*** Need help with diagnosis? First Report Free ***

BloodSight Health Limited

BloodSight Health LimitedBloodSight Health LimitedBloodSight Health Limited

BloodSight Health Limited

BloodSight Health LimitedBloodSight Health LimitedBloodSight Health Limited
  • Home
  • Free report
  • Subscriptions
  • Plans and Value
  • FAQs
  • Blog

Privacy Policy

 

(Last updated: 20th May 2025)

This notice explains how BloodSight Health Ltd (“BloodSight”, “we”, “our”) collects, uses and protects your information when you visit bloodsight.co.uk or use our services.


1. Who we are

  • Company: BloodSight Health Ltd, registered in England & Wales.
     
  • ICO registration:  ZB903748
     
  • Email: hello@bloodsight.co.uk
     

2. What we collect

 

Identity and contact details
We ask for your name, email address and date of birth. These let us create your record, send your insight report and provide customer support.


Health information
You may upload a blood-test screenshot and share a brief medical history, current medication and lifestyle notes. We use this information only to prepare a plain-English insight report and a checklist of questions you can raise with your GP.


Payment details
For subscriptions we see only the last four digits of your card and your billing country. The full card data is processed securely by our payment provider (Stripe). We need these details to charge your subscription and issue receipts.


Technical data
When you visit the site we automatically receive your IP address, browser type and cookie data. This helps us keep the site secure, monitor performance and prevent fraud.

We do not knowingly collect data from anyone under 18.


 

3. Our legal bases for using your data  — plain-text version

  • Preparing your insight report
    We rely on the contract between us (UK GDPR Article 6 (1)(b)) and on your explicit consent to process health data (Article 9 (2)(a)).
     
  • Managing your account and taking payment
    We process your contact and billing details because it is necessary to fulfil our contract with you (Article 6 (1)(b)).
     
  • Service e-mails and feature updates
    We use our legitimate interests to keep you informed about essential service changes, or your express consent if the message is marketing in nature.
     
  • Website analytics and fraud prevention
    Limited technical data (IP address, cookies) is processed under our legitimate interests to secure and improve the service.
     

You may withdraw consent at any time by e-mailing hello@bloodsight.co.uk; this will not affect processing already carried out.


4. How we use your data

  1. You submit your details and blood-test file through our secure form.
     
  2. We remove direct identifiers (e.g., name, email, DOB) and upload only the numerical test values to an external AI analysis provider that highlights patterns.
     
  3. We combine those results with the context you provided to create a non-diagnostic, plain-English report and a “GP Checklist” to help you advocate for faster care.
     
  4. We email the report to you and store a copy for up to 12 months (see §7).
     

BloodSight does not provide medical diagnoses or treatment recommendations.


5. Who we share data with

  •  Stripe – processes your subscription payment; we never see your full card number.
     
  • Google Workspace – encrypted email and cloud storage.
     
  • Form / automation tools (e.g., Jotform, Zapier) – collect your information and deliver your report.
     
  • External AI service – receives only de-identified blood-test numbers (no names or emails). Data is sent over TLS; model-training is disabled.
     

We do not sell or otherwise share your personal data.


6. International transfers

Where suppliers store data outside the UK/EEA, we rely on UK “adequacy” decisions or Standard Contractual Clauses.


7. How long we keep data

  •  Your uploaded medical test and scan result data and reports – kept while your subscription is active and for 24 months after your last report so we can show long-term patterns if you return. You can ask us to delete them sooner.
     
  • Payment and invoicing records – kept for 7 years, as required by HMRC.
     
  • Marketing-consent logs – kept until you withdraw consent.


8. Security measures

  • TLS 1.2+ encryption on all traffic
     
  • AES-256 encryption at rest (Google Drive)
     
  • Role-based access, audit logs, 2FA on every account
     
  • Quarterly security review
     

9. Your rights

You can ask us to access, correct, erase, restrict or transfer your data, or to object to processing. Email hello@bloodsight.co.uk and we’ll respond within one month. You may withdraw consent at any time; this will not affect processing already carried out.


10. Complaints

You may complain to the UK Information Commissioner’s Office (ico.org.uk) or contact us first and we’ll try to resolve the issue promptly.


11. Changes to this policy

We may update this notice from time to time. Material changes will be emailed to registered users and posted on this page.


BloodSight provides insight and guidance only. Always consult a qualified medical professional for diagnosis or treatment.

Copyright © 2025 BloodSight - All Rights Reserved.

  • Home
  • Privacy Policy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept