Privacy Policy

Introduction

MLPipes LLC (“we,” “our,” or “us”) operates the myCARI mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

We take your privacy seriously, especially given the sensitive nature of health information. Please read this Privacy Policy carefully. By using myCARI, you agree to the collection and use of information in accordance with this policy.

Related Documents:

Information We Collect

Personal Information

When you create an account, we collect:

Account Information: Name, email address, phone number, date of birth
Profile Information: Profile photo, height, weight, sex, blood type
Authentication Data: Encrypted passwords, biometric authentication preferences

Health and Medical Information

With your explicit consent, we collect:

From Apple HealthKit

Heart rate and resting heart rate
Blood pressure readings
Blood glucose levels (including continuous glucose monitor data)
Oxygen saturation (SpO2)
Respiratory rate
Body measurements (weight, BMI)
Sleep data (duration, stages, quality)
Step count and activity data
Workout and exercise data
Electrocardiogram (ECG) data
Hydration data (if tracking enabled)

Manually Entered Health Data

Health reading measurements
Medication information (names, dosages, schedules)
Medical appointments
Medical history and conditions
Allergy information

AI-Analyzed Data

myCARI uses Google Gemini AI (provided by Google LLC via Google Cloud) to generate personalized health insights. The following data is sent to Google Gemini AI for processing:

Meal Photos: Images you photograph are sent to Google Gemini AI to identify foods, estimate portion sizes, and calculate nutritional content (calories, protein, carbohydrates, fats, fiber). Nutritional estimates reference the USDA FoodData Central database. Meal photos are stored securely in Google Cloud Storage.
Health Insights: Your vitals, activity, sleep, and medication data are sent to Google Gemini AI to generate personalized daily health coaching and goal recommendations
Wellness Indicators: Your biometric data is used to compute consumer wellness estimates including Stress Level, Energy Level, Metabolic Health Score, and Estimated Cortisol. These are wellness indicators only and are not medical diagnoses or clinical measurements.
Pattern Detection: AI identifies trends, anomalies, and correlations in your health data

You will be asked to consent to AI data processing before using any AI-powered feature for the first time. You can withdraw consent at any time in the app's Settings, which will disable AI features until consent is re-granted.

Healthcare Provider Data (FHIR Integration)

When you connect your healthcare provider accounts (Epic MyChart, Cerner, athenahealth, etc.), we import:

Laboratory results and reference ranges
Medication lists and prescriptions
Diagnoses and problem lists
Immunization records
Allergy and intolerance information
Clinical notes and visit summaries
Imaging and procedure reports

This data is imported via secure SMART on FHIR protocols with OAuth 2.0 authentication.

Care Team Information

If you use care team features:

Care team member relationships and permission levels
Shared health data (as configured by you)
Messages between care team members (individual and group)
Invitation and acceptance records
Care team member consent acknowledgments

Message Retention

Messages are stored securely for care coordination purposes
You can delete messages from your view at any time
Important: For HIPAA compliance and care continuity, original message content may be retained in audit logs even after deletion from your view
“Unsent” messages preserve original content in secure audit storage
Message audit logs are retained for a minimum of 6 years as required by law

Device and Usage Information

Device type and operating system
App usage patterns and features accessed
Crash logs and performance data
Push notification tokens

Location Information

With your consent, we may collect:

Location data for safety features
Location for emergency response services

SOS and Safety Feature Data

When you use SOS and safety features, we collect:

SOS button activation timestamps
Fall detection sensor data and events
Emergency contact notification records
Location data at time of alert (if enabled)
Care team notification delivery status
Response acknowledgment records

IMPORTANT SOS LIMITATIONS

The SOS feature sends notifications to your designated care team members ONLY
The SOS feature does NOT contact 911, emergency services, or any professional emergency responders
We cannot guarantee delivery of SOS notifications due to factors outside our control (network connectivity, device settings, recipient device status)
There may be delays in notification delivery
MLPipes LLC is a technology platform provider only and does not monitor or respond to SOS alerts
You should always call 911 directly for life-threatening emergencies

Data Accuracy and Limitations

YOUR RESPONSIBILITY FOR DATA ACCURACY

You are responsible for the accuracy, completeness, and timeliness of all health information you enter, import, or maintain in myCARI. This includes:

Manually entered health readings and metrics
Medication information and schedules
Medical history and conditions
Emergency contact information
Care team member designations

LIMITATIONS OF AUTOMATED DATA

Data imported from connected sources (HealthKit, FHIR providers, connected devices) may contain:

Measurement errors from sensors or devices
Synchronization delays
Data gaps or missing readings
Format conversion variations

WE DO NOT VERIFY DATA ACCURACY

MLPipes LLC does not verify, validate, or guarantee the accuracy of:

Health data you enter manually
Data imported from third-party sources
AI-generated insights or calculations
Information shared with care team members

NO SUBSTITUTE FOR MEDICAL RECORDS

myCARI is not a medical record system. The data in myCARI:

Should not be used as your sole source of health information
May not reflect your complete medical history
Should not be relied upon for clinical decision-making
Is not a substitute for professional medical records maintained by your healthcare providers

How We Use Your Information

We use your information to:

Provide Core Services

Display and track your health metrics
Manage medications and send reminders
Schedule and track medical appointments
Generate personalized health insights
Enable care team collaboration and communication

Improve Our Services

Analyze app usage to improve features
Develop new health tracking capabilities
Fix bugs and improve performance

Safety and Security

Enable emergency response features
Detect and prevent fraud
Ensure account security

Communications

Send medication reminders and health alerts
Notify you of appointment reminders
Send care team messages and notifications
Provide customer support

SOS and Safety Alerts

Deliver SOS notifications to your designated care team members
Send fall detection alerts to care team members
Transmit location data during emergency alerts (if enabled)

NOTIFICATION DELIVERY LIMITATIONS

We attempt to deliver SOS and safety notifications through push notifications, but:

Delivery depends on network connectivity, device settings, and recipient availability
We cannot guarantee immediate or successful delivery
Notifications may be delayed or fail due to factors outside our control
Care team members must have the app installed with notifications enabled
MLPipes LLC does not monitor delivery status or take action on failed deliveries

Apple HealthKit Data

We handle Apple HealthKit data with special care in compliance with Apple's HealthKit guidelines:

We DO NOT:

Advertise or market using HealthKit data
Sell HealthKit data to any third party, including advertising platforms, data brokers, or information resellers
Share HealthKit data with third parties for their advertising or marketing purposes
Use HealthKit data for credit scoring, insurance underwriting, or similar eligibility determinations
Disclose HealthKit data to third parties without your explicit, informed consent

We DO:

Use HealthKit data only to provide health tracking features within the App
Share HealthKit data with care team members only with your explicit consent and at permission levels you control
Protect HealthKit data with encryption at rest (AES-256) and in transit (TLS 1.3)
Request access only to HealthKit data types necessary for app functionality

HealthKit Data Types We Access

Data Type	Purpose
Heart Rate	Health monitoring, trend analysis, anomaly alerts
Blood Pressure	Heart health tracking, medication effectiveness
Blood Glucose	Blood sugar monitoring, meal impact analysis
Weight	Body composition tracking, trend visualization
Steps & Distance	Activity monitoring, daily goal tracking
Sleep Analysis	Sleep quality insights, wellness recommendations
Workouts	Fitness tracking, activity ring progress
ECG/Electrocardiogram	Heart rhythm tracking and visualization
Oxygen Saturation	Respiratory health monitoring
Respiratory Rate	Breathing pattern tracking

You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health > myCARI.

How We Share Your Information

Care Team Sharing

You control what health information is shared with your care team members:

Basic View: Medications, appointments, emergency alerts
Full View: Above plus vitals, medical records
Professional Caregiver: Professional access with audit logging

You can modify or revoke care team permissions at any time.

Service Providers

We share information with third-party service providers who assist in operating our App:

Provider	Purpose	Data Shared
Google Cloud Platform	Backend infrastructure, data storage	Encrypted health data, account data
Google Gemini AI (Google LLC)	AI-powered health insights, meal photo analysis, health coaching	Health metrics, meal photos, activity and sleep data
Google Cloud Storage (Google LLC)	Meal photo storage	Meal photos you upload
Firebase (Google)	Authentication, real-time messaging	Email, authentication tokens, messages
Apple	Push notifications, HealthKit	Device tokens, HealthKit data (on-device)

These providers are bound by contractual obligations to protect your data.

Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal process (subpoenas, court orders)
Government requests
Protection of our legal rights
Emergency situations involving potential harm

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Data Storage and Security

Storage Location

Your data is stored on secure servers in the United States
We use Google Cloud Platform with encryption at rest and in transit

Security Measures

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Secure authentication with Firebase
Biometric authentication support (Face ID, Touch ID)
Regular security audits and updates

Data Retention

Active account data is retained while your account is active
You can request deletion of your data at any time
Upon account deletion, data is removed from active systems within 30 days
Backup copies may be retained for up to 90 days before permanent removal
HIPAA audit logs and compliance records are retained for 6 years as required by law

Your Rights and Choices

Access and Portability

View all your health data within the App
Export your data in standard formats
Request a copy of all data we hold about you

Correction

Update your profile and health information at any time
Correct inaccurate health records

Deletion

Delete individual health records
Delete your account using Profile > Delete Account in the App, or by emailing support@mlpipes.ai
Upon account deletion, we permanently remove your account and all associated data — including vitals, medications, appointments, meals, workouts, sleep data, AI Health Coach analyses, and care team memberships — from active systems within 30 days
Backup copies may be retained for up to 90 days before permanent removal
HIPAA audit logs are retained for 6 years as required by law
Important: Deleting your myCARI account does not cancel your Apple subscription. You must separately cancel in your device's Settings > Subscriptions to stop future charges.

Consent Withdrawal

Revoke HealthKit permissions in iOS Settings
Disable care team data sharing
Opt out of non-essential communications

Manage Permissions

Control which care team members can view your data
Modify permission levels at any time
Remove care team members

Children's Privacy

myCARI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

If you access myCARI from outside the United States, your information may be transferred to and processed in the United States. By using the App, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

Posting the new Privacy Policy in the App
Updating the “Last Updated” date
Sending a notification for material changes

Your continued use of the App after changes constitutes acceptance of the updated policy.

California Privacy Rights (CCPA)

California residents have additional rights:

Right to Know: Request what personal information we collect
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do not sell personal information
Non-Discrimination: We will not discriminate against you for exercising your rights

HIPAA Compliance

While myCARI is not a “covered entity” under HIPAA (as we are not a healthcare provider, health plan, or healthcare clearinghouse), we recognize the sensitive nature of health information and voluntarily implement security practices consistent with HIPAA standards.

We provide a separate HIPAA Authorization Notice that details:

The specific Protected Health Information (PHI) we collect
How we use and disclose your PHI
Your rights regarding your health information
Our security measures for protecting PHI
How to revoke your authorization

By using myCARI, you acknowledge and consent to the practices described in both this Privacy Policy and the HIPAA Authorization Notice.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

ML Pipes LLC

Email: privacy@mlpipes.ai
Website: https://carihealth.ai
Address: 5725 S Valley View Blvd Ste 5 PMB 471045, Las Vegas, Nevada 89118-3122 US

For privacy-related requests, please email privacy@mlpipes.ai with the subject line “Privacy Request.”

Electronic Signatures and Consent Records

When you accept this Privacy Policy, the Terms of Service, and the HIPAA Authorization Notice during account creation, you are providing your electronic signature pursuant to the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA).

What We Record

Your consent record includes:

Your email address
Your unique user ID
Timestamp of consent (ISO 8601 format)
Version numbers of documents you accepted
Your IP address and device identifier (for verification)

Re-Consent for Material Changes

If we make material changes to this Privacy Policy:

We will notify you via in-app notification and/or email
You may be required to review and accept the updated policy
Your continued use after notification constitutes acceptance
You may delete your account if you do not agree to changes

Consent

By using myCARI, you consent to:

The collection and use of your information as described in this Privacy Policy
The sharing of health data with care team members you authorize
The processing of your data in the United States
The use of Google Gemini AI to analyze your health data and meal photos (in-app consent is also required before first use of AI features)
The import of medical records from connected healthcare providers
The SOS feature limitations, including that it does NOT contact emergency services
The notification delivery limitations described in this policy
Your responsibility for data accuracy as described above

This Privacy Policy was last updated on March 18, 2026.

Privacy Policy for myCARI