Privacy Policy - MyLabStory

1. Introduction

MyLabStory is a personal health data management platform operated under the brand Kritr, which is owned and operated by AI Brainiacs ("we," "us," or "our"). We understand that your health information is deeply personal, and we take your privacy seriously.

This Privacy Policy describes our practices regarding the collection, use, storage, and sharing of your Personal Data when you use the MyLabStory mobile application (the "App"), our website, and related services (collectively, the "Service").

This Privacy Policy applies to:

• People who use our Service ("Users," "you," or "your")
• People on whose behalf Users provide information, such as family members whose health records are managed through the Service

Some terms we use in this policy:

• "Personal Data" means any information that identifies or relates to you as an individual
• "Health Data" means personally identifiable information about your health, lab results, biomarkers, and medical records that you upload or that is extracted through the Service
• "Anonymized Data" means data from which personally identifiable information has been removed such that it can no longer be used to identify an individual
• "Aggregated Data" means data combined across multiple individuals in summary form. Aggregated Data is considered anonymized and is no longer Personal Data

2. How We Collect Personal Data

We may collect Personal Data from:

• You directly, when you create an account, upload lab reports, enter health information, complete your profile, or contact us
• Automated processing, when AI systems extract biomarker data from documents you upload
• Automatic data collection through device identifiers, analytics events, and similar technologies when you use the App
• Third-party platforms, if you sign in through a third-party service such as Google or Apple, or when you subscribe through an app store

3. What Personal Data We Collect

We may collect the following types of Personal Data:

• Account information such as your name, email address, and password
• Profile data such as date of birth, gender, and family member profiles
• Health Data including lab report files such as PDFs and images, extracted biomarker values, health summaries, trend data, and notes you add to your records
• Payment and transaction data necessary to process your subscription, including billing information and transaction history. We do not have direct access to your payment card numbers. Payments are processed by app stores such as Apple or Google, or by third-party payment processors
• Communications that you send to us, including support messages, feedback, and reviews
• Device data such as your device type, operating system, app version, and general location information such as country or region
• Usage data such as features you use, screens you view, session duration, and interaction patterns within the App

4. How We Use Personal Data

We use Personal Data for the following purposes:

Service Delivery

• Provide, operate, and improve the Service
• Process your lab report uploads and extract biomarker data using AI
• Generate health summaries, insights, and trend visualizations
• Create and manage your account and profiles
• Provide customer support and respond to your inquiries
• Customize your experience based on your usage and preferences

AI and Automated Processing

The Service uses artificial intelligence and automated systems to:

• Extract data from uploaded documents through OCR and AI processing
• Generate summaries, insights, and trend analysis
• Identify patterns and anomalies in your biomarker data

You acknowledge that AI outputs may not always be accurate or complete. Results should be independently verified with a qualified healthcare provider. AI is used as a support tool, not a medical decision-maker.

Analytics and Improvement

• Understand how Users interact with the Service
• Analyze usage patterns to improve features and reliability
• Conduct research and development to enhance the product experience
• Create Aggregated Data or Anonymized Data for internal analysis

Marketing and Communications

• Send you Service-related announcements, updates, and important notifications
• Send promotional communications where permitted by law
• Measure the effectiveness of our communications

We do not use personally identifiable Health Data for marketing or advertising purposes.

Compliance and Protection

• Protect against fraudulent, illegal, or harmful activity
• Maintain the safety, security, and integrity of the Service
• Comply with legal obligations, resolve disputes, and enforce our Terms of Use
• Respond to law enforcement requests as required by applicable law

5. Who We Share Personal Data With

We may share your Personal Data with the following categories of recipients:

• Cloud infrastructure providers that host and process data on our behalf using secure servers. These providers do not use your Personal Data for any purpose other than providing their services to us
• AI processing providers that assist with document extraction, biomarker analysis, and generating insights. Your data is processed solely to deliver the Service functionality you requested
• Analytics providers that help us understand how the Service is used, in aggregated and anonymized form
• Payment processors and app stores such as Apple and Google that handle billing and subscription management. We do not share your Health Data with payment providers
• Customer support platforms that help us manage and respond to support requests. We limit the data shared with these platforms to what is necessary to resolve your inquiry
• Marketing communications providers that help us deliver email and other communications. We will never share your Health Data with marketing providers
• Government authorities where required to comply with the law, enforce agreements, or protect rights, property, or safety
• Business transferees in connection with a merger, acquisition, restructuring, or sale of assets

We will never sell your Personal Data to anyone.

We may share Aggregated Data or Anonymized Data derived from your usage of the Service with partners, researchers, or other third parties. Such data is no longer Personal Data and cannot be used to identify you.

6. Data Storage, Security, and Retention

Storage

We store your data using secure cloud infrastructure with encryption in transit and at rest. We employ administrative, technical, and organizational security measures designed to protect your Personal Data, including access controls, audit logging, and secure data processing pipelines.

However, no system can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your account credentials.

Retention

We retain Personal Data only for as long as reasonably necessary to:

• Provide the Service and fulfill the purposes described in this policy
• Meet legal, tax, accounting, and regulatory obligations
• Resolve disputes and enforce agreements
• Maintain security and prevent fraud

When the retention period expires, we delete or anonymize the data. To determine the appropriate retention period, we consider the nature and sensitivity of the data, the potential risk of unauthorized use or disclosure, and applicable legal requirements.

Subscription Data

If you cancel your paid subscription but maintain a free account, we may continue to store your previously uploaded data. If you delete your account entirely, we will delete your Personal Data, subject to any legal retention requirements.

7. Your Rights

Subject to applicable law, you have the following rights regarding your Personal Data:

• Access: You may request confirmation of whether we process your Personal Data and obtain a copy of it
• Rectification: You may request correction of inaccurate Personal Data
• Erasure: You may request deletion of your Personal Data from our systems. Please note that deleting certain data may prevent us from providing the Service to you
• Portability: You may request a copy of your Personal Data in a machine-readable format, or request that we transmit it to another service where technically feasible
• Objection: You may object to the processing of your Personal Data for certain purposes, including direct marketing
• Restriction: You may request that we restrict further processing of your Personal Data in certain circumstances
• Withdrawal of Consent: Where processing is based on your consent, you may withdraw that consent at any time. This may affect your ability to use certain features of the Service
• Complaint: You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction

To exercise any of these rights, please contact us at mylabstory@kritr.com. We may need to verify your identity before processing your request. We will respond within a reasonable timeframe as required by applicable law.

We will not discriminate against you for exercising your privacy rights.

8. Cookies and Similar Technologies

In the App

The MyLabStory App does not use browser cookies. We may use device identifiers and analytics SDKs to collect usage data for product improvement.

On the Website

Our website may use:

• Strictly Necessary Cookies required for basic website functionality
• Analytics Cookies to understand how visitors use the website
• Marketing Cookies to measure the effectiveness of our campaigns

You can control cookies through your browser settings or through our cookie consent tool where available.

9. Personal Data of Children

MyLabStory is not intended for use by individuals under the age of 18 or the applicable age of majority in your jurisdiction.

We do not knowingly collect Personal Data from children. If we learn that we have collected Personal Data from a child under the applicable age, we will delete that information promptly.

If you believe a child may have provided us with Personal Data, please contact us at mylabstory@kritr.com.

10. Third-Party Sites and Services

The Service may contain links to or integrate with third-party websites, services, or platforms. We are not responsible for the privacy practices of those third parties.

We encourage you to review the privacy policies of any third-party services you access through or in connection with MyLabStory.

11. Health Data Disclaimer

MyLabStory is a health data management tool, not a medical device.

• It does not diagnose, treat, cure, or prevent any disease
• It is not certified as a clinical decision support system
• AI-generated insights and summaries are for informational purposes only
• Always consult a licensed medical professional before making any health decisions

Your use of the Service does not create a doctor-patient or any other healthcare provider relationship.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the updated policy within the App or on our website with a revised effective date.

For material changes, we may also notify you via email or through in-app notifications. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

If you do not agree with the updated policy, you should stop using the Service and may request deletion of your account and data.

13. Contact Us

If you have questions, concerns, or would like to exercise your privacy rights, please contact us at:

Product: MyLabStory

Brand: Kritr

Legal Entity: AI Brainiacs

Email: mylabstory@kritr.com

By using MyLabStory, you acknowledge that you have read, understood, and agree to this Privacy Policy.