Privacy Policy

Introduction

Samvion Labs LLC (“Samvion Labs”, “we”, “us”, or “our”) operates MyVitalSync (myvitalsync.app), a consumer health platform that helps individuals understand their laboratory test results through AI-assisted analysis. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

MyVitalSync is not a covered entity under HIPAA in its current form; however, we voluntarily apply HIPAA-aligned security standards to all health data we handle, including execution of Business Associate Agreements with our infrastructure providers. We treat all health information with the highest standard of care.

1. Information We Collect

1.1 Information You Provide Directly

• Account information: name, email address, password (hashed, never stored in plain text)
• Profile information: age, sex, height, weight, blood group — used solely to personalize health analysis
• Laboratory reports: PDF files you upload containing lab test results
• Lab result data: individual marker values, reference ranges, and collection dates extracted from your uploaded reports

1.2 Information Collected Automatically

• Usage data: pages visited, features used, session duration — collected in aggregate
• Device information: browser type, operating system, IP address
• Log data: server-side structured logs for debugging and security monitoring — PHI is excluded from logs

1.3 Information We Do Not Collect

• We do not collect Social Security numbers, government ID numbers, or financial account information
• We do not sell, rent, or broker your health data to any third party
• We do not use your health data for advertising purposes
• We do not share your individual health data with employers, insurers, or pharmaceutical companies

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To analyze your lab results, calculate health scores, estimate biological age, and generate personalized health insights.
• AI Analysis: Your lab marker values are processed through AI models (AWS Bedrock / Anthropic Claude) to generate natural language explanations and health summaries. Data sent to AI providers is governed by our Business Associate Agreements with those providers.
• Account Management: To create and manage your account, authenticate your identity, and maintain your health history.
• Service Improvement: To understand how users interact with MyVitalSync in aggregate, identify bugs, and improve our algorithms. This analysis uses de-identified or aggregated data only.
• Communications: To send you transactional emails (account confirmation, password reset). We will not send marketing emails without your explicit opt-in.
• Legal Compliance: To comply with applicable laws, respond to lawful requests, and protect the rights and safety of our users.

3. Health Data — Special Protections

We recognize that laboratory results are among the most sensitive categories of personal information. We apply the following protections specifically to your health data:

• Encryption at rest: All lab data is stored in Amazon RDS with AES-256 encryption. Encryption is enabled at the storage layer and cannot be disabled.
• Encryption in transit: All data transmission uses TLS 1.2 or higher with verified certificates. We use AWS RDS CA-signed certificates for database connections.
• Access controls: Your health data is accessible only to your authenticated account. We enforce row-level ownership verification on all data access and deletion operations.
• Identity separation: Authentication is handled by Supabase (identity provider). No Protected Health Information (PHI) is stored in the authentication system.
• AI provider BAA: We maintain a Business Associate Agreement with AWS (covering AWS Bedrock) for AI processing of health data.
• No PHI in logs: Our structured logging system (AWS CloudWatch) is configured to exclude health data from all log entries.
• Data minimization: We collect only the health data necessary to provide the Service.

4. Information Sharing and Disclosure

We do not sell your personal information. We share your information only in the following limited circumstances:

• Infrastructure Providers: Amazon Web Services (RDS, Bedrock, CloudWatch) — under BAA. Railway (hosting platform). Supabase (authentication) — identity data only, no PHI.
• Payment Processors: Stripe — for subscription billing. Stripe receives only billing information, never health data.
• Legal Requirements: We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of Samvion Labs, our users, or the public.
• Business Transfers: If Samvion Labs is acquired or merged, your information may be transferred as part of that transaction. We will notify you via email prior to any such transfer.
• With Your Consent: We will share your information for any other purpose only with your explicit, informed consent.

5. Data Retention

We retain your account and health data for as long as your account is active or as needed to provide the Service. If you delete your account, we will permanently delete your health data within 30 days, except where retention is required by law. Anonymized, aggregated data derived from your usage (containing no personally identifiable information) may be retained indefinitely for product improvement purposes.

6. Your Rights and Choices

• Access: You may request a copy of the personal information we hold about you.
• Correction: You may update your profile information directly within the Service at any time.
• Deletion: You may delete individual lab reports or your entire account from within the Service. Account deletion triggers permanent data removal within 30 days.
• Data Portability: You may request an export of your lab data in a machine-readable format by contacting privacy@labtrends.co.
• Opt-out of Communications: You may opt out of non-transactional communications at any time via the unsubscribe link in any email or by contacting us directly.

To exercise any of these rights, contact us at privacy@labtrends.co. We will respond within 30 days.

7. Children's Privacy

MyVitalSync is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@labtrends.co.

8. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through MyVitalSync.

9. Cookies and Tracking

We use session cookies and local storage solely for authentication and user preference storage. We do not use third-party advertising cookies or tracking pixels. We do not use Google Analytics or similar behavioral tracking services that share data with advertisers.

10. Security

We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include AES-256 encryption at rest, TLS encryption in transit, access control enforcement, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date and, for significant changes, by sending an email to your registered address at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Samvion Labs LLC
Email: privacy@labtrends.co
Website: myvitalsync.app