Privacy Policy for myCARI

Last Updated: January 19, 2026Version: 1.3

Introduction

MLPipes LLC (“we,” “our,” or “us”) operates the myCARI mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

We take your privacy seriously, especially given the sensitive nature of health information. Please read this Privacy Policy carefully. By using myCARI, you agree to the collection and use of information in accordance with this policy.

Related Documents:

Information We Collect

Personal Information

When you create an account, we collect:

  • Account Information: Name, email address, phone number, date of birth
  • Profile Information: Profile photo, height, weight, sex, blood type
  • Authentication Data: Encrypted passwords, biometric authentication preferences

Health and Medical Information

With your explicit consent, we collect:

From Apple Health

  • Heart rate and resting heart rate
  • Blood pressure readings
  • Blood glucose levels
  • Oxygen saturation (SpO2)
  • Respiratory rate
  • Body measurements (weight, BMI)
  • Sleep data (duration, stages, quality)
  • Step count and activity data
  • Workout and exercise data
  • Electrocardiogram (ECG) data

Manually Entered Health Data

  • Vital sign measurements
  • Medication information (names, dosages, schedules)
  • Medical appointments
  • Medical history and conditions
  • Allergy information

AI-Analyzed Data

  • Meal Photos: Images you photograph are processed by AI to identify foods, estimate portion sizes, and calculate nutritional content (calories, protein, carbohydrates, fats, fiber)
  • Health Insights: Your vitals, activity, sleep, and medication data are analyzed to generate personalized daily health coaching and goal recommendations
  • Pattern Detection: AI identifies trends, anomalies, and correlations in your health data

Healthcare Provider Data (FHIR Integration)

When you connect your healthcare provider accounts (Epic MyChart, Cerner, athenahealth, etc.), we import:

  • Laboratory results and reference ranges
  • Medication lists and prescriptions
  • Diagnoses and problem lists
  • Immunization records
  • Allergy and intolerance information
  • Clinical notes and visit summaries
  • Imaging and procedure reports

This data is imported via secure SMART on FHIR protocols with OAuth 2.0 authentication.

Care Team Information

If you use care team features:

  • Care team member relationships and permission levels
  • Shared health data (as configured by you)
  • Messages between care team members (individual and group)
  • Invitation and acceptance records
  • Care team member consent acknowledgments

Message Retention

  • Messages are stored securely for care coordination purposes
  • You can delete messages from your view at any time
  • Important: For HIPAA compliance and care continuity, original message content may be retained in audit logs even after deletion from your view
  • “Unsent” messages preserve original content in secure audit storage
  • Message audit logs are retained for a minimum of 6 years as required by law

Device and Usage Information

  • Device type and operating system
  • App usage patterns and features accessed
  • Crash logs and performance data
  • Push notification tokens

Location Information

With your consent, we may collect:

  • Location data for safety features
  • Location for emergency response services

SOS and Safety Feature Data

When you use SOS and safety features, we collect:

  • SOS button activation timestamps
  • Fall detection sensor data and events
  • Emergency contact notification records
  • Location data at time of alert (if enabled)
  • Care team notification delivery status
  • Response acknowledgment records

IMPORTANT SOS LIMITATIONS

  • The SOS feature sends notifications to your designated care team members ONLY
  • The SOS feature does NOT contact 911, emergency services, or any professional emergency responders
  • We cannot guarantee delivery of SOS notifications due to factors outside our control (network connectivity, device settings, recipient device status)
  • There may be delays in notification delivery
  • MLPipes LLC is a technology platform provider only and does not monitor or respond to SOS alerts
  • You should always call 911 directly for life-threatening emergencies

Data Accuracy and Limitations

YOUR RESPONSIBILITY FOR DATA ACCURACY

You are responsible for the accuracy, completeness, and timeliness of all health information you enter, import, or maintain in myCARI. This includes:

  • Manually entered vital signs and health metrics
  • Medication information and schedules
  • Medical history and conditions
  • Emergency contact information
  • Care team member designations

LIMITATIONS OF AUTOMATED DATA

Data imported from connected sources (Apple Health, FHIR providers, connected devices) may contain:

  • Measurement errors from sensors or devices
  • Synchronization delays
  • Data gaps or missing readings
  • Format conversion variations

WE DO NOT VERIFY DATA ACCURACY

MLPipes LLC does not verify, validate, or guarantee the accuracy of:

  • Health data you enter manually
  • Data imported from third-party sources
  • AI-generated insights or calculations
  • Information shared with care team members

NO SUBSTITUTE FOR MEDICAL RECORDS

myCARI is not a medical record system. The data in myCARI:

  • Should not be used as your sole source of health information
  • May not reflect your complete medical history
  • Should not be relied upon for clinical decision-making
  • Is not a substitute for professional medical records maintained by your healthcare providers

How We Use Your Information

We use your information to:

Provide Core Services

  • Display and track your health metrics
  • Manage medications and send reminders
  • Schedule and track medical appointments
  • Generate personalized health insights
  • Enable care team collaboration and communication

Improve Our Services

  • Analyze app usage to improve features
  • Develop new health tracking capabilities
  • Fix bugs and improve performance

Safety and Security

  • Enable emergency response features
  • Detect and prevent fraud
  • Ensure account security

Communications

  • Send medication reminders and health alerts
  • Notify you of appointment reminders
  • Send care team messages and notifications
  • Provide customer support

SOS and Safety Alerts

  • Deliver SOS notifications to your designated care team members
  • Send fall detection alerts to care team members
  • Transmit location data during emergency alerts (if enabled)

NOTIFICATION DELIVERY LIMITATIONS

We attempt to deliver SOS and safety notifications through push notifications, but:

  • Delivery depends on network connectivity, device settings, and recipient availability
  • We cannot guarantee immediate or successful delivery
  • Notifications may be delayed or fail due to factors outside our control
  • Care team members must have the app installed with notifications enabled
  • MLPipes LLC does not monitor delivery status or take action on failed deliveries

Apple Health Data

We handle Apple Health data with special care in compliance with Apple's guidelines:

We DO NOT:

  • Advertise or market using Apple Health data
  • Sell Apple Health data to any third party, including advertising platforms, data brokers, or information resellers
  • Share Apple Health data with third parties for their advertising or marketing purposes
  • Use Apple Health data for credit scoring, insurance underwriting, or similar eligibility determinations
  • Disclose Apple Health data to third parties without your explicit, informed consent

We DO:

  • Use Apple Health data only to provide health tracking features within the App
  • Share Apple Health data with care team members only with your explicit consent and at permission levels you control
  • Protect Apple Health data with encryption at rest (AES-256) and in transit (TLS 1.3)
  • Request access only to Apple Health data types necessary for app functionality

Apple Health Data Types We Access

Data TypePurpose
Heart RateVital sign monitoring, trend analysis, anomaly alerts
Blood PressureCardiovascular health tracking, medication effectiveness
Blood GlucoseDiabetes management, meal impact analysis
WeightBody composition tracking, trend visualization
Steps & DistanceActivity monitoring, daily goal tracking
Sleep AnalysisSleep quality insights, wellness recommendations
WorkoutsFitness tracking, activity ring progress
ECG/ElectrocardiogramHeart rhythm storage and visualization
Oxygen SaturationRespiratory health monitoring
Respiratory RateBreathing pattern tracking

You can revoke Apple Health access at any time in iOS Settings > Privacy & Security > Health > myCARI.

How We Share Your Information

Care Team Sharing

You control what health information is shared with your care team members:

  • Basic View: Medications, appointments, emergency alerts
  • Full View: Above plus vitals, medical records
  • Professional Caregiver: Professional access with audit logging

You can modify or revoke care team permissions at any time.

Service Providers

We share information with third-party service providers who assist in operating our App:

ProviderPurposeData Shared
Google Cloud PlatformBackend infrastructure, data storageEncrypted health data, account data
Firebase (Google)Authentication, real-time messagingEmail, authentication tokens, messages
ApplePush notifications, Apple HealthDevice tokens, Apple Health data (on-device)

These providers are bound by contractual obligations to protect your data.

Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government requests
  • Protection of our legal rights
  • Emergency situations involving potential harm

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Data Storage and Security

Storage Location

  • Your data is stored on secure servers in the United States
  • We use Google Cloud Platform with encryption at rest and in transit

Security Measures

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Secure authentication with Firebase
  • Biometric authentication support (Face ID, Touch ID)
  • Regular security audits and updates

Data Retention

  • Active account data is retained while your account is active
  • You can request deletion of your data at any time
  • Backup data is retained for up to 30 days after deletion
  • Some data may be retained longer for legal compliance

Your Rights and Choices

Access and Portability

  • View all your health data within the App
  • Export your data in standard formats
  • Request a copy of all data we hold about you

Correction

  • Update your profile and health information at any time
  • Correct inaccurate health records

Deletion

  • Delete individual health records
  • Request complete account deletion
  • Upon deletion, we remove your data from active systems within 30 days

Consent Withdrawal

  • Revoke Apple Health permissions in iOS Settings
  • Disable care team data sharing
  • Opt out of non-essential communications

Manage Permissions

  • Control which care team members can view your data
  • Modify permission levels at any time
  • Remove care team members

Children's Privacy

myCARI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

If you access myCARI from outside the United States, your information may be transferred to and processed in the United States. By using the App, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Posting the new Privacy Policy in the App
  • Updating the “Last Updated” date
  • Sending a notification for material changes

Your continued use of the App after changes constitutes acceptance of the updated policy.

California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to Know: Request what personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Non-Discrimination: We will not discriminate against you for exercising your rights

HIPAA Compliance

While myCARI is not a “covered entity” under HIPAA (as we are not a healthcare provider, health plan, or healthcare clearinghouse), we recognize the sensitive nature of health information and voluntarily implement security practices consistent with HIPAA standards.

We provide a separate HIPAA Authorization Notice that details:

  • The specific Protected Health Information (PHI) we collect
  • How we use and disclose your PHI
  • Your rights regarding your health information
  • Our security measures for protecting PHI
  • How to revoke your authorization

By using myCARI, you acknowledge and consent to the practices described in both this Privacy Policy and the HIPAA Authorization Notice.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

ML Pipes LLC

For privacy-related requests, please email privacy@mlpipes.ai with the subject line “Privacy Request.”

Electronic Signatures and Consent Records

When you accept this Privacy Policy, the Terms of Service, and the HIPAA Authorization Notice during account creation, you are providing your electronic signature pursuant to the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA).

What We Record

Your consent record includes:

  • Your email address
  • Your unique user ID
  • Timestamp of consent (ISO 8601 format)
  • Version numbers of documents you accepted
  • Your IP address and device identifier (for verification)

Re-Consent for Material Changes

If we make material changes to this Privacy Policy:

  • We will notify you via in-app notification and/or email
  • You may be required to review and accept the updated policy
  • Your continued use after notification constitutes acceptance
  • You may delete your account if you do not agree to changes

Consent

By using myCARI, you consent to:

  • The collection and use of your information as described in this Privacy Policy
  • The sharing of health data with care team members you authorize
  • The processing of your data in the United States
  • The use of AI to analyze your health data and meal photos
  • The import of medical records from connected healthcare providers
  • The SOS feature limitations, including that it does NOT contact emergency services
  • The notification delivery limitations described in this policy
  • Your responsibility for data accuracy as described above

This Privacy Policy was last updated on January 19, 2026.

Version History:

  • v1.3 - Added SOS feature data collection, data accuracy limitations, notification delivery disclaimers
  • v1.2 - Added AI Meal Tracker, FHIR integration, message retention, electronic signature sections
  • v1.1 - Minor updates
  • v1.0 - Initial Privacy Policy