromised, contact us immediately.

Changes to this policy

We may update this policy as the product matures, particularly as additional HIPAA safeguards are completed before public launch. When we make material changes, we'll update the effective date at the top and, if the change affects how your data is used, give registered users notice by email.

Contact us

Questions about this policy, requests to access or delete your data, or anything else privacy-related: please use the contact form. Mark the subject line with "Privacy" so it gets routed correctly.