Please review our Privacy policy to understand how we handle your information.
Effective Date: April 18, 2025.
Introduction to Our Privacy Policy
Welcome to AI DiagMe! Smart Medical Care Ltd (“we”, “us”, “our”) is deeply committed to protecting the privacy and security of your personal data. This Privacy Policy is designed to clearly explain how we handle your information. AI DiagMe is a trade name of Smart Medical Care Ltd.
This document details how we collect, use, and protect your personal data when you use our website, aidiagme.com (the “Site”), and our AI-powered lab result explanation services (the “Services”). Furthermore, it informs you about your data protection rights. We encourage you to read this entire privacy policy carefully. By using our Services, you acknowledge that you have reviewed this policy. For the processing of your health data specifically, we obtain your explicit consent separately.
Our Role as Data Controller
The data controller responsible for your personal data is:
-
- Company: Smart Medical Care Ltd
-
- Registered Office: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
-
- Registration Number: 15309552
-
- Contact Email: contact@aidiagme.com
For any questions regarding this privacy policy or your personal data, you can contact our Privacy Contact:
-
- Contact: contact@aidiagme.com
2. The Personal Data We Collect
To provide and improve our Services, we collect several categories of personal data. This section of our privacy policy outlines what we collect.
-
- Identification and Contact Data: This includes your name and email address. We use your name to help anonymize your lab report before AI processing and use your email to send you the generated AI report.
-
- Health and Contextual Data (Protected Health Information – PHI): This category covers the lab analysis report file (e.g., blood, urine) that you upload. It also includes contextual information you provide, such as age, sex, and medical history, which helps us generate a more relevant explanation.
-
- Transaction Data: We collect information related to your purchase, which our payment provider Stripe processes directly. While we do not store your full credit card details, we do keep a history of your transactions with us.
-
- Technical and Interaction Data: Through tools like Microsoft Clarity and Google Analytics, we collect information about how you interact with our Site, subject to your cookie consent. This may include your IP address (anonymized where possible), browser type, and pages visited.
-
- Cookie Data: We collect information via cookies as detailed in our Cookie Policy and based on your consent choices.
-
- Communication Data: This includes any information you provide when you contact our customer support.
3. How We Use Your Data: Purposes and Legal Bases
Our privacy policy is built on processing your data for specific purposes under appropriate legal bases (including GDPR and HIPAA principles).
-
- To Provide the AI Service: We use your Health Data and PDF Report to generate your AI explanation, based on your Explicit Consent.
-
- To Anonymize Your Report: Your name helps us remove direct identifiers from the report before AI analysis, a necessary step for the performance of our contract.
-
- To Deliver Your Report: We use your email address to send the results, which is essential for the performance of our contract.
-
- To Manage Payments and Accounts: Your transaction and contact data are used to manage payments and your customer relationship, based on the performance of our contract.
-
- To Improve Site and Service Security: We analyze usage data to improve our platform. This processing is based on your Consent for analytics cookies and our Legitimate Interest in securing our services.
-
- To Improve Our AI Models: We may use de-identified health data to improve our services, based on our Legitimate Interest. You have the right to opt-out of this use.
-
- To Fulfill Your Requests: When you contact support, we use your data to respond, based on our Legitimate Interest in providing excellent service.
-
- To Comply with Legal Obligations: We may process any personal data as necessary to comply with the law.
4. Sharing Your Personal Data
We do not sell your personal data. This privacy policy confirms we only share your data with trusted third parties under strict conditions.
-
- Service Providers (Processors): We share data with essential partners like Microsoft Azure for secure hosting, Stripe for payments, and Google/Microsoft for analytics (with your consent).
-
- AI Infrastructure Providers: Importantly, only de-identified data is sent to our third-party AI service providers to generate your report.
-
- Legal and Business Obligations: We may disclose data if required by law or during a business transfer (like a merger), ensuring the new entity upholds our privacy policy commitments.
We require all partners to respect the security of your data and treat it lawfully, signing Business Associate Agreements (BAAs) under HIPAA where necessary.
5. International Data Transfers and This Privacy Policy
As a UK-based company, we operate under UK/EU data protection laws (GDPR). When we transfer data to providers outside this region (like in the US), we ensure an adequate level of protection through measures like Adequacy Decisions or Standard Contractual Clauses (SCCs). Please note that data sent to third-party AI providers is always de-identified by us before any transfer.
6. Our Commitment to Data Security
We implement robust technical and organizational security measures to protect your personal data. These include:
-
- Hosting on secure Microsoft Azure servers.
-
- De-identifying reports before AI analysis.
-
- Encrypting data in transit and at rest.
-
- Enforcing strict internal access controls.
7. Data Retention Policy
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements. The retention period for your main personal data depends on the status of your account:
-
- For Active Accounts: Your account data, contact and contextual information, and your generated AI reports are retained as long as your account is active. This allows you to use our Services and access your history through the patient portal.
-
- For Deactivated Accounts: Upon deactivation, we retain your data (account, contact, context, AI reports) for a maximum period of 3 years. This allows you to reactivate your account during this time. At the end of this period, without reactivation, this data will be permanently deleted.
-
- Original PDF Report: In line with the principle of data minimization, we will retain this file for a maximum of 90 days to resolve any potential delivery issues, after which it will be securely deleted.
-
- Transaction Data: Retained for the period required by our legal and accounting obligations (typically 6 years in the United Kingdom).
-
- De-identified Data for AI Improvement: Data that has been irreversibly de-identified is no longer considered personal data. It may be kept indefinitely for the sole purpose of research and improvement of our AI models.
A request to permanently delete your account will trigger the erasure of all data listed above, except where we have an overriding legal obligation to retain it (such as transaction data) or for data that has already been irreversibly de-identified.
8. Your Data Protection Rights Under This Policy
Depending on your location, you have rights regarding your personal data.
-
- Right of Access, Rectification, and Erasure: You can request a copy of your data, correct it, or ask for its deletion.
-
- Right to Restrict or Object: You can object to processing based on our legitimate interests (like using de-identified data for AI improvement).
-
- Right to Withdraw Consent: You can withdraw consent for processing health data at any time.
Managing Your Account: Deactivation and Deletion
You have the right to erase your personal data. With the launch of our patient portal, you will have two distinct options to manage your account and data directly from your personal dashboard:
-
-
- Deactivate Your Account: This option allows you to take a break from our Services. Your account and personal data (including your profile, AI reports, etc.) will no longer be actively accessible but will be securely stored for a period of 3 years. This allows you to reactivate your account and access your history at any time during this period. If your account is not reactivated within 3 years, it and all associated personal data will be permanently deleted, except for data subject to a legal retention obligation.
-
- Permanently Delete Your Account: This option corresponds to exercising your Right of Erasure. It will trigger the irreversible and prompt deletion of your account and all associated personal data (profile, uploaded documents, AI reports), subject to our legal retention obligations (notably for transaction data). Once you perform this action, your data cannot be recovered.
How to Exercise Your Rights
The options to deactivate or permanently delete your account will be directly available in your patient portal settings. For any other requests related to your rights, or if you cannot access the portal, you can still contact our Privacy Contact at contact@aidiagme.com. We may need to verify your identity before processing your request to ensure the security of your data.
9. Children’s Privacy Policy
Our Services are not intended for individuals under 18. Consequently, we do not knowingly collect personal data from minors.
10. Cookies and Tracking Technologies
Our Cookie Policy provides detailed information on our use of cookies. Please consult it to learn how to manage your preferences.
11. Changes to This Privacy Policy
We may update this privacy policy periodically. The “Last Updated” date at the top will always indicate the latest version. We encourage you to review this page regularly.
12. How to Lodge a Complaint
If you have concerns about our data handling, please contact us first. You also have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK or the U.S. Department of Health & Human Services (HHS) for HIPAA-related issues.
13. Additional Company Resources
-
- FAQ: Find answers to common questions about data security and tool usage.
