Privacy Policy

Last updated: April 11, 2026

This Privacy Policy explains how Myhealthcloud (“MyHealthCloud”, “we”, “us”, “our”) collects, uses, shares, and protects information when you use the MyHealthCloud app and related services (the “Service”).

Plain-language summary

  • You can upload health records (like lab reports). We store them and may use AI to help extract and organize information.
  • We process health data, which is sensitive. We use it only to provide the Service and keep it secure.
  • We do not sell your data and do not use it to train AI models.
  • We do not use Health Data (including HealthKit/health data) for advertising.
  • You can request deletion; we delete account data within 30 days (subject to limited backup/logging exceptions explained below).

1) Definitions

  • Personal Data: information that identifies or relates to an identifiable individual.
  • Health Data: Personal Data relating to your physical or mental health (e.g., lab results, biomarker values, medical documents/images, HealthKit/health data).
  • Processing: any operation performed on data (e.g., collecting, storing, analyzing, deleting).
  • AI Processing: automated processing used to extract structured data or generate summaries/insights based on user-provided content.

2) Who we are (Data Controller) & how to contact us

Data Controller: Myhealthcloud

Email: privacy@myhealthcloud.nu

Support: support@myhealthcloud.nu

Export Data request: data@myhealthcloud.nu

If you contact us about privacy, please include the email associated with your account so we can verify your identity.

3) What data we collect

3.1 Data you provide

  • Account information: email, login credentials (handled via authentication providers), and optional profile details you choose to add.
  • Uploads & content (Health Data): lab reports, biomarker data, medical documents and images, and any notes you add.
  • Support communications: messages and attachments you send to support.

3.2 Data collected automatically

  • Device & technical data: device type, OS version, app version, language, IP address, and identifiers needed for security and fraud prevention.
  • Usage and diagnostics: basic usage events, crash logs, performance data, and error reports.

3.3 Subscription and purchase data

If you subscribe, purchases are processed by Apple App Store or Google Play (and we may use RevenueCat to manage entitlements). We typically receive:

  • subscription status (active/expired), product identifiers, renewal dates
  • purchase/receipt tokens needed to validate your subscription

We do not receive your full payment card details.

4) How we collect data

  • From you when you register, upload content, or use features.
  • Automatically through the app and service infrastructure.
  • From app stores/subscription services for entitlement verification.

5) How we use your data

We use data to:

  1. Provide and operate the Service (accounts, storage, sync, feature delivery).
  2. Process uploads and run AI features you request (extract, structure, summarize).
  3. Secure the Service (fraud prevention, abuse detection, authentication security).
  4. Improve reliability and performance (debugging, crash analysis, service monitoring).
  5. Provide support and respond to requests.
  6. Comply with legal obligations (where applicable).

5.1 Marketing & Custom Audiences (Strictly Non-Health Data)

We may use limited personal data (specifically your email address or device identifiers) to reach you with relevant information about our Service on third-party platforms (such as Meta, Google, or TikTok).

How this works:

  • Hashing: We convert your email address into a secure code (“hash”) before sharing it. The ad platform matches this code against their own users to show you our ads.
  • Strict Health Data Exclusion: We NEVER share your Health Data, Medical Images, or Lab Results for these marketing purposes. The ad platforms do not receive any information about your health status, conditions, or the content of your uploads.
  • Opt-out: You can opt out of this specific targeting by emailing privacy@myhealthcloud.nu.

6) AI Processing transparency

6.1 What AI does

When you use AI features, the Service may process your uploaded documents/images to:

  • extract relevant medical values (e.g., biomarkers)
  • organize results into structured formats
  • generate plain-language summaries or “insights” designed to help you understand your information

6.2 Data sent for AI processing

When you choose an AI-powered feature, we may send the health document or image you selected and text extracted from that document to process your request to our AI service provider(s). We do this only to perform the feature you requested, such as extracting the results.

6.3 User permission before AI sharing

Before sending personal data or health data to an external AI provider, MyHealthCloud asks for your permission in the app. You can choose not to use AI features and instead use manual entry features where available inside the application.

6.4 AI limitations & non-medical use

AI outputs may be inaccurate, incomplete, or not applicable to your situation. The Service:

  • is not a medical device (unless explicitly stated otherwise)
  • does not provide medical advice, diagnosis, or treatment
  • should not be used for emergencies (seek professional help immediately)

6.5 Training and model improvement

We do not use your uploaded Health Data (including biomarker values, medical documents/images, or HealthKit/health data) to train AI models.

6.6 Advertising and sale restrictions (AI & Health Data)

We do not use Health Data (including biomarker values, medical documents/images, or HealthKit/health data) for advertising or marketing purposes, and we do not sell Health Data. We do not allow Health Data to be used for cross-context behavioral advertising.

6.7 Automated decision-making

We do not use AI to make decisions that have legal or similarly significant effects (e.g., insurance eligibility). If that changes, we will provide additional notice and choices where required.

7) Legal bases for processing (GDPR / EU users)

Where the GDPR applies, we process Personal Data under:

  • Contract (Art. 6(1)(b)): to provide the Service you request.
  • Explicit consent for Health Data (Art. 9(2)(a)): to process Health Data you upload and generate AI-supported outputs where required.
  • Legitimate interests (Art. 6(1)(f)): to secure and improve the Service (e.g., preventing fraud, debugging), balanced against your rights.
  • Legal obligation (Art. 6(1)(c)): where required by law.

You may withdraw consent at any time; withdrawal does not affect prior lawful processing but may limit functionality.

8) Where your data is stored & international access/transfers

8.1 Storage location

Your primary data storage is located in Sweden.

8.2 Access from other locations

Because we operate globally and you may access the Service while traveling, your data may be accessed from other countries (e.g., by you, or by authorized support/security personnel as necessary).

8.3 International transfers (EEA/UK)

If we transfer Personal Data outside the EEA/UK (for example, due to service providers or support operations), we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and additional measures where required.

9) Data Subprocessors

We do not sell your Personal Data or Health Data.

We use certain third parties (“subprocessors”) to help deliver specific parts of the Service (such as authentication, subscriptions, or AI features). Subprocessors process data only within the scope of their specific purpose and under our instructions. They do not use your data for their own independent purposes, and any retention is limited to what is necessary to provide their service.

We require service providers that process data on our behalf to provide protections that are at least equivalent to those described in this Privacy Policy and required by applicable law, including security and confidentiality obligations.

9.1 Subprocessors we use

  • Apple (App Store / In-App Purchases): processes payments and subscriptions; provides subscription status and receipt information needed to validate purchases.
  • Google:
    • Google Play Billing: payments/subscriptions and purchase validation
    • Firebase Authentication: secure login and identity management
    • Marketing: Only hashed contact info is used; NO Health Data is accessed
    • AI processing: may process selected uploaded documents/images, extracted text, and limited related technical metadata to perform AI features requested by the user
  • RevenueCat (subscription management): helps us manage subscription entitlements and verify purchase status across platforms.
  • Meta
    • AI processing: may process selected uploaded documents/images, extracted text, and limited related technical metadata to perform AI features requested by the user
    • Marketing: Only hashed contact info is used; NO Health Data is accessed
  • Loopia (hosting / infrastructure): provides hosting services used to operate the Service (including storage and databases located in Sweden, where applicable).

9.2 Legal and safety

We may disclose data if required by law, court order, or to protect rights, safety, and security.

9.3 Business transfers

If we are involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction, subject to applicable law and notice requirements.

10) Data retention & deletion

  • Account deletion: when you request account deletion, we delete or anonymize your account data and uploaded content within 30 days, except as noted below.
  • Backups: residual copies may remain in encrypted backups for a limited period and then be overwritten in the ordinary course.
  • Security logs: we may retain limited logs for security and fraud prevention for a reasonable period.
  • Legal obligations: we may retain certain records where required by law.

11) Security

We use appropriate technical and organizational measures designed to protect data, including encryption in transit (TLS), access controls, and monitoring. No system is completely secure; we cannot guarantee absolute security.

12) App permissions

The app may request access to:

  • Photos/Files/Camera: to upload and save documents and images
  • Health data (Apple HealthKit / Android health data): if you choose to connect health data sources, to read and display your health information within the app (only with your permission)
  • Notifications (optional): service and account alerts

You can manage permissions in your device settings. Some features may not work without required permissions.

Health data (HealthKit/health data) compliance

If you choose to connect Apple HealthKit / Android Health Data or other health data sources, we use that data only to provide app features (for example, viewing and visualizing your health trends). We do not use HealthKit/health data for advertising or marketing, we do not send HealthKit data to third-party AI providers, we do not sell it, and we do not share it with data brokers or for cross-context behavioural advertising. HealthKit / health data is used only to provide user-requested app features inside MyHealthCloud and is not used to train AI models.

13) Your rights & choices

13.1 EU/EEA/UK (GDPR)

You may have the right to: access, rectify, delete, restrict processing, object, and data portability; withdraw consent; and lodge a complaint with a supervisory authority.

13.2 Singapore (PDPA)

You may request: access and correction; withdrawal of consent (with reasonable notice); and information about how your data has been used or disclosed.

13.3 California (CCPA/CPRA)

You may have rights to: know/access, delete, and correct personal information; opt out of “sale”/“share” (we do not sell/share for cross-context behavioral advertising); limit use of Sensitive Personal Information (health data), where applicable; and non-discrimination for exercising rights.

How to exercise rights: email privacy@myhealthcloud.nu with your account email and request type (e.g., “Delete my account”).

14) Children’s privacy

MyHealthCloud is intended for adults and general consumers. It is not directed to children. If you believe a child has provided data without appropriate consent, contact us at privacy@myhealthcloud.nu.

15) Changes to this policy

We may update this policy. If changes are material, we will provide notice in the app or by other reasonable means. The “Last updated” date will reflect changes.

16) Contact

Support: support@myhealthcloud.nu

Legal / Privacy: privacy@myhealthcloud.nu

Export Data request: data@myhealthcloud.nu