Legal

Política de privacidade

Versão 2026-06-17-v1 · Vigente a partir de 17 de junho de 2026

1. What This Policy Covers

This Privacy Policy describes how bloodless.org ("we", "us", "the Service") collects, uses, stores, and protects your information when you use our blood-related medical directive preparation tool.

The key principle: Your medical directive content (blood choices, special instructions, personal details within the DPA) is encrypted in your browser before it reaches our servers. We cannot read it. This policy explains what information we can see and how we handle it.

2. Information We Collect

2a. Information We Cannot Read (Encrypted)

The following information is encrypted in your browser using AES-256-GCM encryption before transmission. We store it as an opaque encrypted blob. We cannot decrypt, read, search, or index this data:

  • Your name, date of birth, and address (within the DPA)
  • Blood product and procedure decisions
  • Special medical instructions
  • Healthcare agent details (within the DPA)
  • Witness information
  • Persons of interest details

2b. Information We Can Read (Unencrypted)

The following information is stored in readable form to enable the Service to function:

DataWhy we need itWho can see it
Email addressAccount authentication, notificationsUs, Cloudflare (infrastructure)
Display nameAccount identificationUs, Cloudflare
Agent name & phone (if opted in)Emergency QR code displayUs, Cloudflare, anyone who scans QR
Payment informationSubscription billingStripe only (we never see card numbers)
IP address, browser typeSession security, abuse preventionUs, Cloudflare
Document metadata (timestamps, IDs)Service operationUs, Cloudflare

2c. Information We Never Collect

  • We do not use tracking cookies or third-party analytics that identify you
  • We do not sell or share your information with advertisers
  • We do not build behavioral profiles
  • Anonymous users: we store nothing server-side

3. Sensitive Information Disclosure

Important: The fact that you use bloodless.org may indicate religious beliefs or medical decisions. We consider your use of this Service to be sensitive information. Your email address combined with your account on this Service could reveal this. We treat all account data with the same level of care as we would treat health information.

4. How We Use Your Information

  • Service operation: Authentication, document storage and retrieval, subscription management
  • Emergency access: Displaying healthcare agent contact information when a QR code is scanned (only if you opt in to unencrypted agent info)
  • Communication: Account-related emails (verification, password reset, subscription status). We will never send marketing emails without explicit opt-in. If you subscribe to The Bloodless Brief newsletter, we send occasional updates about bloodless medicine and platform features (monthly or less). You can unsubscribe at any time via a one-click link in every email or in your account settings.
  • Security: Session management, abuse prevention, rate limiting

5. AI Feedback Prompts

The Service can generate privacy-safe prompts to help you get AI feedback on your blood product and procedure choices. Regarding your privacy:

  • bloodless.org does not connect to any AI service. No data from this app is sent to any AI provider, ever
  • Prompts are generated entirely in your browser — they are never sent to our servers
  • No personally identifiable information is included in generated prompts — no names, dates of birth, addresses, phone numbers, email addresses, or healthcare agent details
  • You choose how to use the prompt: copy it to your clipboard and paste it into any AI tool you prefer (ChatGPT, Claude, Gemini, etc.)
  • We have no visibility into any AI conversation you have — once you paste the prompt elsewhere, that interaction is governed entirely by the AI provider's terms and privacy policies
  • The AI feedback feature is optional — you can use the Service without it

6. Third-Party Service Providers

ProviderWhat they receiveDPA in place
Cloudflare (hosting)All server-side data, encrypted blobsYes
Resend (email delivery)Email address, email subject linesYes
Stripe (payments)Email, name, payment infoWill be executed prior to payment processing launch

No AI provider: bloodless.org does not connect to any AI service. If you use the AI feedback prompt feature, you copy a generated prompt into your own AI tool — we never see or facilitate that interaction.

We do not sell, rent, or share your personal information with any other third parties.

7. Data Retention

TierAccount dataEncrypted document
AnonymousNot storedNot stored (browser only)
Registered (free)Until account deletionUntil account deletion
Plus / LifetimeUntil account deletionUntil account deletion
Family PlanUntil plan cancellationUntil plan cancellation

When data is deleted:

  • Account data is removed from our database within 30 days
  • Encrypted document blobs are permanently deleted within 24 hours
  • Stripe retains transaction records per their legal obligations
  • We retain only anonymized deletion records (timestamp + anonymized ID) for compliance

8. Your Rights

All Users

  • Access: You can request a copy of all data we hold about you
  • Deletion: You can delete your account and all associated data at any time
  • Portability: You can download your encrypted data and PDF documents
  • Withdraw consent: You can withdraw your health data processing consent at any time (this will require account deletion, as the Service cannot function without it)

California Residents (CCPA/CPRA)

  • Right to know what personal information we collect and why
  • Right to delete your personal information
  • Right to opt out of sale/sharing — we do not sell or share your data
  • Right to limit use of sensitive personal information
  • We will respond to verified requests within 45 days

EU/EEA Residents (GDPR)

  • Legal basis for processing health-related data: explicit consent (Article 9(2)(a)). You provide this consent separately from accepting our Terms of Service.
  • Rights: access, rectification, erasure, data portability, restriction of processing, objection
  • Data transfers: our infrastructure is hosted on Cloudflare, which maintains Standard Contractual Clauses for international data transfers
  • Complaints may be filed with your local supervisory authority

9. Data Security

  • Medical directive content is encrypted client-side with AES-256-GCM (NIST standard)
  • Encryption keys are derived in your browser and never sent to our servers
  • All connections use TLS 1.3 encryption in transit
  • Database-backed sessions with HTTP-only secure cookies (no JWT tokens exposed to JavaScript)
  • CSRF protection on all state-changing operations
  • Rate limiting on authentication and document access endpoints

10. Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected users within 60 days (as required by FTC Health Breach Notification Rule)
  • We will notify the FTC as required
  • For EU users, we will notify the relevant supervisory authority within 72 hours (GDPR requirement)
  • Note: Because your medical directive content is encrypted and we cannot read it, a server breach does not expose your medical decisions — only account metadata (email, name) would be affected

11. Children's Privacy

This Service is not directed at children under 13. We do not knowingly collect information from children under 13. Family plan members under 18 must have their DPA created by a parent or legal guardian who is the plan owner.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide notice via email or in-app notification at least 30 days before the effective date. You will be asked to re-consent if we materially change how we process health-related data.

13. Contact Us

For privacy questions, data access requests, or to exercise any of your rights: