At Laso, we handle your health data with the same precision and care that defines our product. This Privacy Policy describes what information we collect, how we use it, and the choices you have. We do not sell your data. We do not make it available to advertisers. What follows is our full policy, but here is the short version: we collect what we need to run the product, we protect it with intention, and we give you control over it.
1. Information We Collect
Information You Provide
- Contact details (name, email address)
- Account preferences and form responses (waitlist, early access, and onboarding forms)
- Health-related information you voluntarily input — including voice recordings, typed symptom descriptions, and related context such as time of day, duration, and perceived severity
- Appointment notes, triggers, and other health narrative data you choose to log
Information We Collect Automatically
- Device type, operating system, and app version
- IP address and general location (not precise GPS)
- Usage data: feature interactions, session duration, and navigation patterns
- Crash reports and performance diagnostics
- Cookies and similar tracking technologies (see Section 9 for details on voice processing)
2. How We Use Your Information
We use the information we collect to:
- Provide, personalize, and improve the Laso symptom intelligence platform
- Generate structured health summaries, pattern analyses, trigger insights, and appointment preparation outputs
- Improve our Language Anchored Symptom Ontology (LASO) and underlying language models using de-identified, aggregated data only
- Communicate with you about product updates, early access opportunities, and platform news
- Respond to your questions and support requests
- Detect, prevent, and address fraud, security incidents, and technical issues
- Comply with applicable legal and regulatory requirements
3. Data Sharing & Disclosure
We do not sell or rent your personal information. We may share limited information with:
- Trusted service providers (e.g., cloud infrastructure, analytics) operating under confidentiality agreements and data processing agreements that restrict their use of your information
- Legal authorities, if required by law or court order
- Healthcare or research partners, only with your explicit prior consent
- Business successors in connection with a merger or acquisition, with advance notice provided
Laso does not share your personal data with third-party platforms or services unless you explicitly choose to enable that connection. Where Laso offers integrations with external health platforms (such as Apple Health or Google Fit, etc.) any data sharing that occurs through those integrations is initiated by you and only active while you have the integration enabled. You can disable these connections at any time through your account settings.
4. Data Security
Protecting your health data is not an afterthought for us; it is a design requirement. We have made deliberate infrastructure choices intended to minimize privacy risk, including storing user data in a jurisdiction with stronger privacy protections than U.S. law currently requires. That decision costs us more to operate. We made it anyway, because we believe the people using Laso deserve that standard.
Our technical and organizational safeguards include:
- Encryption of data in transit (TLS) and at rest (AES-256)
- Role-based access controls limiting who can access health data
- Audit logging for data access and modifications
- Regular security reviews and infrastructure monitoring
No method of transmission over the internet is 100% secure. While we apply serious, substantive protections, we cannot guarantee absolute security. If a data breach occurs that affects your personal data, we will notify you in accordance with applicable legal requirements.
5. Data Retention
We retain personal information for as long as necessary to provide the Services and meet legal obligations. Specifically:
- Account data is retained for the duration of your account and for up to 90 days after deletion
- Health-related data (symptom logs, voice transcriptions, pattern history) is retained for the duration of your account unless you delete it earlier
- De-identified, aggregated data used for platform improvement is retained for as long as it serves that purpose
- Automatically collected data (logs, crash reports) is retained for up to 24 months, unless longer retention is required for legal compliance
You may request deletion of your data at any time by emailing dataexport@getlaso.app.
6. Your Rights
Depending on your jurisdiction, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your personal information ("right to be forgotten")
- Restrict or object to certain types of processing
- Withdraw consent for communications at any time
- Request a portable copy of your data
To exercise any of these rights, email dataexport@getlaso.app. We will respond within 30 days.
7. California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell
- Request deletion of your personal information
- Opt out of the sale or sharing of personal information — Laso does not sell personal information
- Correct inaccurate personal information
- Limit the use and disclosure of sensitive personal information
- Non-discrimination for exercising your privacy rights
To exercise your CCPA/CPRA rights, email dataexport@getlaso.app with the subject line "CCPA Request."
Laso complies with CCPA/CPRA where required, and applies these same standards to all users regardless of location. We believe every person using Laso deserves the same level of protection — not just those in jurisdictions that legally require it.
8. International Users
Laso stores and processes user data in jurisdictions selected for their strong data protection standards. If you are located outside those jurisdictions, please be aware that your data may be transferred to and processed in other countries as part of delivering the Services. Where applicable law requires safeguards for international data transfers, we will use appropriate mechanisms, including Standard Contractual Clauses or other legally recognized transfer mechanisms.
9. Artificial Intelligence & Voice Processing
Laso's core functionality uses AI and Natural Language Processing to translate your health descriptions into structured, clinically meaningful data. When you submit health information — whether by voice or text — that information is processed to identify symptoms, patterns, and context, and to generate the structured outputs the platform provides.
Regarding AI model training: Laso may use de-identified, aggregated data to improve our language interpretation and symptom intelligence systems. Your directly identifiable information — including your name, email, and any data that could be traced back to you as an individual — is never used for model training purposes.
All AI processing is performed by Laso and its trusted service providers in accordance with this Privacy Policy and applicable law. If you have questions about how AI features handle your data, contact us at support@getlaso.app.
10. Children's Privacy
Laso is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that a minor has provided us with personal information, we will delete it promptly. If you are a parent or guardian and believe your child has submitted personal information, please contact us at support@getlaso.app.
11. Third-Party Links & Services
The Laso app or website may contain links to third-party websites or services not operated by us. This Privacy Policy does not apply to those third-party services. Where Laso uses third-party service providers as part of delivering the Services, those relationships are governed by confidentiality agreements and data processing agreements as described in Section 3.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect product changes or evolving legal requirements. Material changes will be communicated via our website or direct notification. The updated version will include a new "Last Updated" date at the top of this document.
13. Contact
For privacy-related questions, data requests, or concerns, reach us at support@getlaso.app.