Privacy Policy
TL;DR
Your health data is stored on your Mac.
Your lab results, blood markers, trends, and health history live on your device. Never in a cloud database.
When you use an AI feature like PDF extraction or insights, only the minimum data needed gets sent over a secure connection to our backend, processed by Azure OpenAI, and returned to you. Nothing is stored on the server.
We want to give you useful AI tools for your health data without asking you to hand it over.
Privacy by design
1. Your data lives on your device.
Your lab results, biomarker measurements, trends, health profile, and AI-generated insights are all stored locally on your Mac. Nothing syncs to a cloud service, and we can't access it remotely. If you use macOS FileVault, your entire disk (including Hemo's data) is encrypted at rest.
Your database is tied to your Apple ID. Each account gets its own separate data store. If you sign out or delete the app, your local data goes with it.
2. AI requests are transient — process and forget.
When you use features like PDF extraction or AI insights, here's what happens:
- 1Your Mac prepares the minimum data needed (the PDF you uploaded, or a summary of relevant biomarkers).
- 2That data is sent over HTTPS to our backend proxy.
- 3The backend forwards it to Azure OpenAI for processing.
- 4The AI response comes back to your Mac and is saved locally.
- 5Neither our backend nor Azure keeps your data after the response is delivered. No database, no log of your health information, no training on your data.
We never see your lab results. Our backend is just a pass-through: it checks your request, forwards it, and hands the answer back.
3. We don't have your health data on our servers.
We don't run a database with your lab results, biomarker values, or health information. Our backend handles authentication, usage tracking (how many extractions or insights you've used this month), feedback, and proxying AI requests. That's it.
The only things our backend stores:
- A hashed version of your Apple ID (one-way hash, so we can't reverse it to identify you).
- Your usage counts (e.g., 3 of 10 extractions used this month).
- Activity timestamps: when you registered, last opened the app, and last used extraction or insights. We use these for support and to see how many people are active.
- App version, build number, and OS version (for compatibility).
4. Your data is not for sale.
We will never sell, share, or monetize your personal data or health information.
In fact, we couldn't even if we tried.
5. Authentication is handled by Apple.
Hemo uses Sign in with Apple exclusively. We never see or store your Apple ID password. Apple gives us an anonymous user identifier, which we hash before storing. We don't have access to your email unless you choose to share it (e.g., when submitting feedback).
What we collect
| Data | Where it lives | Purpose |
|---|---|---|
| Lab results, biomarkers, trends, insights | Your Mac only | Core app functionality |
| Health profile (age, sex, conditions) | Your Mac only | Personalizing AI insights |
| Hashed Apple user ID | Our backend | Authentication & usage limits |
| Usage counts (extractions, insights) | Our backend | Enforcing plan limits |
| App version, build number, OS version | Our backend | Compatibility & support |
| Activity timestamps (e.g. registration date, last active date) | Our backend | Support lookups & usage analytics |
| Feedback messages (if you submit one) | Our backend | Product improvement |
| Feedback metadata (app version, build, OS, region, current page) | Our backend | Diagnosing reported issues |
| Email address (only if you provide one with feedback) | Our backend | Responding to your feedback |
AI processing details
Hemo uses Azure OpenAI (Microsoft's AI platform) to power:
- PDF/image extraction, reading lab results from uploaded documents.
- AI insights and action planning, analyzing your biomarker trends, generating health summaries, and suggesting next steps.
All AI requests go through our backend proxy over an encrypted connection (TLS/HTTPS). The data is processed and the result comes back. Azure OpenAI's terms prohibit using customer data to train or improve their models. Your health data is not used for AI training, by us or by Microsoft.
Data deletion
You can delete your account at any time from within the app. This permanently deletes:
- All of your local data on your Mac (lab results, biomarkers, insights, health profile)
- Your backend record (hashed user ID, usage counts, activity timestamps, app/OS version)
After that, your data is gone from our systems. We don't keep backups of user records.
Third-party services
| Service | What it does | What it receives |
|---|---|---|
| Apple (Sign in with Apple) | Authentication | Your Apple ID credentials (handled by Apple, not us) |
| Azure OpenAI (Microsoft) | AI processing | Request data (lab values, PDFs), not retained |
| Vercel | Backend hosting | Hashed user ID, usage counts, proxied AI requests |
| Kit (formerly ConvertKit) | Email list management | Email address you submit on our website |
| Google Analytics | Aggregated website analytics | Page views, browser type, IP-derived region |
None of these services keep your health data.
Website & marketing
This covers tryhemo.com (this website), separate from the Hemo app above.
Email collection
If you join our waitlist or subscribe to updates, we collect the email you provide. It's voluntary, double opt-in. We use it to send product updates and beta invitations. Your email is managed by a third-party email service (see the table above) under a written data processing agreement. We don't sell or share it.
Cookies & analytics
We use analytics cookies to understand how people use this site: page views, browser type, and general region. No personally identifiable information is collected. You can opt out of tracking with the Google Analytics Opt-out Add-on.
Legal basis
We process your email based on your consent (GDPR Art. 6(1)(a)). You can withdraw anytime by unsubscribing. We do not sell or share personal data for cross-context behavioral advertising (CCPA/CPRA).
Data retention
- Emails are kept until you unsubscribe.
- Analytics logs are retained for 14 months, then deleted or aggregated.
International transfers
Website data is stored on servers in the United States. By submitting your email you consent to this transfer.
Do Not Track
Our site currently does not respond to browser Do-Not-Track signals (CalOPPA).
Your rights
Depending on where you live, you can request access to, correction of, deletion of, or export of your personal data. Send requests to hello@tryhemo.com.
Changes
We may update this policy as the app evolves. If we make significant changes, we'll let you know through the app.
Contact
Questions about privacy? Reach us at hello@tryhemo.com.
Last updated: March 2026