Medical Disclaimer — MyHealth
Version (policy_version): 2.1 Last updated: June 23, 2026 Effective: as of June 23, 2026. Applies to: MyHealth, an iOS personal health-record app with an educational reading powered by artificial intelligence. Controller / Developer: BAS AI — BAS ARTIFICIAL INTELLIGENCE LTDA, CNPJ 64.106.409/0001-70 — www.bas-ai.com. Privacy contact / Data Protection Officer (DPO): Guilherme Bastian — dpo@bas-ai.com.
Please read this disclaimer carefully before using MyHealth. By using the app, you confirm that you have understood and agree to the limits described here.
1. What MyHealth is
MyHealth is a tool for you to organize, store, and understand your health information in one place. With it you can record and review exams and markers, conditions and body systems, medications (including the daily intake log), allergies, vaccines, appointments, vital signs and body composition (weight, body fat, blood glucose, blood pressure, heart rate), symptoms, complaints, physical activity, a daily wellness check-in, documents and reports, family history, and your care team. If you connect a wearable source (Apple Health/Apple Watch, Oura, or WHOOP), sleep, continuous metrics (resting heart rate, HRV, steps, energy), provider scores, and device events are also included.
MyHealth also offers an educational reading generated by artificial intelligence (AI) about the information you yourself enter, with the goal of helping you better understand your data and prepare to talk with healthcare professionals.
2. What MyHealth is NOT (important limits)
- MyHealth is not a medical device and must not be used as one. It has no health registration as health software (Software as a Medical Device — SaMD) before the regulatory authorities, among which, by way of example, ANVISA (Brazil), the FDA (United States), and the European medical-devices framework (MDR — Medical Device Regulation). The list of these authorities is merely illustrative of the frameworks that could be applicable and does not amount to a categorical claim of exemption in any specific jurisdiction: the regulatory classification depends on the intended use and on local law. MyHealth is intended to organize and provide an educational reading of data you yourself enter, and not to diagnose, treat, cure, mitigate, or prevent diseases.
- MyHealth does not make diagnoses, does not prescribe medications, exams, or treatments, and does not replace a consultation, evaluation, exam, or follow-up by a qualified healthcare professional.
- The AI educational reading is educational and informational. It may contain inaccuracies, be incomplete, or not apply to your specific case. It is not a clinical decision.
- The data and alerts coming from wearables are not a diagnosis: scores (such as Oura readiness or WHOOP recovery) are calculations by the manufacturer itself, displayed as the manufacturer reports them; device events (such as ECG classification, irregular-rhythm notification, or fall detection) are notifications from your device, which must be confirmed with a physician.
- The app's content does not create a doctor-patient relationship between you and BAS AI or any professional.
3. Always confirm with your physician
The information and analyses in MyHealth are meant to support your care, never to replace it. Before starting, stopping, or changing any medication, treatment, diet, exercise, or health practice — and before making any decision based on what you saw in the app — talk with your physician or another qualified healthcare professional. The professional knows your complete history and is the one who can assess your case.
MyHealth may educationally highlight exams or markers that might be worth re-discussing with your physician — for example, a result that came out of the reference range and has not yet been repeated. This highlight is only a reminder for the conversation with the professional: MyHealth does NOT determine when to redo an exam nor define follow-up intervals — when, whether, and how often to repeat an exam is a clinical decision, always your physician's, who knows your case in full.
3.1 Special populations (heightened caution)
Some situations call for extra care, because the AI educational reading is generic and does not account for clinical particularities that only a professional can assess. In these cases, the guidance to always confirm with your physician applies with even greater force:
- Pregnancy and breastfeeding: reference values, medications, and recommendations change during pregnancy and lactation. Do not make any decision about medications, exams, or habits based on the app without speaking with your physician or obstetrician.
- Children and adolescents: when the data belongs to a child or adolescent, it exists only as a minor's profile managed by an adult guardian (see Section 9). The AI reading is not calibrated for pediatrics, and reference ranges vary widely with age and development — every interpretation must go through a pediatrician or qualified professional.
- Older adults: the interpretation of exams and the tolerance to medications and recommendations may differ in older adults; keep close professional follow-up.
- Chronic conditions and polypharmacy (use of multiple medications): in chronic conditions or with many continuously-used medications, there is a greater risk of interactions and of out-of-context readings. Do not adjust treatments on your own based on the app.
4. In case of emergency
MyHealth does not handle emergencies and does not monitor you in real time. If you or another person shows warning signs — such as chest pain, shortness of breath, fainting, heavy bleeding, signs of a stroke, thoughts of self-harm, or any serious situation — seek medical care immediately or call your local emergency service (in Brazil, SAMU 192 or Fire Department 193; outside Brazil, use your country's local emergency number). Do not use the app for this.
If you are in emotional distress or having thoughts of self-harm or suicide, talk to someone now. In Brazil, the CVV — Centro de Valorização da Vida can be reached at 188 (free call, 24 hours a day, every day) and also by chat and email at cvv.org.br. In other countries, you can find a local support line in the international directory findahelpline.com. Emergency numbers and support lines vary by country — in a situation of immediate risk, always call your local emergency service.
5. About artificial intelligence (AI)
The educational reading, the extraction of information from exams, and the assistant chat use an AI model provided by Anthropic (Claude), which acts as a subprocessor under Anthropic's commercial terms, with a Data Processing Agreement (DPA) and Standard Contractual Clauses (SCCs) in force (Section 5.1). This processing involves an international transfer of your data to the United States (Anthropic's infrastructure) — see Section 5.1. You should understand that:
- The AI processes only the content you provide and only if you authorize this purpose (optional consent, which can be revoked at any time).
- To help you understand and prepare for your appointment, the educational reading may explain the meaning and context of your findings — the mechanism, what clinical practice generally investigates, the relationship between several findings (an integrated reading), and the trajectory over time of the data you logged — and may consolidate, in an organized way, diagnoses ALREADY CONFIRMED in your own documents (for example, recording a history of an already-diagnosed serious condition for you to follow up with a specialist). This is organization and education, not a new diagnosis: it does not conclude that you have (or do not have) an undocumented disease, does not make a prognosis (it does not predict the future course of your case), does not compute an individual risk score, and does not start, adjust, or stop medications, tests, or treatments. Diagnosis, prognosis, and therapeutic decisions are acts that belong exclusively to a qualified health professional who knows your case.
- In the health-record analysis, we send the clinical content identifiable only by sex and age (and, when available, by your country — only to regionalize, in an educational way, emergency/vaccination-calendar guidance; never the city or precise location) — without your direct identifiers (name, taxpayer ID, email, and phone, which are kept encrypted in a separate vault and are not sent to the AI). This content may include, in summary, the entire health record and clinical profile you organize in the app: exam markers and trends, measurements and body composition, medications, vaccines, allergies, symptoms, appointments and your notes, documents and reports (title, type, date, and the summary of the findings), family history, physical activity, sleep data and wearable scores (in aggregated summaries, never raw continuous series), events from your device (ECG classification, irregular rhythm, fall), menstrual cycle and reproductive data (including the menopause phase, when you report it), lifestyle habits you report (smoking and years of use, alcohol, activity, and sleep), and the blood type and notes from your emergency card. The menopause phase is self-declared by you, not imported from Apple Health (HealthKit). We do not send the contacts from your emergency card (name, phone, relationship).
- In the chat with the assistant, the context sent may additionally include the conversation history itself and the location and the professional recorded in your appointments — items that do not enter the longitudinal health-record analysis described above.
- In the extraction of a document, before sending, the app performs an automatic redaction on your device: it attempts to cover (redact) your name, taxpayer ID, email, and phone number printed on the report — and you can cover areas manually. The original file remains intact in your health record; the version sent to the AI is the redacted one, when generated. This redaction is best-effort: it may fail on low-quality photos or handwriting, and identifiers written differently from your registration may remain in the document. Free-text notes may contain names — for this reason we recommend not entering identifying data in text fields.
- As for ECG events, we send and store only the classification (sinus rhythm / atrial fibrillation / inconclusive) and the event metadata — never the raw trace (waveform), which remains only on your device and is not sent to the AI.
- Your data is not used to train AI models. Anthropic retains the data for a limited period and then deletes it (as a rule, within 30 days), except for retention required by law or for abuse prevention.
- The AI may make mistakes: it may generate information that is incorrect, outdated, or that appears confident but is not. Treat the result as a starting point for a conversation with your physician, not as definitive truth.
- Web search exists only in the assistant chat, for general clinical knowledge. We instruct the model to use only generic clinical terms, without your values, dates, age, names, or identifiers. This protection is enforced by instruction to the model, not by an infallible technical filter, and the search is performed by Anthropic's infrastructure. The health-record analysis and document-extraction functions do not perform web searches.
- If you have a connected wearable and the AI authorized, the analysis may consider aggregated summaries of your wearable data (sleep, resting heart rate, HRV, steps, energy, and brand-identified scores) — never the device's raw continuous series.
5.1 International data transfer for AI processing
AI processing is performed by Anthropic, with infrastructure in the United States. When you authorize the AI, the content sent is subject to an international transfer of sensitive personal data outside Brazil and the European Economic Area (EEA).
- This transfer occurs only with your specific consent (purpose
intl_transfer, tied to AI Processing), revocable at any time. Without your consent, none of your data is transferred to Anthropic and the AI functions remain unavailable. - The transfer is supported by Standard Contractual Clauses (SCCs) and a Data Processing Agreement (DPA) in force with Anthropic, in addition to the commitment, under Anthropic's commercial terms, that your content is not used to train models and is retained for a limited period (as a rule, within 30 days).
- The storage of your health record remains on infrastructure in Brazil (Supabase, region sa-east-1, in São Paulo); the transfer to the United States occurs only at the moment of processing by the AI.
Legal basis for the transfer: LGPD Art. 33, IX (specific and prominent consent) and Art. 9, II; GDPR Arts. 44-46 and Art. 49(1)(a) (explicit consent), with the transparency of Art. 13(1)(f).
5.2 Organizing medications, supplements, vaccines, and allergies (AI-assisted, educational)
To better organize your record, the AI may break down the medications and supplements you log into their active ingredients (a compounded formula, for example, is split into the ingredients listed on its label) and assign a general category (medication, vitamin/mineral, botanical, protein/amino acid, probiotic, compounded formula, etc.). Likewise, it may identify your vaccines (recognizing the same vaccine under different names, the disease it prevents, and the dose in the series) and normalize your allergens (for instance, recognizing the active substance or class of a substance). This helps relate, for instance, the magnesium in a formula to the magnesium in your blood test, or understand your vaccination history. You should understand that:
- This organization is AI-assisted and educational — a support for talking with your doctor or pharmacist, not a diagnosis, a prescription, or a definitive clinical classification. The AI may misread a name; review and correct it when needed.
- MyHealth extracts only what is written on the label/prescription and does not invent ingredients from a product's brand name.
- MyHealth does NOT perform drug-interaction checking, does not cross-check allergies against medications, and does not assess the risk of combining medications. If the analysis notes that an active ingredient appears in more than one item, that is merely an observation for you to check interactions and total dose with your doctor or pharmacist — never a statement that an interaction, contraindication, or problem exists (or does not).
- Regarding vaccines: the AI may comment, educationally, on the vaccination schedule (for example, that certain vaccines are usually boosted periodically), based on general public-health recommendations — never as an individual order ("get it now"). Always confirm your schedule with your doctor or immunization service.
6. You are responsible for the data you enter
The quality of the organization and of the educational reading depends on what you record. Incorrect, incomplete, or outdated information may lead to equally inaccurate readings. Keep your data correct and up to date, and always bring the original documents (exams, reports, prescriptions) to the healthcare professional.
When you submit exams for analysis, before saving you confirm, in a mandatory step, that you have reviewed the items the AI extracted. This check is your responsibility: the AI may misread names, values, or dates, and the data is only written to your record after your confirmation. Review and correct any information before confirming.
7. Family sharing
Sharing with family members is optional, read-only, and revocable, activated by a mutual code with expiration. The same caveats in this disclaimer apply to anyone who views the shared data: viewing does not replace a medical evaluation.
8. No clinical warranties
BAS AI makes its best efforts to keep the app useful and safe, but, to the maximum extent permitted by the law of the user's country, preserving the rights that local law does not allow to be limited, MyHealth is provided "as is," without any warranty that the analyses are accurate, complete, or suitable for a specific clinical purpose. No information in the app should be interpreted as medical advice.
When the app shows different data side by side — for example, a lab result and your activity in the same period — it merely gathers and displays your own data along the same timeline, descriptively. Seeing two things together does not assert that one explains, causes, or influences the other: association is not causation. Interpretation is up to you and your doctor.
9. Minimum age and minors
Self-registration is for persons 18 years or older (or the age of majority of the country, if higher). The protection of children and adolescents observes the Statute of the Child and Adolescent (Law 8.069/1990), Law 15.211/2025 (Digital ECA), Art. 14 of the LGPD, and Art. 8 of the GDPR (EEA).
- The minor does not have their own account or email: they exist only as a managed profile within the account of an adult guardian, who manages the profile and is responsible for the person's care.
- The profile may have more than one guardian: the primary guardian invites another adult via an invitation code with an expiration date. Each invitee receives a role — guardian (views and edits) or companion (read-only). Every authorization is verified on the server, on each operation.
- The consent relating to the minor is recorded identifying which adult granted it.
- Paid AI features require the guardian role and are charged to the guardian (see Section 10); the usage record remains linked to the minor's profile for auditing.
- Wearable data never follows a minor's profile.
In any country, we adopt the single threshold of 18 years for one's own account. This requirement refers to account ownership and must not be confused with the GDPR's age of autonomous digital consent (Art. 8, between 13 and 16 years depending on the country). Below 18, data processing only occurs through a profile managed by an adult guardian.
Users in the United States (COPPA): MyHealth does not offer accounts to minors nor collect data directly from children. Any minor's data is entered and controlled by a responsible adult, who exercises verifiable parental consent.
10. Subscriptions, service quotas, add-on packs, and payments
The AI functions in MyHealth are paid and consume pages from your quota (as a rule, 1 page of quota per page of an analyzed document). There is a subscription (a periodic quota of pages and prompts) and the purchase of add-on packs of pages/prompts; new users receive an initial courtesy allowance (pages and prompts), granted only once.
- All purchases are processed by Apple (App Store In-App Purchase), which acts as the merchant of record. BAS AI does not receive or store your card data.
- When an AI function is run on a dependent's (minor's) profile, the pages/prompts are debited from the account of the responsible adult who performs the action; the minor has no quota, pack, or payment method of their own.
- When charging is active and your available quota/usage is not sufficient, a document you have already uploaded may be stored, already redacted, awaiting available quota/usage — and it is analyzed automatically as soon as quota or a pack is available, without you having to re-upload it.
- In Brazil, your right of withdrawal is preserved (Art. 49 of the CDC (Brazilian Consumer Protection Code)), within a period of 7 days. Cancellation and refund follow the App Store rules and the applicable consumer legislation; if in doubt, contact us at dpo@bas-ai.com. If Apple denies the withdrawal request, contact us by email at suporte@bas-ai.com — we review each case individually, under the CDC (Art. 49) and the applicable consumer-protection rules.
- During the current testing phase (beta), the AI functions are not being charged: usage of pages/prompts is only metered, with no actual debit from your quota. When charging is activated, this will be announced in advance and the debit will apply only from that moment on.
The complete details on pricing, renewal, cancellation, and refund are in the Terms of Use.
11. Your rights and how to contact us
You may, at any time and directly in the app (under Privacy), exercise your rights as a data subject: access, correct, export (FHIR and PDF), revoke consents, and delete your account (permanent, cascading removal of all clinical data and of the identity vault).
Account deletion also removes the files you uploaded and the data of the dependents (minors) you manage. When a minor has another registered guardian, instead of deleting the child's data we offer to migrate guardianship of the profile to that co-guardian, and the minor's profile continues to exist with them. Only records that the law requires us to retain — for example, tax receipts, when a purchase was made — are kept for the applicable legal period.
For questions, requests, or to exercise rights not available in the interface, contact our Data Protection Officer (DPO) at dpo@bas-ai.com.
Legal basis: LGPD Arts. 18 and 41; GDPR Arts. 12 to 22.
12. Updates to this disclaimer
We may update this Medical Disclaimer. When that happens, we will update the version and the date above and, when the change requires it, we will ask for a new acceptance within the app.
UI Consent Texts (registration and screens)
These texts are short by design, for direct use in the interface. The purposes already existing in the app (clinical_processingandai_processing) are kept with the same technical labels; the others are additions for full coverage of granular consent. Each consent is recorded in a versioned way in the immutable ledger (consent_events), with purpose, legal basis, and policy version.
Privacy / consent screen (registration)
Title: Your privacy Subtitle: You control how your health data is used. You can review and revoke whenever you want.
Granular purposes
| Purpose (technical) | Short UI label | Description (1 line) | Required? | Legal basis |
|---|---|---|---|---|
clinical_processing | Organize and analyze my health record | Required for the app to store and structure your health data and function. | Yes (required) | LGPD Art. 11 (consent — sensitive data) and GDPR Art. 9(2)(a) (explicit consent) |
ai_processing | Use AI for educational reading | Sends your health content, in a minimized way, to an AI that generates an educational reading; we never train models with your data. | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a) (explicit consent) |
wearable_sync_apple_health | Sync with Apple Health | Reads data from Apple Health on your own iPhone (sleep, measurements, steps, heart) into your health record, only with your authorization; never used for marketing, AI training, or third parties. | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a); compliance with Apple Guideline 5.1.3 |
wearable_sync_oura | Connect my Oura ring | Connects your Oura account (login on the Oura site) and brings sleep, metrics, and scores into your health record; revocable — when you disconnect, you choose to keep or delete what was imported. | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a) |
wearable_sync_whoop | Connect my WHOOP | Connects your WHOOP account (login on the WHOOP site) and brings sleep, recovery, strain, and workouts; when you disconnect, all WHOOP data is deleted from the app (provider requirement). | No (optional) | LGPD Art. 11 (consent) and GDPR Art. 9(2)(a) |
intl_transfer | Allow the use of AI outside Brazil | Authorizes the international transfer of the content sent to the AI to the United States (Anthropic), under SCCs/DPA in force; tied to AI Processing and revocable. | No (optional) | LGPD Art. 33, IX (specific and prominent consent) and Art. 9, II; GDPR Art. 49(1)(a) (explicit consent) |
product_analytics | Help improve the app | Reserved purpose — NOT yet active: today the app collects no usage statistics. If introduced, it will be opt-in, with de-identified statistics (no health data), and this table and the Policy will be updated before activation. | No (optional — consent) | LGPD Art. 7, I (consent) and GDPR Art. 6(1)(a) (consent) |
research | Contribute to health research | Allows the use of a pseudonymized version of your data — reduced to sex, age range, and year — for health research of collective interest; revocable. | No (optional) | LGPD Art. 11, II "a" (consent) and GDPR Art. 9(2)(a) (explicit consent) |
Note: family sharing (family_sharing), the international transfer (intl_transfer), and the wearable syncs (wearable_sync_apple_health/wearable_sync_oura/wearable_sync_whoop) are also purposes recorded in the ledger, captured at the moment the user enables the feature (not at initial registration) — wearable consents are recorded on the Integrations screen, before any reading or sync, on the dual basisLGPD_Art11+GDPR_Art9. The purposeapple_health_import, provided in a previous version of this document, has been replaced bywearable_sync_apple_health(the name actually recorded by the app).
Acceptance of Terms and Policy (required)
Acceptance checkbox text: "I have read and accept the Terms of Use and the Privacy Policy." (With tappable links to "Terms of Use" and "Privacy Policy.")
Supporting microcopy (below the checkbox): "To create your account, you must accept the Terms of Use and the Privacy Policy. You also authorize the processing of your health data to organize your health record (LGPD Art. 11 / GDPR Art. 9)."
Button state: the "Finish" / "Create account" button remains disabled until the acceptance checkbox is checked.
RE-ACCEPTANCE banner (when the terms change)
Title: We have updated our terms Body: "Our Terms of Use and Privacy Policy have changed (version 2.1). To keep using MyHealth, please read and accept the new version." Primary button: "Read and accept" Secondary button: "See what changed" Legal note: "Your previous acceptance remains on record. This new acceptance will be kept in a versioned way and does not change the optional choices you have already made."
Revocation and control notices (reused on the Privacy/Profile screens)
- Revoke AI: "You have turned off the AI educational reading. Your data is no longer sent to the AI from now on. The analyses already performed remain in your health record."
- Revoke Apple Health: "Syncing with Apple Health has been turned off. We will not read new data from Apple Health until you authorize it again. You can keep or delete what has already been imported."
- Disconnect Oura: "Your Oura ring has been disconnected and access to your Oura account has been revoked. What do you want to do with the data already imported from Oura?" — buttons: "Keep in health record" / "Delete Oura data".
- Disconnect WHOOP: "When you disconnect WHOOP, all data imported from WHOOP will be deleted from MyHealth — this deletion is required by WHOOP and cannot be undone. Your data remains in your WHOOP account." — button: "Disconnect and delete".
- Control reminder: "You can review, export (FHIR and PDF), correct, revoke consents, and delete your account at any time under Privacy."
Annex — Research-consent screen (pseudonymized data)
Text for the screen presented separately from the required purposes, in the Privacy section. The technical purpose isresearch. It is optional, off by default, and revocable at any time, with no impact whatsoever on the normal use of the app. The consent is recorded in a versioned way in the immutable ledger (consent_events), with purpose, legal basis, and policy version.
Title: Contribute to health research
Subtitle: Optional. You help public-health studies without exposing who you are.
Body: "If you turn on this option, you authorize BAS AI to use a pseudonymized version of your data for the purposes of health research of collective interest. Pseudonymized means that we separate your direct identifiers (name, taxpayer ID, email, phone) — they do not enter the research dataset. What enters is reduced to sex, age range, and year, together with health indicators that are not directly identifying.
This is not the same as irreversible anonymization: because, in our original database, the link between you and your data still exists, the processing remains under the protection of the LGPD and the GDPR, and you can revoke it at any time.
Your research data is never sold, never used for advertising targeted at you, and never used to train AI models."
What we do NOT use for research: your direct identifiers (name, taxpayer ID, email, phone), the contacts from your emergency card, and any raw document (image/PDF) you have uploaded.
Toggle text (off by default): "Allow the use of my pseudonymized data for health research"
Supporting microcopy: "This choice is independent of the others. Turning it on or off does not change anything in how the app works, in the AI reading, or in your usage (pages and prompts)."
Revocation notice (reused on the Privacy screen): "You have turned off the research contribution. Your data no longer feeds new research datasets from now on. Research datasets already generated may not allow your retroactive removal, precisely because they are already pseudonymized and unlinked from you."
Legal basis: LGPD Art. 11, II "a" (consent — sensitive data) and GDPR Art. 9(2)(a) (explicit consent).