Privacy policy

Please review our Privacy policy to understand how we handle your information.

Effective Date: April 18, 2025.

1. Introduction to Our Privacy Policy

Welcome to AI DiagMe! Smart Medical Care Ltd (“we”, “us”, “our”) is deeply committed to protecting the privacy and security of your personal data. This Privacy Policy is designed to clearly explain how we handle your information. AI DiagMe is a trade name of Smart Medical Care Ltd.

This document details how we collect, use, and protect your personal data when you use our website, aidiagme.com (the “Site”), and our AI-powered lab result explanation services (the “Services”). Furthermore, it informs you about your data protection rights. We encourage you to read this entire privacy policy carefully. By using our Services, you acknowledge that you have reviewed this policy. For the processing of your health data specifically, we obtain your explicit consent separately.

2. Data Controller and Privacy Contact

Our Role as Data Controller

The data controller responsible for your personal data is:

  • Company: Smart Medical Care Ltd
  • Registered Office: 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
  • Registration Number: 15309552
  • Contact Email: contact@aidiagme.com

Your Point of Contact for Privacy

For any questions regarding this privacy policy or your personal data, you can contact our Privacy Contact:

  • Name: Julien P.
  • Contact: contact@aidiagme.com

3. The Personal Data We Collect

To provide and improve our Services, we collect several categories of personal data. This section of our privacy policy outlines what we collect.

  • Identification and Contact Data: This includes your name and email address. We use your name to help anonymize your lab report before AI processing and use your email to send you the generated AI report.
  • Health and Contextual Data (Protected Health Information – PHI): This category covers the lab analysis report file (e.g., blood, urine) that you upload. It also includes contextual information you provide, such as age, sex, and medical history, which helps us generate a more relevant explanation.
  • Transaction Data: We collect information related to your purchase, which our payment provider Stripe processes directly. While we do not store your full credit card details, we do keep a history of your transactions with us.
  • Technical and Interaction Data: Through tools like Microsoft Clarity and Google Analytics, we collect information about how you interact with our Site, subject to your cookie consent. This may include your IP address (anonymized where possible), browser type, and pages visited.
  • Cookie Data: We collect information via cookies as detailed in our Cookie Policy and based on your consent choices.
  • Communication Data: This includes any information you provide when you contact our customer support.

Our privacy policy is built on processing your data for specific purposes under appropriate legal bases (including GDPR and HIPAA principles).

  • To Provide the AI Service: We use your Health Data and PDF Report to generate your AI explanation, based on your Explicit Consent.
  • To Anonymize Your Report: Your name helps us remove direct identifiers from the report before AI analysis, a necessary step for the performance of our contract.
  • To Deliver Your Report: We use your email address to send the results, which is essential for the performance of our contract.
  • To Manage Payments and Accounts: Your transaction and contact data are used to manage payments and your customer relationship, based on the performance of our contract.
  • To Improve Site and Service Security: We analyze usage data to improve our platform. This processing is based on your Consent for analytics cookies and our Legitimate Interest in securing our services.
  • To Improve Our AI Models: We may use de-identified health data to improve our services, based on our Legitimate Interest. You have the right to opt-out of this use.
  • To Fulfill Your Requests: When you contact support, we use your data to respond, based on our Legitimate Interest in providing excellent service.
  • To Comply with Legal Obligations: We may process any personal data as necessary to comply with the law.

5. Sharing Your Personal Data

We do not sell your personal data. This privacy policy confirms we only share your data with trusted third parties under strict conditions.

  • Service Providers (Processors): We share data with essential partners like Microsoft Azure for secure hosting, Stripe for payments, and Google/Microsoft for analytics (with your consent).
  • AI Infrastructure Providers: Importantly, only de-identified data is sent to our third-party AI service providers to generate your report.
  • Legal and Business Obligations: We may disclose data if required by law or during a business transfer (like a merger), ensuring the new entity upholds our privacy policy commitments.

We require all partners to respect the security of your data and treat it lawfully, signing Business Associate Agreements (BAAs) under HIPAA where necessary.

6. International Data Transfers and This Privacy Policy

As a UK-based company, we operate under UK/EU data protection laws (GDPR). When we transfer data to providers outside this region (like in the US), we ensure an adequate level of protection through measures like Adequacy Decisions or Standard Contractual Clauses (SCCs). Please note that data sent to third-party AI providers is always de-identified by us before any transfer.

7. Our Commitment to Data Security

We implement robust technical and organizational security measures to protect your personal data. These include:

  • Hosting on secure Microsoft Azure servers.
  • De-identifying reports before AI analysis.
  • Encrypting data in transit and at rest.
  • Enforcing strict internal access controls.

8. Data Retention Policy

We retain your data only as long as necessary.

  • Original PDF Report: We delete this file within 90 days after delivering your AI report.
  • De-identified AI Report: We keep this non-identifiable report for 3-5 years to allow you access and for internal analysis.
  • Transaction Data: We retain this data for the legally required period (e.g., 6 years in the UK).

9. Your Data Protection Rights Under This Policy

Depending on your location, you have rights regarding your personal data.

  • Right of Access, Rectification, and Erasure: You can request a copy of your data, correct it, or ask for its deletion.
  • Right to Restrict or Object: You can object to processing based on our legitimate interests (like using de-identified data for AI improvement).
  • Right to Withdraw Consent: You can withdraw consent for processing health data at any time.

To exercise these rights, please contact our Privacy Contact at contact@aidiagme.com.

10. Children’s Privacy Policy

Our Services are not intended for individuals under 18. Consequently, we do not knowingly collect personal data from minors.

11. Cookies and Tracking Technologies

Our Cookie Policy provides detailed information on our use of cookies. Please consult it to learn how to manage your preferences.

12. Changes to This Privacy Policy

We may update this privacy policy periodically. The “Last Updated” date at the top will always indicate the latest version. We encourage you to review this page regularly.

13. How to Lodge a Complaint

If you have concerns about our data handling, please contact us first. You also have the right to lodge a complaint with a supervisory authority, such as the Information Commissioner’s Office (ICO) in the UK or the U.S. Department of Health & Human Services (HHS) for HIPAA-related issues.

14. Additional Company Resources

  • Publications: Discover our articles and insights.
  • Get Started: Learn how our AI-powered tool works.
  • FAQ: Find answers to common questions about data security and tool usage.
  • French Language Site: For French speakers, please visit aidiagme.fr