Hashifix App Privacy Policy

Last Updated: March 30, 2026

Unitect LLC ("Company", "we", "us", or "our") operates the Hashifix mobile application and related services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

  • Email address
  • Password (stored securely and encrypted)
  • First name (if provided)

Authentication Information:

  • Social login information (if you sign in with Google or Apple)
  • Email verification status

Content You Submit:

  • Chat messages and conversations with the AI assistant
  • Questions and queries submitted to the Service

1.2 Lab Result Data

When you use the photo scan feature to import lab results:

  • Your photo never leaves your device. All text recognition (OCR) is performed entirely on-device using Apple's Vision framework. Your photo is never uploaded to our servers or any third party.
  • Personal identifiers are stripped on-device before any data is used. Your name, date of birth, doctor name, facility, and other identifiers are never extracted, stored, or sent anywhere.
  • Only anonymous lab values (e.g., "TSH: 3.6 mIU/L", reference ranges, units) are stored — locally on your device in encrypted storage (iOS Keychain / Secure Store). This data is never sent to our servers.

Understand My Results (local feature): When you use the "Understand My Results" feature, your lab values are compared against published reference ranges entirely on your device. No data of any kind leaves your device when using this feature. No information is sent to our servers, to OpenAI, or to any third party.

AI Assistant: When you use the AI assistant for general thyroid health questions, your chat messages are sent to OpenAI's API for processing. If you choose to include anonymous lab values in your conversation (e.g., by typing or pasting a result), only those anonymous numeric values and reference ranges are transmitted — never photos, personal identifiers, or account information. OpenAI processes this data under a Data Processing Agreement and does not use API data to train its models.

1.3 Information Collected Automatically

Device Information:

  • Device type (mobile, tablet)
  • Operating system and version
  • App version

Usage Information:

  • Features you access and use
  • Screens you view
  • Interaction with the AI assistant

Technical Information:

  • IP address
  • Crash reports and error logs
  • Performance metrics

Analytics Data:

  • User behavior events and feature usage statistics (via PostHog)

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To enable AI assistant functionality
  • To manage your account and authentication
  • To enforce daily usage limits
  • To send service-related notifications and support responses
  • To analyze usage patterns and improve user experience
  • To detect and prevent fraud, abuse, and illegal activity
  • To comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We share information only with the following service providers:

Clerk (Authentication) — User authentication and account management
Privacy Policy

OpenAI (AI Services) — AI assistant functionality. Chat messages (text only) and conversation history are sent to OpenAI for processing. The "Understand My Results" feature is entirely on-device and does not involve OpenAI. If you choose to include lab values in your AI assistant conversation, only anonymous lab values (test name, numeric result, reference range) are included — never photos, personal identifiers, or account information. Lab result photos are processed entirely on your device and are never sent to OpenAI or any server. OpenAI does not use API data to train its models and processes it under a Data Processing Agreement.
Privacy Policy

PostHog (Analytics) — Product analytics and user behavior tracking
Privacy Policy

Sentry (Error Tracking) — Error monitoring and crash reporting
Privacy Policy

Vercel (Hosting) — Application hosting and infrastructure
Privacy Policy

We may also disclose your information if required by law or valid legal requests.

4. Data Storage and Security

Account data is stored securely by Clerk, encrypted in transit and at rest.

Chat history is stored locally on your device. It is not stored on our servers.

Lab results are processed entirely on your device using on-device text recognition (OCR). Only structured values (test name, numeric result, reference range, and date) are stored locally in your device's encrypted secure storage (iOS Keychain). Lab result photos are never sent to our servers, to OpenAI, or to any third party. Your name, date of birth, doctor name, and other personal identifiers from lab reports are never stored.

We use HTTPS/TLS encryption for all data in transit. No method of electronic transmission is 100% secure, but we implement commercially reasonable measures to protect your information.

5. Your Rights and Choices

  • Access: Request access to your personal information
  • Correction: Update your account information through the Service
  • Deletion: Request deletion of your account and associated data via the Account tab in the app
  • Opt-Out: Opt out of analytics tracking (may limit some features)

GDPR / EEA / UK Users: You have additional rights including the right to erasure, data portability, restriction of processing, and to lodge a complaint with a supervisory authority.

California Residents (CCPA): You have the right to know what data we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at Contact@unitect.com.

6. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe your child has provided us with personal information, please contact us immediately.

7. Data Retention

  • Account information: Retained while your account is active and for a reasonable period after deletion
  • Chat history: Stored locally on your device; deleted when you uninstall the app or clear chat history in the app
  • Lab results: Stored locally on your device; deleted when you remove them in the app or uninstall the app
  • Analytics data: Retained per PostHog and Sentry policies (typically 1–2 years)
  • Error logs: Retained for up to 90 days

8. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you by posting the updated policy on this page and updating the "Last Updated" date. For material changes, we will notify you via email or an in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

Unitect LLC
30 N Gould St #59365
Sheridan, WY 82801
United States
Email: Contact@unitect.com

By using the Hashifix Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.