Privacy Policy

1. Introduction

PlasmaLabs ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our lab report analysis service ("the Service"). The Service is operated by an individual sole proprietor.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address and password when you create an account
• Lab Reports: PDF files containing your laboratory test results that you upload for analysis
• Payment Information: Billing details processed through our payment provider (Stripe)
• Communications: Any information you provide when contacting us for support

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with the Service, including features used and analysis requests
• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP address, access times, and pages viewed
• Cookies: Session cookies necessary for authentication and security

3. Sensitive Health Information

We understand that lab reports contain personal health information. We implement technical and organizational measures designed to protect this sensitive data, including encryption in transit and at rest, access controls, and audit logging of all data access.

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Analyze your uploaded lab reports and generate educational explanations
• Process your transactions and manage your subscription
• Send you service-related communications
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

5. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who assist us in operating the Service:

• AI Processing: Lab report content is sent to AI providers (Anthropic) for analysis. These providers process data according to their privacy policies and data processing agreements.
• Payment Processing: Stripe processes payment information. We do not store complete credit card numbers.
• Hosting and Infrastructure: Vercel and Supabase provide hosting and database services.
• Analytics: We may use analytics services to understand how the Service is used.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfers

If the Service is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your information based on your subscription tier:

• Free Tier: Lab reports and analysis results are retained for 7 days
• Pro Tier: Data is retained for 90 days
• Unlimited Tier: Data is retained for 1 year

Account information is retained for as long as your account is active. After account deletion, we may retain certain information as required by law or for legitimate business purposes, such as audit logs which are retained for 6 years.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with strong password requirements
• Automatic session timeout after periods of inactivity
• Rate limiting to prevent abuse
• Access controls and audit logging
• Regular security assessments

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information and account
• Export: Download your analysis history in various formats
• Opt-out: Opt out of marketing communications

To exercise these rights, please contact us at privacy@plasmalabs.app or use the relevant features in your account settings.

9. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt-out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us using the information below.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where data protection laws may differ. By using the Service, you consent to the transfer of your information to these countries.

11. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

12. Cookies and Tracking

We use essential cookies necessary for the Service to function, including:

• Authentication cookies: To keep you logged in
• Security cookies: To protect against fraud and unauthorized access
• Preference cookies: To remember your settings

We do not use third-party advertising cookies or sell data to advertisers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes your acceptance of the new Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: