Política de privacidad
Versión 2026-06-17-v1 · Vigente desde el 17 de junio de 2026
1. What This Policy Covers
This Privacy Policy describes how bloodless.org ("we", "us", "the Service") collects, uses, stores, and protects your information when you use our blood-related medical directive preparation tool.
2. Information We Collect
2a. Information We Cannot Read (Encrypted)
The following information is encrypted in your browser using AES-256-GCM encryption before transmission. We store it as an opaque encrypted blob. We cannot decrypt, read, search, or index this data:
- Your name, date of birth, and address (within the DPA)
- Blood product and procedure decisions
- Special medical instructions
- Healthcare agent details (within the DPA)
- Witness information
- Persons of interest details
2b. Information We Can Read (Unencrypted)
The following information is stored in readable form to enable the Service to function:
2c. Information We Never Collect
- We do not use tracking cookies or third-party analytics that identify you
- We do not sell or share your information with advertisers
- We do not build behavioral profiles
- Anonymous users: we store nothing server-side
3. Sensitive Information Disclosure
4. How We Use Your Information
- Service operation: Authentication, document storage and retrieval, subscription management
- Emergency access: Displaying healthcare agent contact information when a QR code is scanned (only if you opt in to unencrypted agent info)
- Communication: Account-related emails (verification, password reset, subscription status). We will never send marketing emails without explicit opt-in. If you subscribe to The Bloodless Brief newsletter, we send occasional updates about bloodless medicine and platform features (monthly or less). You can unsubscribe at any time via a one-click link in every email or in your account settings.
- Security: Session management, abuse prevention, rate limiting
5. AI Feedback Prompts
The Service can generate privacy-safe prompts to help you get AI feedback on your blood product and procedure choices. Regarding your privacy:
- bloodless.org does not connect to any AI service. No data from this app is sent to any AI provider, ever
- Prompts are generated entirely in your browser — they are never sent to our servers
- No personally identifiable information is included in generated prompts — no names, dates of birth, addresses, phone numbers, email addresses, or healthcare agent details
- You choose how to use the prompt: copy it to your clipboard and paste it into any AI tool you prefer (ChatGPT, Claude, Gemini, etc.)
- We have no visibility into any AI conversation you have — once you paste the prompt elsewhere, that interaction is governed entirely by the AI provider's terms and privacy policies
- The AI feedback feature is optional — you can use the Service without it
6. Third-Party Service Providers
No AI provider: bloodless.org does not connect to any AI service. If you use the AI feedback prompt feature, you copy a generated prompt into your own AI tool — we never see or facilitate that interaction.
We do not sell, rent, or share your personal information with any other third parties.
7. Data Retention
When data is deleted:
- Account data is removed from our database within 30 days
- Encrypted document blobs are permanently deleted within 24 hours
- Stripe retains transaction records per their legal obligations
- We retain only anonymized deletion records (timestamp + anonymized ID) for compliance
8. Your Rights
All Users
- Access: You can request a copy of all data we hold about you
- Deletion: You can delete your account and all associated data at any time
- Portability: You can download your encrypted data and PDF documents
- Withdraw consent: You can withdraw your health data processing consent at any time (this will require account deletion, as the Service cannot function without it)
California Residents (CCPA/CPRA)
- Right to know what personal information we collect and why
- Right to delete your personal information
- Right to opt out of sale/sharing — we do not sell or share your data
- Right to limit use of sensitive personal information
- We will respond to verified requests within 45 days
EU/EEA Residents (GDPR)
- Legal basis for processing health-related data: explicit consent (Article 9(2)(a)). You provide this consent separately from accepting our Terms of Service.
- Rights: access, rectification, erasure, data portability, restriction of processing, objection
- Data transfers: our infrastructure is hosted on Cloudflare, which maintains Standard Contractual Clauses for international data transfers
- Complaints may be filed with your local supervisory authority
9. Data Security
- Medical directive content is encrypted client-side with AES-256-GCM (NIST standard)
- Encryption keys are derived in your browser and never sent to our servers
- All connections use TLS 1.3 encryption in transit
- Database-backed sessions with HTTP-only secure cookies (no JWT tokens exposed to JavaScript)
- CSRF protection on all state-changing operations
- Rate limiting on authentication and document access endpoints
10. Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected users within 60 days (as required by FTC Health Breach Notification Rule)
- We will notify the FTC as required
- For EU users, we will notify the relevant supervisory authority within 72 hours (GDPR requirement)
- Note: Because your medical directive content is encrypted and we cannot read it, a server breach does not expose your medical decisions — only account metadata (email, name) would be affected
11. Children's Privacy
This Service is not directed at children under 13. We do not knowingly collect information from children under 13. Family plan members under 18 must have their DPA created by a parent or legal guardian who is the plan owner.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide notice via email or in-app notification at least 30 days before the effective date. You will be asked to re-consent if we materially change how we process health-related data.
13. Contact Us
For privacy questions, data access requests, or to exercise any of your rights:
- Submit a data rights request — access, delete, export, or correct your data
- Email: privacy@bloodless.org
- For deletion requests: use the "Delete my data" feature in your account settings, or email us