Medical Disclaimer — MyHealth
Version (policy_version): 1.9 Last updated: June 21, 2026 Effective: as of the date of publication on the App Store. Applies to: MyHealth, an iOS personal health-record app with an educational reading powered by artificial intelligence. Controller / Developer: BAS AI — BAS ARTIFICIAL INTELLIGENCE LTDA, CNPJ 64.106.409/0001-70 — www.bas-ai.com. Privacy contact / Data Protection Officer (DPO): privacy@bas-ai.com.
Please read this disclaimer carefully before using MyHealth. By using the app, you confirm that you have understood and agree to the limits described here.
1. What MyHealth is
MyHealth is a tool for you to organize, store, and understand your health information in one place. With it you can record and review exams and markers, conditions and body systems, medications (including the daily intake log), allergies, vaccines, appointments, vital signs and body composition (weight, body fat, blood glucose, blood pressure, heart rate), symptoms, complaints, physical activity, a daily wellness check-in, documents and reports, family history, and your care team. If you connect a wearable source (Apple Health/Apple Watch, Oura, or WHOOP), sleep, continuous metrics (resting heart rate, HRV, steps, energy), provider scores, and device events are also included.
MyHealth also offers an educational reading generated by artificial intelligence (AI) about the information you yourself enter, with the goal of helping you better understand your data and prepare to talk with healthcare professionals.
2. What MyHealth is NOT (important limits)
- MyHealth is not a medical device and must not be used as one. It has no regulatory health registration as health software (Software as a Medical Device — SaMD) before regulatory authorities such as, by way of example, ANVISA (Brazil), the FDA (United States), and the European medical-device framework (MDR — Medical Device Regulation). This list of authorities is merely illustrative of the frameworks that could be applicable and does not amount to asserting a categorical exemption in any specific jurisdiction: the regulatory classification depends on the intended use and on local law. MyHealth is intended to organize and provide an educational reading of data you enter yourself, and not to diagnose, treat, cure, mitigate, or prevent diseases.
- MyHealth does not make diagnoses, does not prescribe medications, exams, or treatments, and does not replace a consultation, evaluation, exam, or follow-up by a qualified healthcare professional.
- The AI educational reading is educational and informational. It may contain inaccuracies, be incomplete, or not apply to your specific case. It is not a clinical decision.
- The data and alerts coming from wearables are not a diagnosis: scores (such as Oura readiness or WHOOP recovery) are calculations by the manufacturer itself, displayed as the manufacturer reports them; device events (such as ECG classification, irregular-rhythm notification, or fall detection) are notifications from your device, which must be confirmed with a physician.
- The app's content does not create a doctor-patient relationship between you and BAS AI or any professional.
3. Always confirm with your physician
The information and analyses in MyHealth are meant to support your care, never to replace it. Before starting, stopping, or changing any medication, treatment, diet, exercise, or health practice — and before making any decision based on what you saw in the app — talk with your physician or another qualified healthcare professional. The professional knows your complete history and is the one who can assess your case.
MyHealth may educationally highlight exams or markers that might be worth re-discussing with your physician — for example, a result that came out of the reference range and has not yet been repeated. This highlight is only a reminder for the conversation with the professional: MyHealth does NOT determine when to redo an exam nor define follow-up intervals — when, whether, and how often to repeat an exam is a clinical decision, always your physician's, who knows your case in full.
3.1 Special populations (reinforced caution)
Some situations call for extra care, because the educational AI reading is generic and does not account for clinical particularities that only a professional can assess. In these cases, the guidance to always confirm with your physician applies with even greater force:
- Pregnancy and breastfeeding: reference values, medications, and clinical conduct change during pregnancy and lactation. Do not make any decision about medications, exams, or habits based on the app without talking to your physician or obstetrician.
- Children and adolescents: when the data belongs to a child or adolescent, it exists only as a minor's profile managed by an adult guardian (see Section 9). The AI reading is not calibrated for pediatrics, and reference ranges vary widely with age and development — any interpretation must go through a pediatrician or qualified professional.
- Older adults: the interpretation of exams and tolerance to medications and clinical conduct may differ in older adults; keep close professional follow-up.
- Chronic conditions and polypharmacy (use of several medications): in chronic conditions or with many continuous-use medications, there is a higher risk of interactions and of readings taken out of context. Do not adjust treatments on your own based on the app.
4. In case of emergency
MyHealth does not handle emergencies and does not monitor you in real time. If you or another person shows warning signs — such as chest pain, shortness of breath, fainting, heavy bleeding, signs of a stroke, thoughts of self-harm, or any serious situation — seek medical care immediately or call your local emergency service (in Brazil, SAMU 192 or Fire Department 193; outside Brazil, use your country's local emergency number). Do not use the app for this.
If you are in emotional distress or having thoughts of self-harm or suicide, talk to someone now. In Brazil, the CVV — Centro de Valorização da Vida answers at 188 (free, 24/7) and via chat/email at cvv.org.br. In other countries, find a local helpline at findahelpline.com. Emergency numbers and helplines vary by country — in a situation of immediate risk, always call your local emergency service.
5. About artificial intelligence (AI)
The educational reading, the extraction of information from exams, and the assistant chat use AI models provided by Anthropic, which acts as a processor/subprocessor under Anthropic's commercial terms, which automatically incorporate Anthropic's Data Processing Agreement (DPA) and Standard Contractual Clauses (SCCs) (Section 5.1). This processing involves an international transfer of your data to the United States (Anthropic's infrastructure) — see Section 5.1. You should understand that:
- The AI processes only the content you provide and only if you authorize this purpose (optional consent, which can be revoked at any time).
- To help you understand and prepare for your appointment, the educational reading may explain the meaning and context of your findings — the mechanism, what clinical practice generally investigates, the relationship between several findings (an integrated reading), and the trajectory over time of the data you logged — and may consolidate, in an organized way, diagnoses ALREADY CONFIRMED in your own documents (for example, recording a history of an already-diagnosed serious condition for you to follow up with a specialist). This is organization and education, not a new diagnosis: it does not conclude that you have (or do not have) an undocumented disease, does not make a prognosis (it does not predict the future course of your case), does not compute an individual risk score, and does not start, adjust, or stop medications, tests, or treatments. Diagnosis, prognosis, and therapeutic decisions are acts that belong exclusively to a qualified health professional who knows your case.
- In the health-record analysis, we send the clinical content identifiable only by sex and age (and, when available, by your country — only to regionalize, in an educational way, emergency/vaccination-calendar guidance; never the city or precise location) — without your direct identifiers (name, taxpayer ID, email, and phone, which are kept encrypted in a separate vault and are not sent to the AI). This content may include, in summary, the entire health record and clinical profile you organize in the app: exam markers and trends, measurements and body composition, medications, vaccines, allergies, symptoms, appointments and your notes, documents and reports (title, type, date, and the summary of the findings), family history, physical activity, sleep data and wearable scores (in aggregated summaries, never raw continuous series), events from your device (ECG classification, irregular rhythm, fall), menstrual cycle and reproductive data (including the menopause phase, when you report it), lifestyle habits you report (smoking and years of use, alcohol, activity, and sleep), and the blood type and notes from your emergency card. The menopause phase is self-declared by you, not imported from Apple Health (HealthKit). We do not send the contacts from your emergency card (name, phone, relationship).
- In the chat with the assistant, the context sent may additionally include the conversation history itself and the location and the professional recorded in your appointments — items that do not enter the longitudinal health-record analysis described above.
- In the extraction of a document, before sending, the app performs an automatic redaction on your device: it attempts to cover (redact) your name, taxpayer ID, email, and phone number printed on the report — and you can cover areas manually. The original file remains intact in your health record; the version sent to the AI is the redacted one, when generated. This redaction is best-effort: it may fail on low-quality photos or handwriting, and identifiers written differently from your registration may remain in the document. Free-text notes may contain names — for this reason we recommend not entering identifying data in text fields.
- As for ECG events, we send and store only the classification (sinus rhythm / atrial fibrillation / inconclusive) and the event metadata — never the raw trace (waveform), which remains only on your device and is not sent to the AI.
- Your data is not used to train AI models. Anthropic retains the data for a limited period and then deletes it (as a rule, within 30 days), except for retention required by law or for abuse prevention.
- The AI may make mistakes: it may generate information that is incorrect, outdated, or that appears confident but is not. Treat the result as a starting point for a conversation with your physician, not as definitive truth.
- Web search exists only in the assistant chat, for general clinical knowledge. We instruct the model to use only generic clinical terms, without your values, dates, age, names, or identifiers. This protection is enforced by instruction to the model, not by an infallible technical filter, and the search is performed by Anthropic's infrastructure. The health-record analysis and document-extraction functions do not perform web searches.
- If you have a connected wearable and the AI authorized, the analysis may consider aggregated summaries of your wearable data (sleep, resting heart rate, HRV, steps, energy, and brand-identified scores) — never the device's raw continuous series.
5.2 Organizing medications, supplements, vaccines, and allergies (AI-assisted, educational)
To better organize your record, the AI may break down the medications and supplements you log into their active ingredients (a compounded formula, for example, is split into the ingredients listed on its label) and assign a general category (medication, vitamin/mineral, botanical, protein/amino acid, probiotic, compounded formula, etc.). Likewise, it may identify your vaccines (recognizing the same vaccine under different names, the disease it prevents, and the dose in the series) and normalize your allergens (for instance, recognizing the active substance or class of a substance). This helps relate, for instance, the magnesium in a formula to the magnesium in your blood test, or understand your vaccination history. You should understand that:
- This organization is AI-assisted and educational — a support for talking with your doctor or pharmacist, not a diagnosis, a prescription, or a definitive clinical classification. The AI may misread a name; review and correct it when needed.
- MyHealth extracts only what is written on the label/prescription and does not invent ingredients from a product's brand name.
- MyHealth does NOT perform drug-interaction checking, does not cross-check allergies against medications, and does not assess the risk of combining medications. If the analysis notes that an active ingredient appears in more than one item, that is merely an observation for you to check interactions and total dose with your doctor or pharmacist — never a statement that an interaction, contraindication, or problem exists (or does not).
- Regarding vaccines: the AI may comment, educationally, on the vaccination schedule (for example, that certain vaccines are usually boosted periodically), based on general public-health recommendations — never as an individual order ("get it now"). Always confirm your schedule with your doctor or immunization service.
5.1 International data transfer for AI processing
AI processing is performed by Anthropic, with infrastructure in the United States. When you authorize the AI, the content sent is subject to an international transfer of sensitive personal data outside Brazil and the European Economic Area (EEA).
- This transfer occurs only with your specific consent (purpose
intl_transfer, tied to AI Processing), revocable at any time. Without your consent, none of your data is transferred to Anthropic and the AI functions remain unavailable. - The transfer is supported by Anthropic's standard contractual clauses (SCCs) (Modules 2 and 3) and by Anthropic's Data Processing Agreement (DPA), which take effect automatically when we accept Anthropic's commercial terms (with no separate signature) and incorporate, as applicable, the UK IDTA and the Swiss addendum — text at anthropic.com/legal/data-processing-addendum. Under Anthropic's commercial terms, your content is not used to train models and is retained for a limited period (as a rule, within 30 days).
- The storage of your health record remains on infrastructure in Brazil (Supabase); the transfer to the United States occurs only at the moment of processing by the AI.
Legal basis for the transfer: LGPD Art. 33, IX (specific and prominent consent) and Art. 9, II; GDPR Arts. 44-46 and Art. 49(1)(a) (explicit consent), with the transparency of Art. 13(1)(f).
6. You are responsible for the data you enter
The quality of the organization and of the educational reading depends on what you record. Incorrect, incomplete, or outdated information may lead to equally inaccurate readings. Keep your data correct and up to date, and always bring the original documents (exams, reports, prescriptions) to the healthcare professional.
When you submit exams for analysis, before saving you confirm, in a mandatory step, that you have reviewed the items the AI extracted. This check is your responsibility: the AI may misread names, values, or dates, and the data is only written to your record after your confirmation. Review and correct any information before confirming.
7. Family sharing
Sharing with family members is optional, read-only, and revocable, activated by a mutual code with expiration. The same caveats in this disclaimer apply to anyone who views the shared data: viewing does not replace a medical evaluation.
8. No clinical warranties
BAS AI makes its best efforts to keep the app useful and safe, but, to the maximum extent permitted by the law of the user's country, preserving the rights that local law does not allow to be limited, MyHealth is provided "as is," without any warranty that the analyses are accurate, complete, or suitable for a specific clinical purpose. No information in the app should be interpreted as medical advice.
9. Minimum age and minors
Self-registration is for persons 18 years or older (or the age of majority of the country, if higher). The protection of children and adolescents observes the Statute of the Child and Adolescent (Law 8.069/1990), Law 15.211/2025 (Digital ECA), Art. 14 of the LGPD, and Art. 8 of the GDPR (EEA).
- The minor does not have their own account or email: they exist only as a managed profile within the account of an adult guardian, who manages the profile and is responsible for the person's care.
- The profile may have more than one guardian: the primary guardian invites another adult via an invitation code with an expiration date. Each invitee receives a role — guardian (views and edits) or companion (read-only). Every authorization is verified on the server, on each operation.
- The consent relating to the minor is recorded identifying which adult granted it.
- Paid AI features require the guardian role and are charged to the guardian (see Section 10); the usage record remains linked to the minor's profile for auditing.
- Wearable data never follows a minor's profile.
In any country, we adopt the single threshold of 18 years for one's own account. This requirement refers to account ownership and must not be confused with the GDPR's age of autonomous digital consent (Art. 8, between 13 and 16 years depending on the country). Below 18, data processing only occurs through a profile managed by an adult guardian.
Users in the United States (COPPA): MyHealth does not offer accounts to minors nor collect data directly from children. Any minor's data is entered and controlled by a responsible adult, who exercises verifiable parental consent.
10. Subscriptions, service quotas, and payments
The AI functions in MyHealth are paid and consume your usage quota, measured in analyzed pages and AI Chat prompts. There is a subscription (which renews the quota each cycle) and add-on packs that add pages/prompts and do not expire; new users receive an initial free courtesy of pages and prompts, granted only once (valid for 90 days). The usage units have no monetary value, are not convertible to cash, and are not transferable.
- All purchases are processed by Apple (App Store In-App Purchase), which acts as the merchant of record. BAS AI does not receive or store your card data.
- When an AI function is run on a dependent's (minor's) profile, the pages/prompts are debited from the account of the responsible adult who performs the action; the minor has no quota, pack, or payment means of their own.
- In Brazil, your right of withdrawal is preserved (Art. 49 of the CDC (Brazilian Consumer Protection Code)), within a period of 7 days. Cancellation and refund follow the App Store rules and the applicable consumer legislation; if in doubt, contact us at privacy@bas-ai.com. If Apple denies the withdrawal request, contact us by email at suporte@bas-ai.com — we review each case individually, under the CDC (Art. 49) and the applicable consumer-protection rules.
- During the current testing phase (beta), the AI functions are not being charged: consumption of pages/prompts is only metered, with no actual debit. When charging is activated, this will be announced in advance and the debit will apply only from that moment on.
The complete details on pricing, renewal, cancellation, and refund are in the Terms of Use.
11. Your rights and how to contact us
You may, at any time and directly in the app (under Privacy), exercise your rights as a data subject: access, correct, export (FHIR and PDF), revoke consents, and delete your account (permanent, cascading removal of all clinical data and of the identity vault).
For questions, requests, or to exercise rights not available in the interface, contact our Data Protection Officer (DPO) at privacy@bas-ai.com.
Legal basis: LGPD Arts. 18 and 41; GDPR Arts. 12 to 22.
12. Updates to this disclaimer
We may update this Medical Disclaimer. When that happens, we will update the version and the date above and, when the change requires it, we will ask for a new acceptance within the app.
UI Consent Texts (registration and screens)
These texts are short by design, for direct use in the interface. The purposes already existing in the app (clinical_processingandai_processing) are kept with the same technical labels; the others are additions for full coverage of granular consent. Each consent is recorded in a versioned way in the immutable ledger (consent_events), with purpose, legal basis, and policy version.
Privacy / consent screen (registration)
Title: Your privacy Subtitle: You control how your health data is used. You can review and revoke whenever you want.
Granular purposes
| Purpose (technical) | Short UI label | Description (1 line) | Required? | Legal basis |
|---|---|---|---|---|
clinical_processing | Organize and analyze my health record | Required for the app to store and structure your health data and function. | Yes (required) | LGPD Art. 11 (consent — sensitive data) and GDPR Art. 9(2)(a) (explicit consent) |
ai_processing | Use AI for educational reading | Sends your health content, in a minimized way, to an AI that generates an educational reading; we never train models with your data. | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a) (explicit consent) |
wearable_sync_apple_health | Sync with Apple Health | Reads data from Apple Health on your own iPhone (sleep, measurements, steps, heart) into your health record, only with your authorization; never used for marketing, AI training, or third parties. | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a); compliance with Apple Guideline 5.1.3 |
wearable_sync_oura | Connect my Oura ring | Connects your Oura account (login on the Oura site) and brings sleep, metrics, and scores into your health record; revocable — when you disconnect, you choose to keep or delete what was imported. | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a) |
wearable_sync_whoop | Connect my WHOOP | Connects your WHOOP account (login on the WHOOP site) and brings sleep, recovery, strain, and workouts; when you disconnect, all WHOOP data is deleted from the app (provider requirement). | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a) |
intl_transfer | Allow the use of AI outside Brazil | Authorizes the international transfer of the content sent to the AI to the United States (Anthropic), supported by Anthropic's SCCs/DPA already in effect; tied to AI Processing and revocable. | No (optional) | LGPD Art. 33, IX (specific and prominent consent) and Art. 9, II; GDPR Art. 49(1)(a) (explicit consent) |
product_analytics | Help improve the app | Reserved purpose — NOT yet active: today the app collects no usage statistics. If introduced, it will be opt-in, with de-identified statistics (no health data), and this table and the Policy will be updated before activation. | No (optional — consent) | LGPD Art. 7, I (consent) and GDPR Art. 6(1)(a) (consent) |
Note: family sharing (family_sharing), the international transfer (intl_transfer), and the wearable syncs (wearable_sync_apple_health/wearable_sync_oura/wearable_sync_whoop) are also purposes recorded in the ledger, captured at the moment the user enables the feature (not at initial registration) — wearable consents are recorded on the Integrations screen, before any reading or sync, on the dual basisLGPD_Art11+GDPR_Art9. The purposeapple_health_import, provided in a previous version of this document, has been replaced bywearable_sync_apple_health(the name actually recorded by the app).
Acceptance of Terms and Policy (required)
Acceptance checkbox text: "I have read and accept the Terms of Use and the Privacy Policy." (With tappable links to "Terms of Use" and "Privacy Policy.")
Supporting microcopy (below the checkbox): "To create your account, you must accept the Terms of Use and the Privacy Policy. You also authorize the processing of your health data to organize your health record (LGPD Art. 11 / GDPR Art. 9)."
Button state: the "Finish" / "Create account" button remains disabled until the acceptance checkbox is checked.
RE-ACCEPTANCE banner (when the terms change)
Title: We have updated our terms Body: "Our Terms of Use and Privacy Policy have changed (version 1.9). To keep using MyHealth, please read and accept the new version." Primary button: "Read and accept" Secondary button: "See what changed" Legal note: "Your previous acceptance remains on record. This new acceptance will be kept in a versioned way and does not change the optional choices you have already made."
Revocation and control notices (reused on the Privacy/Profile screens)
- Revoke AI: "You have turned off the AI educational reading. Your data is no longer sent to the AI from now on. The analyses already performed remain in your health record."
- Revoke Apple Health: "Syncing with Apple Health has been turned off. We will not read new data from Apple Health until you authorize it again. You can keep or delete what has already been imported."
- Disconnect Oura: "Your Oura ring has been disconnected and access to your Oura account has been revoked. What do you want to do with the data already imported from Oura?" — buttons: "Keep in health record" / "Delete Oura data".
- Disconnect WHOOP: "When you disconnect WHOOP, all data imported from WHOOP will be deleted from MyHealth — this deletion is required by WHOOP and cannot be undone. Your data remains in your WHOOP account." — button: "Disconnect and delete".
- Control reminder: "You can review, export (FHIR and PDF), correct, revoke consents, and delete your account at any time under Privacy."
Annex — Research consent screen (pseudonymized data)
Text of the screen shown separately from the mandatory purposes, in the Privacy section. The technical purpose isresearch. It is optional, off by default, and revocable at any time, with no impact on normal use of the app. Consent is recorded in a versioned way in the immutable ledger (consent_events), with purpose, legal basis, and policy version.
Title: Contribute to health research
Subtitle: Optional. You help public-health studies without revealing who you are.
Body: "If you turn this option on, you authorize BAS AI to use a pseudonymized version of your data for health research of collective interest. Pseudonymized means we separate your direct identifiers (name, tax ID, email, phone) — they do not enter the research set. What enters is reduced to sex, age range, and year, together with health indicators that are not directly identifying.
This is not the same as irreversible anonymization: because our original database still holds the link between you and your data, the processing remains protected by the LGPD and the GDPR, and you can revoke it at any time.
Your research data is never sold, never used for advertising targeted at you, and never used to train AI models."
What we do NOT use for research: your direct identifiers (name, tax ID, email, phone), your emergency-card contacts, and any raw document (image/PDF) you have uploaded.
Toggle text (off by default): "Allow the use of my pseudonymized data for health research"
Supporting microcopy: "This choice is independent of the others. Turning it on or off changes nothing in how the app works, in the AI reading, or in your usage quota (pages/prompts)."
Revocation notice (reused on the Privacy screen): "You have turned off the research contribution. Your data stops feeding new research sets from now on. Research sets already generated may not allow your retroactive removal, precisely because they are already pseudonymized and unlinked from you."
Legal basis: LGPD Art. 11, II "a" (consent — sensitive data) and GDPR Art. 9(2)(a) (explicit consent).