Privacy Policy

Last updated: April 2026

1. Who we are

BioShield AI ("BioShield," "we," "us") operates this website and provides AI-powered personal risk-awareness and preparedness guidance. We are not a healthcare provider, and using BioShield AI does not establish a clinician-patient relationship.

2. What we collect

We collect the minimum information needed to run the service:

• Conversation inputs. The messages you type into the AI Risk Guide. These are processed in real time to generate a response.
• Quick-tool inputs. Values entered into the homepage risk pre-screen (symptom severity, duration, exposure, household vulnerability). These are processed client-side.
• Technical data. Standard request data such as IP address, browser type, referring page, timestamps, and general geolocation derived from IP. This is used for security, abuse prevention, and operational analytics.
• Cookies & local storage. Strictly functional cookies and browser storage used to keep the site working and to remember your preferences. We do not use cross-site tracking cookies.

3. What we don't collect

• We do not require an account to use BioShield AI.
• We do not ask for — or want — your full medical record, insurance information, or government ID.
• We do not sell your personal information to anyone.
• We do not use your AI inputs to build advertising profiles about you.

4. How your AI chat is handled

When you send a message in the AI Risk Guide, your conversation (the current session's messages) is transmitted to our AI model provider to generate a response, and then returned to your browser. We may retain limited technical logs for abuse prevention, safety review, and service reliability. We do not attempt to link chat content to your identity.

You should not share information in the chat that you consider extremely sensitive (e.g., detailed identifying information, financial information, or government IDs). Share only what you need to get useful guidance.

5. How we use information

• To provide and improve the service.
• To maintain security and prevent abuse.
• To understand aggregate usage patterns (e.g., which hubs are most useful).
• To comply with legal obligations where applicable.

6. Service providers and AI sub-processor

We use a small, vetted set of infrastructure and AI vendors to operate the site. They process data on our behalf under their own security and privacy commitments and are contractually limited to the purposes below.

• Netlify, Inc. — hosting, content delivery, edge networking, and serverless function execution.
• OpenAI, L.L.C. — the large language model provider that generates AI Risk Guide responses. The current chat session's messages (and a system prompt that defines BioShield AI's behavior) are transmitted to OpenAI to produce a streaming response. Per OpenAI's API data policy, API inputs and outputs are not used to train OpenAI's models. OpenAI may retain API request data for a limited period for abuse monitoring and policy compliance, after which it is deleted in line with their published retention policy.

If you do not want your messages transmitted to a third-party AI model, do not use the AI Risk Guide. The static content hubs (Symptoms, Exposure, Preparedness, etc.) do not call the AI provider.

7. International data transfers

BioShield AI is operated from, and its sub-processors typically operate from, the United States. If you access the service from outside the U.S. — including from the EU/UK — your information may be transferred to and processed in the U.S. and other jurisdictions where our providers operate. Where required, we rely on the European Commission's Standard Contractual Clauses or equivalent transfer mechanisms offered by our sub-processors.

8. Your choices and rights

• You can use BioShield AI without creating an account.
• You can clear your browser storage at any time to reset local preferences.
• If you are located in a jurisdiction with specific data rights (for example, the EU/UK under GDPR, or California under CCPA/CPRA), you may have rights to access, correct, delete, or restrict processing of personal information we hold about you, and to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. You can exercise these rights by contacting us at the email below; we will verify your request and respond within the legally required period.

9. Children

BioShield AI is intended for adults. It is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

10. Security

We use reasonable technical and organizational measures to protect the data we process — including HTTPS in transit, a strict Content Security Policy, rate limiting on the AI endpoint, and minimal data retention. No system is perfectly secure, and you should treat any health-adjacent conversation with appropriate discretion.

11. Changes to this policy

We may update this Privacy Policy over time. Material changes will be reflected by a new "Last updated" date at the top of this page.

12. Contact

For privacy questions or data requests, contact us via the contact page. Email contact details are listed there.