Our Commitments
Three promises we'll never break
Encrypted at Rest & In Transit
Your personal information is encrypted using AES-256-GCM before it ever touches the database. Data in transit is protected by HTTPS/TLS. Even we can't read your encrypted fields without the application key.
You Own Your Data
Export everything as CSV with one click. Delete all your data permanently, instantly — no approval process, no waiting period, no hoops to jump through. Your data belongs to you, period.
Never Sold or Shared
We don't run ads. We don't sell your data. We don't share it with third parties for marketing. Your blood test results, DNA data, and health records are never monetised. Full stop.
Transparency
What we collect
We only store what's necessary to give you a useful health dashboard. Here's the complete list — no hidden data collection happening in the background.
Account information
Email address and a securely hashed password. We never store your password in plain text.
Profile information
Name and date of birth, encrypted with AES-256-GCM at the application level before storage. Gender for personalised reference ranges.
Blood test results
Biomarker values, reference ranges, test dates, and lab information extracted from your uploaded files.
Health tracking data
Symptoms diary, medications, daily metrics (blood pressure, heart rate, weight, sleep), and eye prescriptions — only what you choose to log.
DNA data
If you upload raw genetic data (from services like Ancestry or 23andMe), we store and analyse your SNP variants. This is entirely optional.
AI doctor conversations
Chat history with Dr. Hemsworth / Dr. Hearty is stored so you can revisit past conversations and we can provide contextual follow-ups.
What we don't collect
In short: We store the health data you explicitly give us, and nothing else. No invisible trackers, no background data collection, no surprises.
Technical Safeguards
How we protect it
Security isn't a feature we bolted on afterwards. It's built into every layer of the application.
Application-Level Encryption
Personally identifiable information — your name, date of birth — is encrypted with AES-256-GCM at the application level before it reaches the database. Even a database breach wouldn't expose your identity.
HTTPS Everywhere
Every connection to CheckMyBloods is encrypted with TLS. Your data is protected from the moment it leaves your browser to the moment it arrives at our servers. No exceptions.
Bcrypt Password Hashing
Passwords are hashed with bcrypt — a deliberately slow algorithm designed to make brute-force attacks impractical. We never store or have access to your actual password.
Prepared SQL Statements
Every database query uses parameterised prepared statements. User input is never concatenated into SQL — eliminating the most common class of web application vulnerabilities.
Secure Sessions
Session tokens are cryptographically generated and expire automatically. Inactive sessions time out to prevent unauthorised access if you forget to log out on a shared device.
Passkey / WebAuthn Support
Log in with your fingerprint, face, or security key instead of a password. WebAuthn is the most phishing-resistant authentication method available today.
Data Ownership
Your data, your controls
Unlike many platforms, you don't need to email us, submit a request form, or wait for approval. Every action is instant and in your hands.
Export All Data
Download everything — blood tests, biomarker values, health metrics, medications — as CSV files. Instantly. No waiting, no request forms. Take your data anywhere.
Delete All Data
One click permanently deletes all your health data — blood tests, DNA results, documents, chat history, everything. It's irreversible and immediate. No approval needed.
Delete Account
Removes your entire account plus all associated data. Your email, profile, health records, uploaded files — everything is permanently erased from our systems.
No gatekeeping
Many platforms make you email their support team, fill out a request, and wait days or weeks to get your own data. We think that's wrong. Your data is yours — you should be able to export it or delete it whenever you want, instantly, without asking anyone's permission.
AI & Third Parties
How AI analysis works
Our AI doctor feature uses Anthropic's Claude API to analyse your blood test results and provide personalised health insights. Here's exactly what that means for your data:
Your data is sent to the API for analysis
When you ask our AI doctor a question, your relevant blood test data and conversation history are sent to Anthropic's Claude API to generate a response.
Anthropic does not train on API data
Anthropic's API usage policy explicitly states that data sent through the API is not used to train their models. Your health information doesn't become part of any AI training dataset.
No other third parties receive your data
Anthropic's Claude API is the only external service that processes your data. We don't use analytics services, advertising networks, or any other third-party tools that access your health information.
Data Flow Summary
Your browser → Our server (HTTPS encrypted)
Our server → Encrypted database storage
AI analysis → Anthropic Claude API only
Advertisers → Never
Data brokers → Never
Insurance companies → Never
GDPR Compliance
Your rights under data protection law
We process your data on the lawful bases of consent (you choose to create an account and upload your data) and legitimate interest (providing and improving the service you've signed up for).
Right to Access
View and export all data we hold about you, anytime.
Right to Rectification
Correct any inaccurate data directly through your profile.
Right to Erasure
Delete all your data permanently with one click.
Right to Portability
Export your data in standard CSV format to use elsewhere.
Data protection enquiries
For any data protection requests or questions, contact us at [email protected]. We aim to respond within 72 hours.
This page was last updated in March 2026. If we make significant changes to how we handle your data, we'll notify you via email.
Ready to take control of your health data?
Join thousands of people who trust CheckMyBloods to securely store, track, and understand their health information.