Last updated: March 2026
BloodLife ("we", "our" or "Platform") is committed to protecting the privacy and personal data of its users. This Privacy Policy describes how we collect, use, store and share your personal information in compliance with applicable data protection laws.
We collect the following personal data when you use our platform: Registration data: name or nickname, email address, password (encrypted), profile photo (when provided via Google login). Health quiz data: gender, age, health goals, physical activity level, exercise preferences, training location, available equipment, dietary restrictions, budget, weight, height, health conditions, previous attempts. Blood test data: when you upload a blood test PDF, the data contained in the document is processed by our technology for marker analysis. Payment data: processed directly by Stripe, Inc. BloodLife does NOT store credit card data on its servers. Usage data: information about how you interact with the platform, including pages visited, features used, and traffic source (UTMs).
Your personal data is used for the following purposes: Personalized plan generation: your health data is sent to an artificial intelligence model (Anthropic Claude) to generate weekly meal plans, workout plans, supplementation, shopping lists and personalized tips. Blood test analysis: when you upload a test, markers are analyzed by the technology to adjust your diet and supplementation plan. Account creation and management: authentication, password recovery and experience personalization. Payment processing: subscription management and recurring billing via Stripe. Service improvement: aggregated and anonymous data analysis to improve the platform. Communication: transactional emails (payment confirmation, password recovery) and, when authorized, service communications.
The processing of your personal data is carried out based on the following legal bases: Consent: by creating your account and providing your information in the quiz, you expressly consent to the processing of data for the described purposes. Contract execution: processing is necessary for the provision of the contracted service. Legitimate interest: for service improvement and aggregated statistical analyses.
Your personal data may be shared with the following third parties, exclusively for the described purposes: Anthropic (Claude AI): quiz and blood test data is sent to the AI model for generating personalized plans. Anthropic does not use this data to train its models. Stripe, Inc.: payment data is processed by Stripe. Stripe is PCI-DSS Level 1 certified. Supabase: our database and authentication provider. Vercel: our hosting provider. Resend: our transactional email provider. Google: when you choose Google login. Meta (Facebook): we use Facebook Pixel for advertising campaign measurement. We do not sell, rent or share your personal data with third parties for direct marketing purposes.
We recognize that data such as weight, height, dietary restrictions, health conditions, blood tests and health goals may be considered sensitive personal data. This data is collected and processed exclusively with your explicit consent and is used solely for generating your personalized plan. This data is NOT used for discriminatory purposes, insurance, credit or any other purpose not described in this policy.
Your data is stored on secure Supabase servers (AWS infrastructure), with encryption in transit (TLS/SSL) and at rest. We implement technical and organizational measures to protect your data, including: password encryption, role-based access control (RLS), secure JWT token authentication, protected API keys, suspicious activity monitoring. No system is 100% secure. In case of a security incident, we will notify you as required by applicable law.
You have the following rights regarding your personal data: Access: know if we process your data and access a copy. Correction: request correction of incomplete or inaccurate data. Deletion: request deletion of personal data processed with your consent. Portability: request portability of your data to another provider. Consent revocation: revoke your consent at any time. To exercise any of these rights, contact us at: bloodlifeapp@gmail.com
Your personal data will be maintained while your account is active. After subscription cancellation, your data will be kept for up to 6 months. After this period, data will be anonymized or deleted, except when there is a legal retention obligation.
We use essential cookies for platform operation, including authentication and session cookies. We use Facebook Pixel for advertising campaign measurement.
Your data may be transferred and processed on servers located outside your country (United States), where our service providers are hosted (Supabase, Vercel, Stripe, Anthropic, Resend).
BloodLife is not intended for persons under 18 years of age. We do not intentionally collect data from minors. If we become aware that we have collected data from a minor, we will proceed with immediate deletion.
We may update this Privacy Policy periodically. Significant changes will be communicated by email or by notice on the platform.
For questions about this Privacy Policy or your personal data, contact us: Email: bloodlifeapp@gmail.com