← Back to Picardo

Privacy Policy

Last updated: January 2026

1. Introduction

Picardo ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your health information. This Privacy Policy explains how we collect, use, disclosure, and safeguard your information when you use our platform, including our website, dashboard, and AI health assistant services.

By using Picardo, you consent to the data practices described in this policy. We are built with a "Privacy First" architecture, designed to empower you with ownership of your medical data.

2. Information We Collect

We collect information to provide you with a comprehensive medical dashboard:

  • Account Information: Name, email address, date of birth, biological sex, and profile information from connected accounts (e.g., Google).
  • Health Data: Lab test results (PDFs and parsed data), medical imaging reports (MRI), prescription details, supplement intake, health goals, and body metrics (height, weight).
  • Apple Health Data: If you choose to sync with Apple Health, we collect metrics such as activity, sleep, heart rate, and body measurements to visualize your health trends.
  • Communications: Chat history with our AI assistant, feedback, and support inquiries.
  • Technical Data: IP address, browser type, device information, and usage logs to ensure security and improve performance.

3. How We Use Your Information

Your data is used strictly to provide and improve our healthcare services:

  • To organize and visualize your medical history and lab results.
  • To facilitate lab test ordering and result retrieval via our partners (e.g., Labcorp).
  • To provide AI-powered health insights, explanations of complex medical terms, and personalized recommendations.
  • To track your progress toward specific health goals.
  • To communicate with you regarding your account and orders.
  • Aggregated & De-Identified Data: We may create aggregated, de-identified, or anonymized data from your personal information. This data is no longer reasonably linked to you. We may use this data for research, analytics, product improvement, and benchmarking (e.g., "average cholesterol levels by age group").

4. AI & Data Processing

Picardo uses advanced Artificial Intelligence (AI) to parse medical documents and power our health assistant.

How it works: When you upload a PDF or chat with the assistant, specific relevant data is processed by our AI partners (such as Google Vertex AI/Gemini, OpenAI, or Anthropic).

Our Commitments:

  • We do not allow our AI partners to use your health data to train their general public models.
  • Data sent to AI models is encrypted in transit and is only used to generate the specific response or analysis you requested.

5. Data Sharing & Third Parties

We do not sell your personal data. We disclose data only as necessary to provide our services:

  • Lab Providers: When you order a test, necessary patient information is shared with the lab provider (e.g., Labcorp) to fulfill the order.
  • Service Providers: We use trusted third-party vendors for infrastructure (Google Cloud Platform), payments (Stripe), and transactional emails (Resend). These vendors are bound by strict confidentiality and data protection agreements.
  • Business Transfers: If Picardo is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred or sold as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
  • Legal Requirements: We may disclose information if required by law, such as to comply with a subpoena or regulatory requirement.

6. HIPAA & Security

While Picardo empowers you to manage your own Personal Health Record (PHR), we treat your data with the same level of security required of healthcare providers under HIPAA (Health Insurance Portability and Accountability Act).

  • Encryption: Data is encrypted at rest (in our database and storage) and in transit (via SSL/TLS).
  • Access Controls: Strict role-based access controls ensure only authorized personnel or systems can access data.
  • Audit Logging: We maintain logs of system access and data operations for security monitoring.

7. Apple HealthKit Disclosure

To provide a comprehensive view of your health, Picardo integrates with Apple HealthKit. Regarding this data:

  • We will not use your HealthKit data for advertising, marketing, or data mining purposes.
  • We will not sell your HealthKit data to third parties.
  • Your HealthKit data is used solely to populate your health dashboard charts and provide you with health insights.

8. Your Rights

You have full control over your data:

  • Access & Export: You can view your data at any time and request an export of your records.
  • Correction: You can update your profile and health information via the Settings page.
  • Deletion: You may request the deletion of your account and all associated data. We will permanently remove your personal information from our systems, except where retention is required by law (e.g., medical record retention laws for lab orders).
  • State Privacy Rights: Depending on your location, you may have additional rights under laws such as the California Consumer Privacy Act (CCPA) or Washington My Health My Data Act. These may include rights to opt-out of certain data sharing or request specific disclosures about data collection practices.

9. Children's Privacy

Picardo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact our Privacy Officer at privacy@picardo.health .