Privacy Policy for LifeSage

Effective Date: March 27, 2026
Last Updated: March 27, 2026

Table of Contents

Privacy Policy for LifeSage.. 1

Introduction.. 2

1. Information We Collect. 3

1.1 Health Information You Provide. 3

1.2 Account and Profile Information. 3

1.3 Technical and Usage Information. 3

1.4 Information from Third-Party Services. 3

2. How We Use Your Information.. 4

2.1 Core Service Functionality. 4

2.2 Artificial Intelligence and Machine Learning. 4

2.3 Communication. 5

2.4 Internal Research and Product Improvement (OPT-OUT AVAILABLE). 5

2.5 Legal and Safety. 6

3. How We Share Your Information. 6

3.1 We DO NOT Sell Your Health Data. 6

3.2 Sharing You Control 6

3.3 Service Providers (Business Associates). 7

3.4 Legal Requirements. 7

3.5 Business Transfers. 7

4. Your Rights and Controls. 7

4.1 Access Your Data. 7

4.2 Control Your Data. 8

4.3 Privacy Settings. 8

4.4 Account Management. 8

5. Data Security. 8

5.1 How We Protect Your Data. 8

5.2 Your Security Responsibilities. 8

5.3 Data Breach Notification. 9

6. Data Retention. 9

6.1 How Long We Keep Your Data. 9

6.2 Data Retention for Research. 9

7. Children’s Privacy. 9

8. International Users and Data Transfers. 9

8.1 Data Storage Location. 9

8.2 International Rights. 10

9. Third-Party Services and Integrations. 10

9.1 External Links. 10

9.2 Integrated Services. 10

10. FDA Adverse Event Data. 10

11. Do Not Track Signals. 10

12. Changes to This Privacy Policy. 11

12.1 Updates. 11

12.2 Notification. 11

12.3 Version History. 11

13. HIPAA Compliance. 11

13.1 Our HIPAA Commitment. 11

13.2 Your Protected Health Information (PHI). 11

13.3 Notice of Privacy Practices. 11

14. Contact Us. 12

14.1 Privacy Questions. 12

14.2 Data Protection Officer. 12

14.3 Security Issues. 12

15. Your Consent. 12

16. Key Takeaways. 12

Appendix A: Definitions. 13

Appendix B: Data We Do NOT Collect. 13

 

 

Introduction

At LifeSage, your privacy and the security of your health information is our highest priority. We are committed to protecting your personal health data and being transparent about how we collect, use, and safeguard your information.

This Privacy Policy explains: - What information we collect - How we use your information - Your rights and controls over your data - How we protect your health information - Our compliance with HIPAA and other privacy regulations

By using LifeSage, you agree to the terms of this Privacy Policy.

1. Information We Collect

1.1 Health Information You Provide

Personal Health Records: - Laboratory test results and reports - Medication lists, dosages, and schedules - Vital signs (blood pressure, heart rate, temperature, weight, height) - Medical diagnoses and health conditions - Allergies and adverse reactions - Immunization records - Doctor visit notes and medical history - Health goals and preferences

Biometric and Activity Data: - Heart rate, steps, calories, sleep patterns - Exercise and activity logs - Nutrition and dietary information - Mood and wellness tracking - Data from connected wearable devices (Apple Watch, Fitbit, etc.)

User-Generated Content: - Health journal entries and notes - Photos or documents you upload (e.g., lab reports, prescription images) - Questions asked to our AI health assistant - Custom health metrics you track

1.2 Account and Profile Information

             Full name

             Email address

             Year of Birth

             Date of birth (optional)

             Gender (optional)

             Phone number (optional)

             Profile photo (optional)

             Account preferences and settings

1.3 Technical and Usage Information

Automatically Collected: - Device information (type, operating system, unique identifiers) - IP address and approximate location (city/state level only) - App usage data (features used, time spent, navigation patterns) - Error logs and performance data - Date and time of access

Cookies and Similar Technologies: - We use essential cookies for app functionality - Analytics cookies to improve our services (you can opt out) - Preference cookies to remember your settings

1.4 Information from Third-Party Services

With Your Explicit Permission: - Apple Health / Google Fit data - Wearable device data (Fitbit, Garmin, Oura, etc.) - Lab provider integrations - Pharmacy records (if you choose to connect) - Electronic Health Record (EHR) systems (future feature)

Important: We NEVER access third-party data without your explicit authorization.

2. How We Use Your Information

2.1 Core Service Functionality

             Health Tracking: Store and organize your health records in one secure place

             Data Analysis: Identify trends, patterns, and correlations in your health data

             AI-Powered Insights: Generate personalized health insights using machine learning

             Medication Management: Track medications, check for interactions, and provide FDA adverse event data

             Lab Result Interpretation: Help you understand what your lab results mean

             Goal Tracking: Monitor progress toward your health goals

             Alerts and Reminders: Send notifications about medications, appointments, or health patterns

2.2 Artificial Intelligence and Machine Learning

Personalized AI (Core Service Feature):

LifeSage uses artificial intelligence to analyze YOUR health data and provide YOU with personalized insights and predictions. This AI processing is a core feature of our service and is essential to providing you with individualized health intelligence.

How Personalized AI Works: - Analyzes YOUR Data: Our AI learns from YOUR health patterns, trends, and history - Trains Models FOR YOU: Creates prediction models specific to YOUR unique health profile - Provides YOUR Insights: Generates personalized recommendations tailored to YOUR situation - Adapts to YOU: Continuously learns from YOUR data to improve YOUR predictions over time

Examples of Personalized AI: - Predicting YOUR future lab values based on YOUR historical trends - Identifying correlations in YOUR health data (e.g., YOUR sleep quality vs. YOUR blood pressure) - Recommending optimal medication timing based on YOUR adherence patterns - Detecting anomalies in YOUR vital signs compared to YOUR baseline - Forecasting YOUR health goals achievement based on YOUR progress

Important Clarifications: - Your data is used to train models FOR YOU specifically - not for other users - Your AI insights are based on YOUR data only, not aggregated from others - We do NOT use your individual data to train general models for all users (unless you opt-in to research separately) - You can disable certain advanced AI features in Settings (though basic AI is core to our service) - All AI insights are informational only - NOT medical advice - You should always consult healthcare professionals for medical decisions

Research AI Training (Opt-Out Available):

Separately from personalized AI, you can choose to contribute to research that improves LifeSage for all users:

If you do not opt out: - Your data is de-identified (personally identifiable information removed) - Anonymized data may be pooled with other users’ data - Used to train general AI models that benefit all users - Contributes to medical research and knowledge advancement - You can withdraw consent at any time

Critical Points: - Research participation is 100% OPTIONAL - You can opt-out through app settings
- Your data is de-identified before use in research - You retain full ownership of your health data - Withdrawing stops future data use (existing anonymized data may remain)

2.3 Communication

             Send you service updates and important notices

             Respond to your support requests

             Send health insights and recommendations (you can opt out)

             Provide medication reminders and health alerts

             Send security notifications

2.4 Internal Research and Product Improvement (OPT-OUT AVAILABLE)

Important: This is SEPARATE from the personalized AI described above. Personalized AI uses YOUR data for YOUR insights. Internal research uses de-identified data to improve LifeSage for everyone.

How We Use De-Identified Data for Internal Research:

By default, we use de-identified, aggregated data from all users to: - Improve our AI models and predictions - Make health insights more accurate for everyone - Enhance product features - Identify which features are most helpful - Conduct internal health research - Discover patterns that benefit all users - Develop better algorithms - Create smarter, more reliable predictions - Quality assurance - Ensure our platform works correctly

What This Means: - Your data is de-identified (all personally identifiable information removed) - Anonymized data is pooled with other users’ data - Used ONLY by LifeSage internally - never sold or shared with third parties - Helps us improve the product for all users - You can OPT-OUT at any time through Profile > Privacy > Research Participation

Critical Points - What We DON’T Do:

We NEVER sell your data - Not to advertisers, not to pharma companies, not to anyone
We NEVER share with third parties - Your data stays within LifeSage
We NEVER share with external researchers - No universities, no research institutions (unless you separately opt-in, see below)
We NEVER use identifiable data - All data is de-identified before use
We NEVER prevent you from opting out - One-click opt-out, takes effect immediately

Internal Use Only: - Research is conducted by LifeSage employees only - Data never leaves our secure infrastructure - Used solely to improve our product and services - No external access, no data sharing, no sales

Easy Opt-Out: You can opt-out at any time: 1. Go to Profile > Privacy > Research Participation 2. Toggle OFF “Allow Internal Research Use” 3. Takes effect immediately 4. You can opt back in anytime

External Research (Separate Opt-In Required):

If we ever want to share de-identified data with external researchers (universities, research institutions), we will ALWAYS obtain your explicit opt-in consent first. This is completely separate and requires your active permission.

Difference from Personalized AI:

Feature

Personalized AI (Core Service)

Internal Research (Opt-Out)

External Research (Opt-Out)

Purpose

Insights FOR YOU

Improve product for EVERYONE

Advance medical science

Data use

YOUR data for YOUR predictions

De-identified data, internal only

De-identified data, may share externally

Default

ON (core feature)

ON (can opt-out)

ON (can Opt-Out)

Can disable

Limited (core to service)

Yes (anytime)

Yes (anytime)

Who uses it

You benefit directly

All LifeSage users benefit

Medical community benefits

Data sharing

Never

Never

Only with explicit consent

2.5 Legal and Safety

             Comply with applicable laws and regulations (HIPAA, GDPR, etc.)

             Respond to legal requests (subpoenas, court orders)

             Protect against fraud, abuse, or security threats

             Enforce our Terms of Service

3. How We Share Your Information

3.1 We DO NOT Sell Your Health Data

LifeSage will NEVER sell your personal health information to third parties. Your health data is not a commodity.

3.2 Sharing You Control

With Your Explicit Permission: - Healthcare Providers: Export and share reports with your doctors - Family Members: Share specific health metrics with caregivers (you control what they see) - Research Studies: Contribute anonymized data to approved research (opt-out )

You have complete control through: - Granular sharing permissions (choose exactly what to share) - Time-limited access (set expiration dates) - Revocable access (cancel sharing anytime)

3.3 Service Providers (Business Associates)

We work with trusted third-party vendors to provide our services:

Infrastructure and Hosting: - Cloud hosting providers (AWS, Google Cloud) - HIPAA-compliant - Database services with encryption - Content delivery networks (CDN)

Analytics and Performance: - Error tracking services (to fix bugs) - Performance monitoring (to keep the app fast) - Analytics platforms (anonymized usage data only)

Payment Processing: - Payment processors (Stripe) - PCI-DSS compliant - They never receive your health data

AI and Data Processing: - Claude AI by Anthropic (for health insights) - Lab report OCR processing - HIPAA Business Associate Agreements in place

All service providers: - Sign HIPAA Business Associate Agreements - Are contractually prohibited from using your data for their own purposes - Must maintain security standards equal to or exceeding ours

3.4 Legal Requirements

We may disclose your information when required by law: - Valid subpoenas or court orders - Legal proceedings or investigations - Public health requirements (e.g., disease reporting as required by law) - Prevention of imminent harm

We will: - Notify you unless legally prohibited - Challenge overly broad requests - Disclose only the minimum necessary information

3.5 Business Transfers

If LifeSage is acquired or merged: - Your data rights remain protected - The acquiring company must honor this Privacy Policy - We will notify you in advance - You can delete your data before the transfer

4. Your Rights and Controls

4.1 Access Your Data

             View: Access all your health data anytime in the app

             Download: Export your complete health record in standard formats (PDF, CSV, JSON)

             Portability: Transfer your data to another service

4.2 Control Your Data

             Edit: Update or correct any information

             Delete: Permanently delete specific records or your entire account

             Restrict Processing: Limit how we use certain data

             Opt-Out: Disable AI features, analytics, or communications

4.3 Privacy Settings

Granular Controls: - Choose which data sources to connect - Control what data AI can analyze - Set sharing permissions for each person/provider - Manage third-party integrations - Control notifications and communications

Data Minimization: - Only collect data you choose to provide - Connect only the services you want - Track only the metrics you care about

4.4 Account Management

             Pause Account: Temporarily stop data collection (account remains active)

             Export All Data: Download everything before deleting

             Delete Account: Permanently remove all data within 30 days

To exercise your rights: - Use in-app privacy settings - Email: [email protected] - We will respond within 30 days

5. Data Security

5.1 How We Protect Your Data

Encryption: - In Transit: TLS 1.3 encryption for all data transmission - At Rest: AES-256 encryption for all stored data - End-to-End: Sensitive data encrypted before leaving your device

Access Controls: - Multi-factor authentication (MFA) available - Role-based access for our employees (strict “need to know”) - Regular access audits - Background checks for employees with data access

Infrastructure Security: - HIPAA-compliant cloud infrastructure - Regular security audits and penetration testing - 24/7 security monitoring - Automated threat detection - Regular backups in geographically distributed locations

Application Security: - Secure coding practices - Regular security updates - Vulnerability scanning - Code reviews and testing

5.2 Your Security Responsibilities

Best Practices: - Use a strong, unique password - Enable multi-factor authentication (highly recommended) - Keep your device software updated - Don’t share your account credentials - Log out on shared devices - Report suspicious activity immediately

5.3 Data Breach Notification

In the unlikely event of a data breach: - We will notify affected users within 72 hours - We will notify regulatory authorities as required by law - We will provide details about what data was affected - We will offer guidance on protective measures - We will take immediate action to secure systems

6. Data Retention

6.1 How Long We Keep Your Data

Active Accounts: - Health data: Retained for as long as your account is active - You control retention through app settings - You can delete specific records anytime

Inactive Accounts: - After 2 years of inactivity, we will email you - After 3 years, we may delete your account with 60 days notice - You can reactivate before deletion

Deleted Accounts: - Permanent deletion within 30 days of request - Backups purged within 90 days - Legal hold data (if applicable) retained only as long as legally required

Exceptions: - Anonymized research data (cannot be re-identified) - Legal compliance data (minimum required by law) - Fraud prevention data (user IDs only, no health data)

6.2 Data Retention for Research

If you opt-in to research: - Your anonymized data may be retained indefinitely - It cannot be linked back to you - You can withdraw from future research (existing anonymized data remains)

7. Children’s Privacy

Age Requirement: LifeSage is intended for users 18 years and older.

We do NOT knowingly collect data from children under 18.

If we discover we have collected data from a child under 18: - We will delete it immediately - We will notify the parent/guardian if possible

For parents: - If you believe your child has provided information to us, contact: [email protected]

8. International Users and Data Transfers

8.1 Data Storage Location

Primary Storage: United States (HIPAA-compliant data centers)

International Transfers: - If you’re outside the US, your data is transferred to US servers - We use Standard Contractual Clauses (SCCs) for GDPR compliance - We maintain equivalent protections regardless of location

8.2 International Rights

European Users (GDPR): - Right to access, rectify, erase, restrict processing - Right to data portability - Right to object to processing - Right to lodge complaints with supervisory authorities - Contact our EU representative: [email protected]

California Users (CCPA/CPRA): - Right to know what data we collect - Right to delete personal information - Right to opt-out of sale (we don’t sell data) - Right to non-discrimination - Contact: [email protected]

9. Third-Party Services and Integrations

9.1 External Links

Our app may contain links to: - Health resources and educational content - Partner services (with your permission) - Social media platforms

Important: We are not responsible for the privacy practices of third-party websites. Review their privacy policies separately.

9.2 Integrated Services

When you connect third-party services: - You authorize data sharing between LifeSage and that service - Their privacy policy also applies to data they collect - You can disconnect integrations anytime

We integrate with (examples): - Apple Health / Google Fit - Wearable devices (Fitbit, Garmin, Oura, Whoop, etc.) - Lab providers (Quest, LabCorp - future) - Pharmacies (future)

10. FDA Adverse Event Data

Public Data We Use: - We access FDA’s FAERS (adverse event reporting) database - This is public, anonymized data - NOT your personal data - We use it to show medication safety information - No personal information is shared with FDA through our app

11. Do Not Track Signals

Our app responds to Do Not Track (DNT) signals: - When DNT is enabled, we disable non-essential tracking - Core functionality still works - You can control this in privacy settings

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy to reflect: - Changes in our practices - New features or services - Legal or regulatory requirements

12.2 Notification

For material changes: - We will email you 30 days in advance - We will display a prominent notice in the app - Continued use after changes indicates acceptance

For minor changes: - We will update the “Last Updated” date - Changes posted on our website

12.3 Version History

Previous versions available at: lifesage.life/privacy/history

13. HIPAA Compliance

13.1 Our HIPAA Commitment

LifeSage is designed as a HIPAA-compliant platform: - We maintain administrative, physical, and technical safeguards - We sign Business Associate Agreements with covered entities - We conduct regular HIPAA compliance audits - We train all employees on HIPAA requirements

13.2 Your Protected Health Information (PHI)

Under HIPAA, you have the right to: - Access your PHI - Request corrections to your PHI - Receive an accounting of disclosures - Request restrictions on use and disclosure - Receive confidential communications - File complaints if your rights are violated

To exercise HIPAA rights: - Email: [email protected] - Mail: LifeSage HIPAA Privacy Officer, 306 Copperstone Trl, Coppell, TX, 75019

13.3 Notice of Privacy Practices

Full HIPAA Notice of Privacy Practices available at: lifesage.life/hipaa-notice

14. Contact Us

14.1 Privacy Questions

Email: [email protected]
Phone: 1-800-LIFESAGE (1-800-543-3724)
Mail:
LifeSage Privacy Team
306 Copperstone Trl.

Coppell, TX, 75019

14.2 Data Protection Officer

Email: [email protected]

14.3 Security Issues

Report security concerns:
Email: [email protected]
Bug Bounty: lifesage.life/security/bug-bounty

15. Your Consent

By using LifeSage, you consent to: - Collection and use of information as described - Processing of your health data for services you request - Storage and security measures we’ve outlined

You can withdraw consent by: - Adjusting privacy settings - Disconnecting data sources - Deleting your account

16. Key Takeaways

Your data is YOUR data - you own and control it
We NEVER sell your health information
Personalized AI learns from YOUR data to help YOU - core feature, no special opt-in
Research AI is completely optional - explicit opt-in required
HIPAA-compliant security and encryption
Transparent about what we collect and why
Easy data export and deletion
Granular privacy controls
AI processing with clear disclosure

Appendix A: Definitions

Personal Health Information (PHI): Information about your health that can identify you
HIPAA: Health Insurance Portability and Accountability Act
GDPR: General Data Protection Regulation (EU)
CCPA: California Consumer Privacy Act
Business Associate: Third-party service provider with access to PHI
De-identified Data: Data with all personal identifiers removed
Anonymized Data: Data that cannot be re-identified

Appendix B: Data We Do NOT Collect

We do NOT collect: - Social Security Numbers - Financial account numbers (except payment processing) - Genetic data (23andMe, etc.) unless you explicitly upload it - Mental health counseling notes (unless you choose to record them) - Precise GPS location (only city/state level) - Audio/video recordings (unless you choose to store them) - Browsing history outside our app - Contacts or SMS messages from your device

Last Updated: March 27, 2026
Version: 1.0
Effective: March 27, 2026

LifeSage, Inc.
Helping you make data-driven health decisions

Questions? Contact us at [email protected]