MyHealth — Washington Consumer Health Data Privacy Policy
Required by the Washington My Health My Data Act (MHMDA), RCW chapter 19.373 (RCW 19.373.020 / .030 / .040).
Version (policy_version): 2.1 · Effective: 2026-06-23
This is a standalone Consumer Health Data Privacy Policy. It supplements, and is read together with, our general Privacy Policy and our Subprocessors page. Where this policy and the general Privacy Policy differ for consumer health data covered by the MHMDA, this policy controls for that data.
1. Who this policy is for
This policy applies to "consumer health data" as defined by the Washington My Health My Data Act when it relates to a "consumer" under that Act — that is, a natural person who is a Washington State resident, or a natural person whose consumer health data is collected in Washington — and who is acting in an individual or household capacity (not in an employment context).
Under the MHMDA, consumer health data means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status — including health conditions, diagnoses, treatments, medications, vaccinations, bodily functions, vital signs, symptoms, diagnostic testing, reproductive or sexual health information, and any data that identifies a consumer seeking health care services.
Important position. Because MyHealth is a health application, we treat the fact that a person has a MyHealth account — and the identifiers tied to it (name and email) — as consumer health data when that person is a Washington consumer. This affects how we handle deletion (see Section 8).
This policy does not change rights you may have under our general Privacy Policy or under other laws.
2. Who we are
The entity responsible for the MyHealth app is:
BAS ARTIFICIAL INTELLIGENCE LTDA ("BAS AI", "MyHealth", "we", "us")
Tax ID (CNPJ): 64.106.409/0001-70
Address: Rua Gomes de Carvalho, 911, Vila Olímpia, São Paulo/SP, ZIP 04547-003, Brazil
Website: www.bas-ai.com
Data Protection Officer (Encarregado): Guilherme Bastian.
Privacy contact for consumer health data requests: dpo@bas-ai.com
3. The categories of consumer health data we collect
We collect consumer health data only that you provide or authorize — there is no background or passive collection of health data. Depending on how you use MyHealth, the categories may include:
- Health conditions, diagnoses, and health problems you record or that the AI extracts from documents you upload (and that you confirm before saving).
- Lab and exam results (markers, values, units, reference ranges, trends over time).
- Medications (name, active ingredients, dose, schedule) and vaccinations (vaccine, disease, dose).
- Allergies (allergen and class).
- Measurements and vital signs, including body composition / bioimpedance.
- Symptoms, appointments, procedures/surgeries, and clinical notes you record.
- Family medical history you record.
- Reproductive and menstrual data you record or import — menstrual flow, intermenstrual bleeding, ovulation tests, cervical mucus quality, pregnancy tests, and, if you are female and 40 or older, a self-declared menopause phase (with the option not to answer). We do not import sexual activity records.
- Sleep, daily wearable scores, and device events (e.g., ECG classification, irregular rhythm, fall) imported only from connected sources you authorize (Apple Health, Oura, WHOOP).
- Lifestyle habits you declare (smoking and years of use, alcohol, physical activity, sleep).
- Emergency card information (blood type, allergies, and notes).
- Documents and images you upload (photos, PDFs of exams and records) and the structured data the AI extracts from them.
- AI-generated educational outputs about your record (e.g., conditions, alerts, insights) — produced as supportive, non-diagnostic information with a human in the loop and no significant effect on access to care, credit, or insurance.
- The identifiers linked to your account (name and email) — which, because this is a health app, we treat as consumer health data for Washington consumers (see Section 1).
We do not collect precise geolocation, your phone contacts, or microphone data. We do not use third-party trackers or analytics SDKs that see health data.
4. How we collect consumer health data
- Directly from you, when you type, record, or import data into the app.
- From documents and photos you choose to upload, from which our AI extracts structured records that you confirm before they are saved. The camera and photo gallery are accessed only at the moment you decide to upload (just-in-time permission).
- From sources you connect, with your authorization — Apple Health (HealthKit), Oura, and WHOOP — which act as independent sources you control, not as our vendors.
We collect consumer health data only with your consent for a specified purpose, or as strictly necessary to provide the product or service you have requested (RCW 19.373.030). Our system only performs a given operation when the matching consent is active; this is enforced automatically on our server on every operation. You can turn a purpose off at any time.
5. Why we collect it (purposes) and how it is used
We use consumer health data to:
- Organize and structure your health record — extracting values from documents, building your timeline and trends, and classifying records.
- Provide AI-assisted, educational analysis of your record (supportive reading, alerts, insights) — assistant only, never a medical device, never a diagnosis or prescription, with a human (you) in the loop and no significant decision made about you. The AI does not check drug interactions or contraindications and does not cross-reference your allergies against your medications.
- Power the in-app assistant (chat), which can read your record and, at your request, propose draft records for you to review and save (the AI never saves on its own).
- Send you the notices you turn on (e.g., when an analysis is ready) — notice content is generic and contains no health data.
- Operate billing and prevent abuse — using only metadata of AI usage (function and token count) and usage/quota balance, never the analyzed health content.
- Keep the service secure and working — security, integrity, fraud prevention, and stability diagnostics that contain no health content.
We do not use consumer health data for targeted advertising, and we do not use it to train AI models.
6. The categories of sources from which we collect consumer health data
- The consumer (you) — directly entered, recorded, or uploaded data.
- Documents and images you upload to the app.
- Health and wearable sources you connect and authorize — Apple Health (HealthKit), Oura, and WHOOP.
7. Sharing: categories of consumer health data shared, and with whom
We do not sell consumer health data, and we do not seek any "valid authorization" to sell it (RCW 19.373.070 / .110). We do not share consumer health data for advertising, marketing, or behavioral targeting.
We share consumer health data only with a minimal set of processors ("vendors"), each under a binding data processing agreement that limits them to processing data on our documented instructions (RCW 19.373.060), and only as necessary to provide the service you requested or as you separately consent. We do not have corporate affiliates that receive your consumer health data.
| Processor (third party) | Role / purpose | Categories of consumer health data shared | Location | Key safeguards |
|---|---|---|---|---|
| Supabase (Supabase, Inc.) | Database, authentication, document storage, and server functions that run the app | Pseudonymized clinical data; account identifiers (name, contact email, phone, national document) held encrypted in a separate vault; uploaded documents; account metadata | São Paulo, Brazil (sa-east-1) | DPA in effect (signed 2026-06-18, includes EU Standard Contractual Clauses and safeguards); encryption in transit and at rest; additional authenticated field-level encryption (AES-256 via pgsodium) of vaulted identifiers; row-level isolation; daily backups (14-day retention) |
| Anthropic, PBC (Claude API) | AI analysis of your record, extraction of data from documents, and the chat assistant | Pseudonymized clinical content (values, dates, notes, lifestyle habits, cycle, wearable aggregates) plus your sex, age, country, and year of birth (without day/month) — no direct identifiers and no emergency contacts. For document analysis, the redacted copy of the uploaded image/PDF, handled transiently | United States (international transfer under SCC) | Commercial Terms + Standard Contractual Clauses in effect (2026-06-17); contractual non-training (your data is not used to train or improve models); limited retention (as a rule ~30 days, then deleted); TLS |
| Resend | Sending transactional emails (one-time access codes and account notices) | No health content — only your email address and the email's text | US / global | DPA in effect (2026-06-17); EU-US Data Privacy Framework + SCC; TLS |
On redaction before AI processing. Before clinical content is sent to Anthropic, we replace your direct identifiers with sex, age, country, and year of birth (without day/month), used only to regionalize educational guidance. For uploaded documents, the app attempts an on-device, best-effort redaction (covering) of four of your identifiers — name, national document (CPF), email, and phone — and the redacted copy is the one sent; the original file stays intact in your record. This redaction is best-effort and is not de-identification: it is directed only at your own four identifiers, and when the redaction process runs but finds nothing to cover (for example, because your identity vault is empty), the original may proceed to the AI. We do not represent that identifiers are guaranteed to be removed.
Apple processes your subscription and in-app purchases as merchant of record; no health content is in the payment flow. Apple Health, Oura, and WHOOP are sources you connect, not recipients — they do not receive data from your health record.
8. Your rights as a Washington consumer (RCW 19.373.040)
If you are a Washington consumer, you have the right to:
- Confirm and access — to confirm whether we are collecting, sharing, or selling your consumer health data, and to access that data, including a list of all third parties and affiliates with whom we have shared it and a way to contact them. (We do not sell your data and have no affiliates that receive it; the third parties are the processors listed in Section 7.)
- Delete — to have your consumer health data deleted. When we receive and authenticate a deletion request, we delete your consumer health data from our active systems. Because our processors only hold your data within our own database and storage (Supabase), or transiently before automatic deletion (Anthropic, as a rule ~30 days), or with no health content at all (Resend), removing it from our systems removes it at the processor as well. Residual copies present in routine backups roll off within the backup retention window and are not restored to active use.
- Withdraw consent — to withdraw your consent to the collection and sharing of your consumer health data at any time. You can turn off a processing purpose (for example, "AI Processing") directly in the app; after withdrawal we stop the corresponding processing.
How deletion works in MyHealth. You can delete your account directly in the app, in Profile › Privacy › Delete my account. On confirmation we permanently remove, in cascade, your encrypted identity vault and all clinical data (exams, conditions, medications, vaccines, documents, measurements, history, appointments, AI conversations, sleep, wearable scores, device events, lifestyle habits, medication-intake and check-in logs), your uploaded files, your wearable connection data, and your AI usage/quota metadata — including the data of any dependents you manage — and we close your account. Where you manage a minor, deletion offers you the option to transfer guardianship of that minor to an existing co-guardian (so the minor's record survives with them) instead of deleting it.
For Washington consumers, we treat the identifiers tied to your health account (name and email) as consumer health data and delete them on your request. The only data that may be retained is a minimal tax/accounting record for a consumer who actually completed a purchase, kept encrypted and dissociated from the health-account context and held solely to meet a legal accounting obligation — this is not your consumer health data and is never used to infer your health status. Consumers who never transacted, and minors, have their identity deleted with the rest of the record.
What remains after deletion is limited to: (a) a de-linked, pseudonymized record of consent events (cryptographically dissociated from your identity), kept only to evidence that consent was given and withdrawn; and (b) security/access logs kept for a short period (up to six months) that record metadata of access (time, action, source IP) and never the clinical content — used only for security and fraud detection, never to infer your health status.
9. How to exercise your rights, and how to appeal
To make a request (confirm/access, delete, or withdraw consent), use either:
- In the app — most actions are self-service: review and export your record, delete your account, and turn purposes on or off in Profile › Privacy and Profile › Consents.
- By email — write to dpo@bas-ai.com with the subject "Washington MHMDA request" and tell us which right you wish to exercise.
We take prompt steps to authenticate your request (to protect your data we may ask you to verify your identity or your control of the account). We respond within 45 days of receiving the request; if reasonably necessary, we may extend once by an additional 45 days and will tell you why within the first 45 days.
Authorized agents. You may use an authorized agent to make a request on your behalf; we may require proof of the agent's authority and verification of your identity.
Appeals. If we decline to act on your request, we will tell you why. You may appeal by replying to our decision or writing to dpo@bas-ai.com with the subject "Washington MHMDA appeal." We will respond to the appeal within a reasonable time and explain our decision. If your appeal is denied, you may contact the Washington State Office of the Attorney General (https://www.atg.wa.gov/file-complaint).
10. No sale; no targeted advertising
We do not sell consumer health data and do not seek valid authorization to sell it. We do not use consumer health data for targeted advertising, profiling for advertising, or sharing with data brokers. If this ever changes, we will update this policy and obtain any consent or authorization the law requires before doing so.
11. Geofencing
We do not use geofences around health care facilities, and we do not use precise location to identify or track consumers seeking health services (RCW 19.373.090).
12. Security
We protect consumer health data with encryption in transit and at rest, authenticated field-level encryption (AES-256 via pgsodium) of the identifiers held in a separate vault, strict row-level isolation between accounts, server-side enforcement of consent on every operation, and access controls with security/access logging. No method of transmission or storage is perfectly secure, but we maintain technical and organizational measures appropriate to the sensitivity of health data.
13. Changes to this policy
We will not collect, use, or share categories of consumer health data, or use it for purposes, not described here without first updating this policy and, where required, obtaining your affirmative consent. Material changes will be posted here with a new version and effective date. A link to this policy is published prominently on our homepage.
14. Contact
- Privacy contact (DPO/Encarregado): dpo@bas-ai.com
- Entity: BAS ARTIFICIAL INTELLIGENCE LTDA — www.bas-ai.com — Rua Gomes de Carvalho, 911, Vila Olímpia, São Paulo/SP, ZIP 04547-003, Brazil
- General Privacy Policy: https://www.bas-ai.com/myhealth/legal/privacidade
- Subprocessors page: https://www.bas-ai.com/myhealth/legal/subprocessadores
- Washington Attorney General (complaints): https://www.atg.wa.gov/file-complaint