Privacy Policy

Version 1.1 | Last Updated: January 1, 2026

Introduction

Welcome to myCARI, a health management application provided by MLPipes LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your personal and health information with the utmost care. By using myCARI, you agree to the collection and use of information in accordance with this policy.

Information We Collect

We collect several types of information to provide and improve our Service to you:

Personal Information

When you create an account and use myCARI, we may collect:

Account Information

• Name and email address
• Phone number
• Date of birth
• Profile photo (optional)

Profile Information

• Health goals and preferences
• Emergency contact information
• Healthcare provider details

Authentication Information

• Login credentials (encrypted)
• Authentication tokens
• Biometric authentication preferences (Face ID/Touch ID settings, not biometric data itself)

Health and Medical Information

With your explicit consent, we collect health-related data including:

Data from Apple HealthKit

• Vital signs (heart rate, blood pressure, blood oxygen)
• Activity data (steps, distance, exercise minutes)
• Sleep data
• Nutrition information
• Lab results and clinical records (if shared)

Manually Entered Health Data

• Symptoms and health observations
• Medication information and adherence
• Appointment notes
• Health journal entries

AI-Analyzed Health Information

• Health trend analysis results
• AI-generated health insights
• Risk assessment outputs
• Personalized recommendations

Healthcare Provider FHIR Data

• Electronic health records shared via FHIR integration
• Clinical documents and summaries
• Diagnostic reports
• Care plans from healthcare providers

Care Team Information

When you connect with care team members (healthcare providers, family members, or caregivers), we collect:

• Care team member contact information
• Relationship to you
• Access permissions you grant
• Communication history and shared health data

Device and Usage Information

We automatically collect:

• Device type, model, and operating system
• App version and usage statistics
• Crash reports and performance data
• Feature usage patterns (anonymized)
• Time and frequency of app use

Location Information

With your permission, we may collect:

• Approximate location for emergency services
• Location data for finding nearby healthcare providers
• Geolocation for activity tracking (if enabled)

You can disable location services at any time through your device settings.

How We Use Your Information

We use the information we collect for the following purposes:

Core Services

• Providing personalized health insights and recommendations
• Facilitating communication between you and your care team
• Tracking and displaying your health data trends
• Managing your medications and appointments
• Generating AI-powered health analysis
• Enabling data sharing with authorized healthcare providers

Improve Our Services

• Analyzing usage patterns to enhance features
• Improving AI models for better health insights (using anonymized data)
• Identifying and fixing bugs and technical issues
• Developing new features based on user needs

Safety and Security

• Protecting against unauthorized access
• Detecting and preventing fraud
• Ensuring data integrity
• Complying with legal obligations

Communications

• Sending important service updates and notifications
• Providing customer support
• Responding to your inquiries
• Sending health reminders (with your consent)

Apple HealthKit Data

Data obtained through Apple HealthKit is used solely to provide you with health insights and features within myCARI. We commit to the following regarding HealthKit data:

• No Advertising: HealthKit data will never be used for advertising purposes
• No Selling: We will never sell your HealthKit data to third parties
• No Marketing: HealthKit data will not be used for marketing purposes, even by us
• No Third-Party Sharing: HealthKit data is not shared with third parties except as explicitly authorized by you for care team access or as required by law

HealthKit data remains under your control and can be disconnected at any time through the app settings or iOS Health app settings.

How We Share Your Information

We do not sell your personal or health information. We may share your information only in the following circumstances:

With Your Care Team

When you explicitly authorize sharing, we share relevant health information with:

• Healthcare providers you designate
• Family members or caregivers you invite
• Other care team members you approve

You control what information each care team member can access and can revoke access at any time.

Service Providers

We use trusted third-party services to operate myCARI:

All service providers are bound by strict data protection agreements and are required to handle your data in accordance with this Privacy Policy and applicable laws.

Legal Requirements

We may disclose your information when required by law, including:

• Complying with legal processes or government requests
• Protecting our rights, privacy, safety, or property
• Enforcing our terms of service
• Responding to emergency situations

With Your Consent

We may share your information for other purposes if you provide explicit consent.

Data Storage and Security

Location

Your data is stored on secure servers located in the United States, operated by Google Cloud Platform with HIPAA-compliant configurations.

Security Measures

We implement comprehensive security measures to protect your data:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Role-based access control and multi-factor authentication
• Monitoring: 24/7 security monitoring and intrusion detection
• Auditing: Regular security audits and penetration testing
• Employee Training: Mandatory security and privacy training for all staff
• Incident Response: Documented incident response procedures

Data Retention

We retain your data according to the following guidelines:

• Active Accounts: Data is retained as long as your account is active
• Health Records: Retained for 7 years after last activity to comply with healthcare regulations
• Care Team Messages: Retained for 7 years for continuity of care
• Deleted Accounts: Personal data is deleted within 30 days of account deletion request, subject to legal retention requirements
• Anonymized Data: May be retained indefinitely for research and service improvement

Your Rights and Choices

You have the following rights regarding your personal information:

Access and Portability

You can request a copy of all personal data we hold about you. We will provide this in a commonly used, machine-readable format within 30 days of your request.

Correction

You can update or correct your personal information at any time through the app settings or by contacting us.

Deletion

You can request deletion of your account and associated data. Some data may be retained as required by law or for legitimate business purposes. See our Data Deletion Policy for details.

Consent Withdrawal

You can withdraw consent for specific data processing activities at any time. This may affect the functionality of certain features.

Manage Permissions

Through the app and your device settings, you can:

• Control HealthKit data access
• Manage location permissions
• Configure notification preferences
• Manage care team access permissions
• Enable or disable specific features

Children's Privacy

myCARI is not intended for use by individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@mlpipes.ai.

If we discover that we have collected personal information from a child under 13, we will delete that information as quickly as possible.

International Data Transfers

If you access myCARI from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

By using our Service, you consent to the transfer of your information to the United States. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending you an email notification for significant changes
• Displaying an in-app notification

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information. Note: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us at privacy@mlpipes.ai or use the in-app privacy settings.

HIPAA Compliance

myCARI is designed and operated to comply with the Health Insurance Portability and Accountability Act (HIPAA) requirements:

• Business Associate Agreements: We maintain BAAs with all third-party service providers who handle protected health information (PHI)
• Technical Safeguards: We implement required technical safeguards including encryption, access controls, and audit logging
• Administrative Safeguards: We maintain policies and procedures for workforce training, access management, and security management
• Physical Safeguards: Our infrastructure providers maintain physical security controls for data centers
• Breach Notification: We have procedures in place to notify affected individuals and authorities in case of a data breach as required by HIPAA

For more details, please see our HIPAA Compliance page.

Electronic Signatures and Consent Records

When you provide consent or agree to terms within myCARI, we maintain records of these actions:

• Consent Timestamp: We record the date and time of your consent
• Version Tracking: We track which version of policies or terms you agreed to
• Method of Consent: We record how consent was provided (e.g., in-app acknowledgment, checkbox)
• Consent Scope: We maintain records of what specific permissions were granted

You can request a copy of your consent records at any time by contacting us.

Consent

By using myCARI, you consent to:

• The collection and use of your information as described in this Privacy Policy
• The processing of your health data to provide personalized health insights
• The storage of your data on secure servers in the United States
• Receiving service-related communications from us

For certain types of data processing, we will request your explicit consent separately, including:

• Access to Apple HealthKit data
• Sharing data with specific care team members
• Location data access
• Marketing communications (optional)

You may withdraw your consent at any time through the app settings or by contacting us.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@mlpipes.ai

Mailing Address:
MLPipes LLC
5725 S Valley View Blvd Ste 5 PMB 471045
Las Vegas, Nevada 89118-3122
United States

We will respond to your inquiry within 30 days.