Effective Date: March 27, 2026
Last Updated: March 27, 2026
Table of Contents
1.1 Health Information You Provide
1.2 Account and Profile Information
1.3 Technical and Usage Information
1.4 Information from Third-Party Services
2. How We Use Your Information
2.1 Core Service Functionality
2.2 Artificial Intelligence and Machine Learning
2.4 Internal Research and Product Improvement (OPT-OUT AVAILABLE)
3. How We Share Your Information
3.1 We DO NOT Sell Your Health Data
3.3 Service Providers (Business Associates)
5.2 Your Security Responsibilities
6.1 How Long We Keep Your Data
6.2 Data Retention for Research
8. International Users and Data Transfers
9. Third-Party Services and Integrations
12. Changes to This Privacy Policy
13.2 Your Protected Health Information (PHI)
13.3 Notice of Privacy Practices
Appendix B: Data We Do NOT Collect
At LifeSage, your privacy and the security of your health information is our highest priority. We are committed to protecting your personal health data and being transparent about how we collect, use, and safeguard your information.
This Privacy Policy explains: - What information we collect - How we use your information - Your rights and controls over your data - How we protect your health information - Our compliance with HIPAA and other privacy regulations
By using LifeSage, you agree to the terms of this Privacy Policy.
Personal Health Records: - Laboratory test results and reports - Medication lists, dosages, and schedules - Vital signs (blood pressure, heart rate, temperature, weight, height) - Medical diagnoses and health conditions - Allergies and adverse reactions - Immunization records - Doctor visit notes and medical history - Health goals and preferences
Biometric and Activity Data: - Heart rate, steps, calories, sleep patterns - Exercise and activity logs - Nutrition and dietary information - Mood and wellness tracking - Data from connected wearable devices (Apple Watch, Fitbit, etc.)
User-Generated Content: - Health journal entries and notes - Photos or documents you upload (e.g., lab reports, prescription images) - Questions asked to our AI health assistant - Custom health metrics you track
• Full name
• Email address
• Year of Birth
• Date of birth (optional)
• Gender (optional)
• Phone number (optional)
• Profile photo (optional)
• Account preferences and settings
Automatically Collected: - Device information (type, operating system, unique identifiers) - IP address and approximate location (city/state level only) - App usage data (features used, time spent, navigation patterns) - Error logs and performance data - Date and time of access
Cookies and Similar Technologies: - We use essential cookies for app functionality - Analytics cookies to improve our services (you can opt out) - Preference cookies to remember your settings
With Your Explicit Permission: - Apple Health / Google Fit data - Wearable device data (Fitbit, Garmin, Oura, etc.) - Lab provider integrations - Pharmacy records (if you choose to connect) - Electronic Health Record (EHR) systems (future feature)
Important: We NEVER access third-party data without your explicit authorization.
• Health Tracking: Store and organize your health records in one secure place
• Data Analysis: Identify trends, patterns, and correlations in your health data
• AI-Powered Insights: Generate personalized health insights using machine learning
• Medication Management: Track medications, check for interactions, and provide FDA adverse event data
• Lab Result Interpretation: Help you understand what your lab results mean
• Goal Tracking: Monitor progress toward your health goals
• Alerts and Reminders: Send notifications about medications, appointments, or health patterns
Personalized AI (Core Service Feature):
LifeSage uses artificial intelligence to analyze YOUR health data and provide YOU with personalized insights and predictions. This AI processing is a core feature of our service and is essential to providing you with individualized health intelligence.
How Personalized AI Works: - Analyzes YOUR Data: Our AI learns from YOUR health patterns, trends, and history - Trains Models FOR YOU: Creates prediction models specific to YOUR unique health profile - Provides YOUR Insights: Generates personalized recommendations tailored to YOUR situation - Adapts to YOU: Continuously learns from YOUR data to improve YOUR predictions over time
Examples of Personalized AI: - Predicting YOUR future lab values based on YOUR historical trends - Identifying correlations in YOUR health data (e.g., YOUR sleep quality vs. YOUR blood pressure) - Recommending optimal medication timing based on YOUR adherence patterns - Detecting anomalies in YOUR vital signs compared to YOUR baseline - Forecasting YOUR health goals achievement based on YOUR progress
Important Clarifications: - Your data is used to train models FOR YOU specifically - not for other users - Your AI insights are based on YOUR data only, not aggregated from others - We do NOT use your individual data to train general models for all users (unless you opt-in to research separately) - You can disable certain advanced AI features in Settings (though basic AI is core to our service) - All AI insights are informational only - NOT medical advice - You should always consult healthcare professionals for medical decisions
Research AI Training (Opt-Out Available):
Separately from personalized AI, you can choose to contribute to research that improves LifeSage for all users:
If you do not opt out: - Your data is de-identified (personally identifiable information removed) - Anonymized data may be pooled with other users’ data - Used to train general AI models that benefit all users - Contributes to medical research and knowledge advancement - You can withdraw consent at any time
Critical Points: - Research participation is 100%
OPTIONAL - You can opt-out through app settings
- Your data is de-identified before use in research - You retain full ownership
of your health data - Withdrawing stops future data use (existing anonymized
data may remain)
• Send you service updates and important notices
• Respond to your support requests
• Send health insights and recommendations (you can opt out)
• Provide medication reminders and health alerts
• Send security notifications
Important: This is SEPARATE from the personalized AI described above. Personalized AI uses YOUR data for YOUR insights. Internal research uses de-identified data to improve LifeSage for everyone.
How We Use De-Identified Data for Internal Research:
By default, we use de-identified, aggregated data from all users to: - Improve our AI models and predictions - Make health insights more accurate for everyone - Enhance product features - Identify which features are most helpful - Conduct internal health research - Discover patterns that benefit all users - Develop better algorithms - Create smarter, more reliable predictions - Quality assurance - Ensure our platform works correctly
What This Means: - Your data is de-identified (all personally identifiable information removed) - Anonymized data is pooled with other users’ data - Used ONLY by LifeSage internally - never sold or shared with third parties - Helps us improve the product for all users - You can OPT-OUT at any time through Profile > Privacy > Research Participation
Critical Points - What We DON’T Do:
❌ We NEVER sell your data - Not to advertisers, not
to pharma companies, not to anyone
❌ We NEVER share with third parties - Your data stays within LifeSage
❌ We NEVER share with external researchers - No universities, no
research institutions (unless you separately opt-in, see below)
❌ We NEVER use identifiable data - All data is de-identified before use
❌ We NEVER prevent you from opting out - One-click opt-out, takes effect
immediately
Internal Use Only: - Research is conducted by LifeSage employees only - Data never leaves our secure infrastructure - Used solely to improve our product and services - No external access, no data sharing, no sales
Easy Opt-Out: You can opt-out at any time: 1. Go to Profile > Privacy > Research Participation 2. Toggle OFF “Allow Internal Research Use” 3. Takes effect immediately 4. You can opt back in anytime
External Research (Separate Opt-In Required):
If we ever want to share de-identified data with external researchers (universities, research institutions), we will ALWAYS obtain your explicit opt-in consent first. This is completely separate and requires your active permission.
Difference from Personalized AI:
|
Feature |
Personalized AI (Core Service) |
Internal Research (Opt-Out) |
External Research (Opt-Out) |
|
Purpose |
Insights FOR YOU |
Improve product for EVERYONE |
Advance medical science |
|
Data use |
YOUR data for YOUR predictions |
De-identified data, internal only |
De-identified data, may share externally |
|
Default |
ON (core feature) |
ON (can opt-out) |
ON (can Opt-Out) |
|
Can disable |
Limited (core to service) |
Yes (anytime) |
Yes (anytime) |
|
Who uses it |
You benefit directly |
All LifeSage users benefit |
Medical community benefits |
|
Data sharing |
Never |
Never |
Only with explicit consent |
• Comply with applicable laws and regulations (HIPAA, GDPR, etc.)
• Respond to legal requests (subpoenas, court orders)
• Protect against fraud, abuse, or security threats
• Enforce our Terms of Service
LifeSage will NEVER sell your personal health information to third parties. Your health data is not a commodity.
With Your Explicit Permission: - Healthcare Providers: Export and share reports with your doctors - Family Members: Share specific health metrics with caregivers (you control what they see) - Research Studies: Contribute anonymized data to approved research (opt-out )
You have complete control through: - Granular sharing permissions (choose exactly what to share) - Time-limited access (set expiration dates) - Revocable access (cancel sharing anytime)
We work with trusted third-party vendors to provide our services:
Infrastructure and Hosting: - Cloud hosting providers (AWS, Google Cloud) - HIPAA-compliant - Database services with encryption - Content delivery networks (CDN)
Analytics and Performance: - Error tracking services (to fix bugs) - Performance monitoring (to keep the app fast) - Analytics platforms (anonymized usage data only)
Payment Processing: - Payment processors (Stripe) - PCI-DSS compliant - They never receive your health data
AI and Data Processing: - Claude AI by Anthropic (for health insights) - Lab report OCR processing - HIPAA Business Associate Agreements in place
All service providers: - Sign HIPAA Business Associate Agreements - Are contractually prohibited from using your data for their own purposes - Must maintain security standards equal to or exceeding ours
We may disclose your information when required by law: - Valid subpoenas or court orders - Legal proceedings or investigations - Public health requirements (e.g., disease reporting as required by law) - Prevention of imminent harm
We will: - Notify you unless legally prohibited - Challenge overly broad requests - Disclose only the minimum necessary information
If LifeSage is acquired or merged: - Your data rights remain protected - The acquiring company must honor this Privacy Policy - We will notify you in advance - You can delete your data before the transfer
• View: Access all your health data anytime in the app
• Download: Export your complete health record in standard formats (PDF, CSV, JSON)
• Portability: Transfer your data to another service
• Edit: Update or correct any information
• Delete: Permanently delete specific records or your entire account
• Restrict Processing: Limit how we use certain data
• Opt-Out: Disable AI features, analytics, or communications
Granular Controls: - Choose which data sources to connect - Control what data AI can analyze - Set sharing permissions for each person/provider - Manage third-party integrations - Control notifications and communications
Data Minimization: - Only collect data you choose to provide - Connect only the services you want - Track only the metrics you care about
• Pause Account: Temporarily stop data collection (account remains active)
• Export All Data: Download everything before deleting
• Delete Account: Permanently remove all data within 30 days
To exercise your rights: - Use in-app privacy settings - Email: [email protected] - We will respond within 30 days
Encryption: - In Transit: TLS 1.3 encryption for all data transmission - At Rest: AES-256 encryption for all stored data - End-to-End: Sensitive data encrypted before leaving your device
Access Controls: - Multi-factor authentication (MFA) available - Role-based access for our employees (strict “need to know”) - Regular access audits - Background checks for employees with data access
Infrastructure Security: - HIPAA-compliant cloud infrastructure - Regular security audits and penetration testing - 24/7 security monitoring - Automated threat detection - Regular backups in geographically distributed locations
Application Security: - Secure coding practices - Regular security updates - Vulnerability scanning - Code reviews and testing
Best Practices: - Use a strong, unique password - Enable multi-factor authentication (highly recommended) - Keep your device software updated - Don’t share your account credentials - Log out on shared devices - Report suspicious activity immediately
In the unlikely event of a data breach: - We will notify affected users within 72 hours - We will notify regulatory authorities as required by law - We will provide details about what data was affected - We will offer guidance on protective measures - We will take immediate action to secure systems
Active Accounts: - Health data: Retained for as long as your account is active - You control retention through app settings - You can delete specific records anytime
Inactive Accounts: - After 2 years of inactivity, we will email you - After 3 years, we may delete your account with 60 days notice - You can reactivate before deletion
Deleted Accounts: - Permanent deletion within 30 days of request - Backups purged within 90 days - Legal hold data (if applicable) retained only as long as legally required
Exceptions: - Anonymized research data (cannot be re-identified) - Legal compliance data (minimum required by law) - Fraud prevention data (user IDs only, no health data)
If you opt-in to research: - Your anonymized data may be retained indefinitely - It cannot be linked back to you - You can withdraw from future research (existing anonymized data remains)
Age Requirement: LifeSage is intended for users 18 years and older.
We do NOT knowingly collect data from children under 18.
If we discover we have collected data from a child under 18: - We will delete it immediately - We will notify the parent/guardian if possible
For parents: - If you believe your child has provided information to us, contact: [email protected]
Primary Storage: United States (HIPAA-compliant data centers)
International Transfers: - If you’re outside the US, your data is transferred to US servers - We use Standard Contractual Clauses (SCCs) for GDPR compliance - We maintain equivalent protections regardless of location
European Users (GDPR): - Right to access, rectify, erase, restrict processing - Right to data portability - Right to object to processing - Right to lodge complaints with supervisory authorities - Contact our EU representative: [email protected]
California Users (CCPA/CPRA): - Right to know what data we collect - Right to delete personal information - Right to opt-out of sale (we don’t sell data) - Right to non-discrimination - Contact: [email protected]
Our app may contain links to: - Health resources and educational content - Partner services (with your permission) - Social media platforms
Important: We are not responsible for the privacy practices of third-party websites. Review their privacy policies separately.
When you connect third-party services: - You authorize data sharing between LifeSage and that service - Their privacy policy also applies to data they collect - You can disconnect integrations anytime
We integrate with (examples): - Apple Health / Google Fit - Wearable devices (Fitbit, Garmin, Oura, Whoop, etc.) - Lab providers (Quest, LabCorp - future) - Pharmacies (future)
Public Data We Use: - We access FDA’s FAERS (adverse event reporting) database - This is public, anonymized data - NOT your personal data - We use it to show medication safety information - No personal information is shared with FDA through our app
Our app responds to Do Not Track (DNT) signals: - When DNT is enabled, we disable non-essential tracking - Core functionality still works - You can control this in privacy settings
We may update this Privacy Policy to reflect: - Changes in our practices - New features or services - Legal or regulatory requirements
For material changes: - We will email you 30 days in advance - We will display a prominent notice in the app - Continued use after changes indicates acceptance
For minor changes: - We will update the “Last Updated” date - Changes posted on our website
Previous versions available at: lifesage.life/privacy/history
LifeSage is designed as a HIPAA-compliant platform: - We maintain administrative, physical, and technical safeguards - We sign Business Associate Agreements with covered entities - We conduct regular HIPAA compliance audits - We train all employees on HIPAA requirements
Under HIPAA, you have the right to: - Access your PHI - Request corrections to your PHI - Receive an accounting of disclosures - Request restrictions on use and disclosure - Receive confidential communications - File complaints if your rights are violated
To exercise HIPAA rights: - Email: [email protected] - Mail: LifeSage HIPAA Privacy Officer, 306 Copperstone Trl, Coppell, TX, 75019
Full HIPAA Notice of Privacy Practices available at: lifesage.life/hipaa-notice
Email: [email protected]
Phone: 1-800-LIFESAGE (1-800-543-3724)
Mail:
LifeSage Privacy Team
306 Copperstone Trl.
Coppell, TX, 75019
Email: [email protected]
Report security concerns:
Email: [email protected]
Bug Bounty: lifesage.life/security/bug-bounty
By using LifeSage, you consent to: - Collection and use of information as described - Processing of your health data for services you request - Storage and security measures we’ve outlined
You can withdraw consent by: - Adjusting privacy settings - Disconnecting data sources - Deleting your account
Your data is YOUR data - you own and control it
We NEVER sell your health information
Personalized AI learns from YOUR data to help YOU - core feature, no
special opt-in
Research AI is completely optional - explicit opt-in required
HIPAA-compliant security and encryption
Transparent about what we collect and why
Easy data export and deletion
Granular privacy controls
AI processing with clear disclosure
Personal Health Information (PHI): Information about
your health that can identify you
HIPAA: Health Insurance Portability and Accountability Act
GDPR: General Data Protection Regulation (EU)
CCPA: California Consumer Privacy Act
Business Associate: Third-party service provider with access to PHI
De-identified Data: Data with all personal identifiers removed
Anonymized Data: Data that cannot be re-identified
We do NOT collect: - Social Security Numbers - Financial account numbers (except payment processing) - Genetic data (23andMe, etc.) unless you explicitly upload it - Mental health counseling notes (unless you choose to record them) - Precise GPS location (only city/state level) - Audio/video recordings (unless you choose to store them) - Browsing history outside our app - Contacts or SMS messages from your device
Last Updated: March 27, 2026
Version: 1.0
Effective: March 27, 2026
LifeSage, Inc.
Helping you make data-driven health decisions
Questions? Contact us at [email protected]