Privacy Policy

What data we collect

HealthLab does not collect any personal data on our servers. All lab results, profiles, medical records, medication schedules, drug photos, and other information are stored exclusively on your device in a protected database.

We have no access to your medical data and cannot obtain it. We do not create any user accounts and do not identify users.

Medications, schedules, and reminders

Data about your medications (name, dosage, frequency, course duration, remaining stock, drug photo, intake history) is stored exclusively on your device. This data is never sent to our servers and never leaves your device, except when you explicitly share it via an iOS system dialog (messenger, email, AirDrop, etc.).

Local reminders (push notifications "time to take") are scheduled on-device using the standard iOS notification scheduler. Reminder content is not sent to our servers. The PIN for intake confirmation is stored in the device Keychain and is not accessible to us.

PDF and photo recognition (Google Gemini)

To recognize text from PDF files and lab result photos, HealthLab sends document images to Google Gemini Vision API through a secure proxy server. Images are transmitted to Google, processed, and the response is returned to the app. Images are not stored on our servers.

Google processes images in accordance with the Google Privacy Policy and Gemini API Terms of Service.

Prescription import (Google Gemini)

The paper prescription scanning feature (available with Pro subscription) sends a photographed prescription image to Google Gemini Vision API through the same secure proxy server. Gemini extracts medication names, dosages, frequency, and course duration; the result is returned to the app for your review before creating a schedule.

Before the first transmission of a prescription image, the app shows a separate privacy notice and waits for your explicit confirmation. The prescription image is not stored on our servers and is not reused.

AI summary of results (Google Gemini)

The AI summary feature (available with Pro subscription) sends de-identified biomarker data to Google Gemini API for clinical interpretation. It operates in two modes:

— Single analysis summary — you request an explanation for a specific imported analysis.
— "Explain my radar" — an overview of all profile biomarkers by category with trends.

Only the following is transmitted:

— Numeric biomarker values, units, and reference ranges
— Value dates (for trend analysis)
— Age, sex, and pregnancy status (no name or other personal data)
— Biomarker categories (e.g., "complete blood count")

Lab names, your name, document identifiers, and other metadata are NOT transmitted. The response is returned to the app and cached on-device for 24 hours. No data is stored on our servers.

AI summaries are informational only and do not constitute medical advice. You can disable this feature in the app Settings.

API security (Apple App Attest)

All requests to our proxy server are protected via Apple App Attest — hardware-backed device attestation. App Attest uses the Secure Enclave (a dedicated hardware security module in Apple's chip) to generate a unique key that signs each request. This ensures requests come from a genuine, unmodified HealthLab app on your device.

The attestation key is bound to the device and app, contains no personal data, and does not allow us to identify you.

Sentry — crash reports

The app uses Sentry for anonymous crash report collection. This data helps us identify and fix bugs to improve app quality.

Crash reports do not contain personal data, medical information, medication names, prescription content, or lab results. Only technical information is transmitted: device type, iOS version, call stack at the time of crash, anonymous installation identifier. A filter in the app code removes any traces of medical terms before sending.

Sharing reports

The "Share results" feature generates PDF reports with your data entirely on-device. No data is sent to our servers during report creation.

When you share a report via the iOS system interface (messengers, email, files, etc.), data is transmitted directly to the selected app. We have no access to who you share reports with or how.

Data storage

All lab results, medication records, intake history, drug photos, and settings are stored on your device using SwiftData (Apple technology). Files are protected by iOS file protection.

If you delete the app and do not have iCloud Sync enabled (see next section), all locally stored data will be deleted along with it and cannot be restored.

iCloud Sync (optional)

Starting with version 1.11.0, HealthLab supports synchronizing your medical data between devices via Apple iCloud. This feature is disabled by default and only activates after your explicit consent during onboarding or in Settings.

When sync is enabled, the following data is transmitted from your device to your private Apple iCloud zone under your Apple ID:

— Profiles, lab analyses, test results, medications, intake history
— Original PDF lab files and medication photos — only if you keep the "Sync original files" toggle on in Settings (enabled by default)
— Local preferences: theme, notification settings, free-import counter
— PIN-code hash (via Apple iCloud Keychain — end-to-end encrypted)

Data is stored in Apple infrastructure under your Apple ID. We (healthlab.pro / the app developer) have no access to this data. Access is restricted to your devices signed in to the same Apple ID, and to Apple — as data processor — under the Apple iCloud Terms of Service and Apple Privacy Policy.

To stop syncing, open Settings → iCloud Sync → toggle off. To permanently delete your data from iCloud, choose "Delete my iCloud data" — this is final and removes the data from every device signed in to the same Apple ID.

iOS permissions

The app requests the following permissions only when you intentionally use the relevant feature:

— Camera — when you choose "Take photo" to import a lab result or prescription
— Photos — when you select an image from your library
— Notifications — when you enable medication reminders
— Face ID / Touch ID — if you set up a PIN for intake confirmation

None of the permissions are used in the background without your explicit action.

Changes to this policy

We may update this privacy policy. Significant changes will be communicated via App Store updates. The current version is always available at healthlab.pro/en/privacy-policy/.

Contact

If you have questions about privacy, contact us: kyrylo.holovchenko@gmail.com