Kantesti – AI Blood Test Analyzer
Privacy Policy & Data Protection Notice
Privacy Policy
Last Updated: August 8, 2025 | Effective Date: August 8, 2025
PIYA AI (“we”, “our”, “us”) operates the Kantesti – AI Blood Test Analyzer. Our Android app is a **WebView** that displays our web service. This policy explains how we handle personal data when you use Kantesti via our website or the mobile app. We store application data on servers we control at **PythonAnywhere** and process payments through independent **payment processors**. We do not sell personal data.
Table of Contents
- 1. Introduction & Scope
- 2. Data Controller Information
- 3. Information We Collect
- 4. How We Use Your Information
- 5. Legal Basis for Processing
- 6. Automated Decision Making
- 7. Information Sharing and Disclosure
- 8. Third-Party Services
- 9. Data Security
- 10. Data Retention
- 11. International Transfers
- 12. Your Privacy Rights
- 13. Cookies & Tracking
- 14. Children’s Privacy
- 15. Data Breach Procedures
- 16. Policy Updates
- 17. Contact Information
1. Introduction & Scope
1.1 About Kantesti
Kantesti interprets laboratory blood tests and generates AI-assisted reports for informational purposes. Kantesti is not a substitute for professional medical advice, diagnosis, or treatment.
1.2 Scope
This policy covers all users of our website, WebView app, clinic dashboard, and API integrations.
1.3 Principles
Transparency
Clear information about what we collect and why.
Data Minimization
Only what’s needed to deliver the service.
Security
Administrative, technical, and organizational safeguards.
User Control
Tools to access, rectify, or delete your data.
Compliance
We aim to comply with GDPR, HIPAA (where applicable), and other laws.
2. Data Controller Information
Data Controller / Contact
PIYA AI
Address: Simrock Str. 58, 50823 Köln, Germany
Email: [email protected]
Phone: +49 177 497 4039
2.1 Data Protection Contact
For privacy inquiries please contact [email protected]. We respond within applicable legal timeframes.
3. Information We Collect
3.1 Categories
Account & Contact
- Name, email (required)
- Phone number (optional)
- Postal address (optional / for billing)
Health Data (Sensitive)
- Uploaded lab results (photos, PDFs, other docs)
- Values you enter manually
- Notes you add to a report
Purchase & Billing
- Purchase history and invoices (collected)
- Payment card data handled by payment processor (shared only; we do not store card numbers)
Technical & Usage
- Device, browser, IP, timestamps
- Feature usage, error logs (for diagnostics)
3.2 How Data Is Collected
- Directly from you (registration, uploads, forms)
- Automatically via cookies/telemetry on our website shown inside the WebView
- From payment processors (transaction confirmations)
3.3 Android / WebView Note
The Android app itself does not access device sensors or store data locally beyond what is necessary to display web content. All data flows occur between your device and our servers (or the payment processor) through the web content displayed in the app.
4. How We Use Your Information
| Purpose | Data Used | Notes |
|---|---|---|
| App functionality | Account, Health, Technical | Generate and deliver AI analysis reports. |
| Account management | Account & Contact | Sign-in, password reset, profile settings. |
| Purchase processing | Purchase history (collected), payment info (shared) | Card data processed by payment processor; we keep invoices/order records. |
| Security & fraud prevention | Technical, Account, Purchase | Abuse prevention, 3D Secure checks by processor. |
| Developer communications | Email/phone (if provided) | Receipts, service notices, important updates. |
| Analytics (limited) | Aggregated usage/technical data | Improve performance and reliability. Optional where consent is required. |
5. Legal Basis for Processing
- Contract necessity: provide the service and manage your account.
- Consent: process sensitive health data; optional communications; cookies/analytics where required.
- Legitimate interests: service security, fraud prevention, service improvement.
- Legal obligations: tax/financial records, compliance requests.
6. Automated Decision Making & Profiling
Kantesti uses automated processing to interpret lab data and generate insights. These outputs are advisory and should be reviewed by a qualified professional. You may request human review and object to automated decisions where applicable law provides such rights.
7. Information Sharing and Disclosure
| Recipient | Purpose | Data | Notes |
|---|---|---|---|
| Hosting provider (PythonAnywhere) | Store and process service data | Data you upload and account data | Processor acting on our instructions. |
| Payment processor | Complete transactions; 3D Secure | Payment info (card details), billing details | Shared: we never store full card numbers. |
| Email/SMS provider | Send transactional messages | Email, phone, message content | Only for service communications. |
| Authorities | Legal compliance | As required by law | After legal review. |
- We do not sell your personal or health data.
- Third parties must protect data and act only on our instructions.
8. Third-Party Services & Integrations
We use third-party services for hosting, payment processing, email delivery, and security. The specific providers may change over time; we maintain agreements and safeguards for each provider.
9. Data Security
Encryption
HTTPS/TLS in transit; encrypted storage for uploaded files and reports.
Access Control
MFA for staff, role-based access, least-privilege policy, audit logs.
App Safety
File-type validation and malware screening for uploads.
Backups
Regular backups and disaster-recovery procedures.
While we implement safeguards, no method of transmission or storage is 100% secure. We work continuously to improve our protections.
10. Data Retention
| Data | Retention | Notes |
|---|---|---|
| Account & contact data | For the life of the account | Deleted within ~30 days after closure unless legally required longer. |
| Uploaded health data (free tier) | Up to 90 days | Then deleted unless you upgrade or export. |
| Uploaded health data (paid) | While subscription is active | Deleted within ~90 days after expiry unless you request earlier deletion. |
| Purchase history & invoices | Up to 7 years | Required for accounting/tax. |
| Logs & diagnostics | Up to 24 months | Security and troubleshooting. |
You can request deletion at any time; some records may be retained where law requires.
11. International Data Transfers
Your data may be processed in the EU/EEA, the UK, or other countries. Where required, we use appropriate safeguards such as Standard Contractual Clauses and supplementary measures.
12. Your Privacy Rights
- Access, correction, deletion.
- Restriction or objection to processing in certain cases.
- Data portability for information you provided to us.
- Withdraw consent where processing is based on consent (e.g., health data, marketing).
- Lodge a complaint with your supervisory authority.
To exercise rights, contact us via the details in the Contact section.
14. Children’s Privacy
Kantesti is intended for users **18+**. We do not knowingly collect data from children without appropriate consent and authorization.
15. Data Breach Procedures
We investigate incidents, mitigate risk, notify users and/or authorities where required, and document remediation steps.
16. Policy Updates
We may update this policy from time to time. Material changes will be notified via email, in-app, or on the site. The “Last Updated” date shows the latest version.
17. Contact Information
Privacy Contact
PIYA AI – Kantesti
Email: [email protected] / [email protected]
Phone: +49 177 497 4039
Address: Simrock Str. 58, 50823 Köln, Germany
Requests
To access, delete, or export your data, email us or use the in-app/web account settings. We may need to verify your identity.
Your Privacy Matters
We collect only what is necessary, store it securely on our servers, and share it only with essential providers such as payment processors. Credit card data is handled by the processor and not stored by us.
English