Last Updated March 18, 2026
This Privacy Notice applies to the processing of personal information by SanLuca AI, Inc. (“SanLuca AI”, “we,” “us,” or “our”) in connection with the operation of our platform available at: https://www.sanluca.ai/ (the “Platform”).
Disclosure Regarding Provider Data. This Privacy Notice does not apply to the health-related personal information that we process through the Platform solely on behalf of our healthcare provider customers (each a “Provider”) pursuant to a written agreement we have entered into with such customers (“Provider Data”). Providers’ respective privacy notices or notice of privacy practices govern their collection and use of Provider Data. Our processing of Provider Data (including any protected health information that is subject to HIPAA) is governed by the contracts (including applicable business associate agreements) that we have in place with the Providers, not this Privacy Notice. Any questions or requests relating to Provider Data should be directed to the Providers.
Disclosure Regarding SanLuca AI Website. This Privacy Notice does not apply to the personal information that we process under the SanLuca AI Website Privacy Notice at https://sanluca.ai/privacy.html.
Disclosure Regarding the Supplemental Consumer Health Data Privacy Notice. For information on our processing of “consumer health data” via the Platform that is subject to the Washington My Health My Data Act or Nevada Senate Bill 370, please see Annex A – Supplemental Consumer Health Data Privacy Notice.
1. UPDATES TO THIS PRIVACY NOTICE
2. PERSONAL INFORMATION WE COLLECT
3. HOW WE USE PERSONAL INFORMATION
4. HOW WE DISCLOSE PERSONAL INFORMATION
5. YOUR PRIVACY CHOICES
6. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
7. CHILDREN’S PERSONAL INFORMATION
8. THIRD-PARTY WEBSITES/APPLICATIONS
9. CONTACT US
ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY NOTICE
UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time at our sole discretion. If we do, we’ll let you know by posting the updated Privacy Notice on our website, and/or we may also send other communications.
PERSONAL INFORMATION WE COLLECT
We collect personal information that you provide to us, personal information we collect automatically when you use the Platform, and personal information from third-party sources, as described below.
Personal Information You Provide to Us Directly
We may collect personal information that you provide to us.
Account Information. We may collect personal information in connection with the creation or administration of your account. This personal information may include, but is not limited to, your name, email address, phone number, medical conditions and related details, and other information you store with your account. If you are an employee, contractor, or other authorized user of a Provider, this personal information may also include professional details about you.
Your Communications with Us. We, and our service providers, may collect the information you communicate to us, such as through email or our enduser support tools, including web chat.
Purchases. We may collect personal information and details associated with your purchases, including payment information. Any payments made via our Platform are processed by third-party payment processors. We do not directly collect or store any payment card information entered through the Platform, but we may receive information associated with your payment card information (e.g., your billing details).
Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
Interactive Features. We and others who use our Platform may collect personal information that you submit or make available through our interactive features (e.g., messaging features, commenting functionalities, forums, and blogs).
Personal Information Collected Automatically
We may collect personal information automatically when you use the Platform.
Inputs and Outputs. We may offer features that allow you to prompt the Platform with text, audio, or other inputs ("Inputs"), which generate responses (“Outputs”) based on your Inputs. If you include personal information in your Inputs, we will collect that information and this information may be reproduced in your Outputs.
Device Information. We may collect personal information about your device, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, Internet service provider, and location information (including, as applicable, approximate location derived from IP address and precise geo-location information).
Usage Information. We may collect personal information about your use of the Platform, such as the pages that you visit, items that you search for, the types of content you interact with, information about the links you click, the frequency and duration of your activities, and other information about how you use the Platform.
Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, and other technologies (“Technologies”) to automatically collect personal information through your use of the Platform.
Cookies. Cookies are small text files stored in device browsers.
Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Platform that collects personal information about use of or engagement with the Platform. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
See “Your Privacy Choices” below to understand your choices regarding these Technologies.
Personal Information Collected from Third Parties
We may collect personal information about you from third parties. For example, if you access the Platform using a Third-Party Service (defined below), we may collect personal information about you from that Third-Party Service that you have made available via your privacy settings or that you have otherwise authorized the Third-Party Service to share with us.
HOW WE USE PERSONAL INFORMATION
We use personal information for a variety of business purposes, including to provide the Platform, to operate our business, to provide you with marketing materials, and with your consent, as described below.
Provide the Platform
We use personal information to provide the Platform, such as:
Personalizing certain Platform features;
Providing access to certain areas, functionalities, and features of the Platform;
Answering requests for support;
Processing your payment information for products and services purchased;
Communicating with you; and
Sharing personal information with third parties as needed to provide the Platform.
Operate Our Business
We use personal information to operate our business, such as:
Pursuing our legitimate interests such as network and information security and fraud prevention;
Carrying out analytics;
Creating de-identified and/or aggregated information;
Enforcing our agreements and policies; and
Carrying out activities that are required to comply with our legal obligations.
Marketing
We may use personal information to tailor and provide you with marketing and other content.
With Your Consent or Direction
We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information, with your consent, or as otherwise directed by you.
HOW WE DISCLOSE PERSONAL INFORMATION
We disclose personal information to third parties for a variety of business purposes, including to provide the Platform, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.
Disclosures to Provide the Site
We may disclose any of the personal information we collect to the categories of third parties described below.
Service Providers. We may disclose personal information to third-party service providers that assist us with the provision of the Site. This may include, but is not limited to, service providers that provide us with hosting, customer service, analytics, marketing services, IT support, and related services. In addition, personal information and chat communications may be disclosed to service providers that help provide our chat features.
Third-Party Services You Share or Interact With. The Site may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, applications, services, products, and technology (each a “Third-Party Service”).
For example, you may instruct us to provide your personal information to a healthcare provider that you have an independent relationship that is not otherwise affiliated with SanLuca AI.
Any personal information shared with a Third-Party Service will be subject to the Third- Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.
Providers (Authorized Users Only). In cases where you use the Platform as an employee, contractor, or other authorized user of a Provider, that Provider may access information associated with your use of the Platform including usage data and the contents of the communications and files associated with your account. Your personal information may also be subject to the Provider’s privacy policy. We are not responsible for the Provider’s processing of your personal information.
Affiliates. We may share your personal information with our corporate affiliates.
Disclosures to Protect Us or Others
We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.
YOUR PRIVACY CHOICES
The privacy choices you may have about your personal information are described below.
Email Communications. If you receive an unwanted email from us, you can use the unsubscribe functionality found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails. We may also send you certain non-promotional communications regarding us and the Platform, and you will not be able to opt out of those communications (e.g., communications regarding the Site or updates to this Privacy Notice).
Text Messages. If you receive an unwanted text message from us, you may opt out of receiving future text messages from us by following the instructions in the text message you have received from us or by otherwise contacting us as set forth in “Contact Us” below.
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Cookies. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, the Platform may not work properly.
Please note you must separately opt out in each browser and on each device.
INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. These countries may or may not have adequate data protection laws as defined by the data protection authority in your country.
CHILDREN’S PERSONAL INFORMATION
The Platform is not directed to children under 16 (or other age as required by local law outside the United States), and we do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has uploaded personal information to the Platform in violation of applicable law, you may contact us as described in “Contact Us” below.
THIRD-PARTY WEBSITES/APPLICATIONS
The Platform may contain links to other websites/applications and other websites/applications may reference or link to our Platform. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
CONTACT US
If you have any questions about our privacy practices or this Privacy Notice, please contact us at privacy@sanluca.ai
ANNEX A – SUPPLEMENTAL CONSUMER HEALTH DATA PRIVACY NOTICE
This Supplemental Consumer Health Data Privacy Notice (“Consumer Health Data Privacy Notice”) supplements the SanLuca AI Privacy Notice.
This Consumer Health Data Privacy Notice only applies to personal information that we process that is “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) or Nevada Senate Bill 370 (“NV SB 370”) (as applicable).
Terms used in this Consumer Health Data Privacy Notice that are defined in MHMDA or NV SB 370 will have the meaning set forth in those laws to the extent such laws are applicable.
Consumer Health Data We Collect
Under the MHMDA, “consumer health data” is defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status.”
Under NV SB 370, “consumer health data” is defined as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.”
Because consumer health data is defined very broadly, many of the categories of personal information that we collect under our Privacy Notice may also be considered consumer health data.
Examples of consumer health data that you may provide to us, or that we may otherwise collect, may include:
Information that could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health. For example, we collect information you submit to the Platform, which may include information concerning your health and wellbeing, mental health, medical conditions, or other health-related topics.
Information about your health-related conditions, symptoms, status, diagnoses, disease, testing, or treatments.
Information about social, psychological, behavioral, and medical interventions.
Information about use or purchase of prescribed medication.
Information about measurements of bodily functions, vital signs, symptoms, or characteristics.
Information about diagnoses or diagnostic testing, treatment, or medication.
Information about surgeries or other health-related procedures.
Reproductive or sexual health information.
Information about gender-affirming care.
Biometric information.
Genetic data.
Information related to the precise (geo)location information of a consumer used to indicate an attempt by a consumer to receive health care services or products.
Other information that may be used to infer or derive data related to the above or other consumer health data.
Sources of Consumer Health Data
We collect consumer health data that you provide to us, consumer health data we collect automatically when you use the Platform, and consumer health data from third-party sources, as described in our Privacy Notice and below.
Why We Collect and Use Consumer Health Data
We collect and use consumer health data for the purposes and in the manner described in the “How We Use Personal Information” section of the Privacy Notice.
Primarily, we collect and use consumer health data as reasonably necessary to provide you with the products or services you have requested or authorized via the Platform. This may include delivering and operating the Platform’s products or services and their features, personalization of certain product or service features, ensuring the secure and reliable operation of the products or services and the systems that support them, troubleshooting the products and services, and other essential business operations that support the provision of the products and services (such as analyzing our performance and meeting our legal obligations).
We may also use consumer health data for other purposes for which we give you choices and/or obtain your consent as required by law.
Sharing of Consumer Health Data
We may share each of the categories of consumer health data described above for the purposes described above and in the “How We Use Personal Information” section of the Privacy Notice at https://sanluca.ai/privacy.html.
Third Parties With Which We Share Consumer Health Data
We may share consumer health data with the categories of third parties listed in the “How We Disclose Personal Information” section of the Privacy Notice.
How to Exercise Your Rights
MHMDA and NV SB 370 provide consumers with certain rights with respect to consumer health data.
Under MHMDA, consumers have the right to: (i) confirm whether SanLuca AI is collecting, sharing, or selling consumer health data and to access such data; (ii) withdraw consent from SanLuca AI’s collection and sharing of consumer health data; and (iii) request that SanLuca AI delete consumer health data.
Under NV SB 370, consumers have the right to: (i) confirm whether SanLuca AI is collecting, sharing or selling consumer health data; (ii) have SanLuca AI provide the consumer with a list of all third parties with whom SanLuca AI has shared consumer health data relating to the consumer or to whom SanLuca AI has sold such consumer health data; (iii) request that SanLuca AI cease collecting, sharing, or selling consumer health data relating to the consumer; and (iv) request that SanLuca AI delete consumer health data.
The rights afforded to consumers under MHMDA and NV SB 370 are subject to certain exceptions.
You can request to exercise such rights by contacting us at privacy@sanluca.ai.
If your request to exercise a right under MHMDA or NV SB 370 is denied, you may appeal that decision by contacting us at privacy@sanluca.ai .
If your appeal is unsuccessful and your consumer health data is subject to MHMDA, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.
DISCLOSURE REGARDING THIRD PARTY COLLECTION OF CONSUMER HEALTH DATA UNDER NV SB 370
This section only applies to our processing of consumer health data that is subject to NV SB 370.
We do not allow third parties to collect consumer health data over time and across different Internet websites or online services when the consumer uses any Internet website or online service of SanLuca AI.
Nonetheless, please note that third parties may still be able to collect consumer health data from you over time and across different websites depending on your browser, browser add-ons, and associated permissions you set on your device.
This collection of consumer health data by those third parties is unrelated to SanLuca AI’s collection of consumer health data from you, and we encourage you to view those third parties’ privacy notices for more information about their processing of consumer health data and the methods they provide to allow you to opt out of such processing.
UPDATES TO THIS CONSUMER HEALTH DATA PRIVACY NOTICE
We may update this Consumer Health Data Privacy Notice from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Consumer Health Data Privacy Notice on our website, and/or we may also send other communications.
