Privacy Policy — Jude by Lessystems
This Privacy Policy describes how LES Systems LLC (“LES Systems,” “we,” “us,” or “our”) collects, uses, and retains information when you use the Jude mobile application (“Jude” or “the App”). This Policy applies to all users of the App during the beta period and is subject to revision before public launch.
By using Jude, you agree to the practices described in this Policy. If you do not agree, do not use the App.
1. Scope
This Policy applies to information collected through the Jude mobile application on iOS and Android. It does not apply to any third-party services that may be linked from within the App. We do not operate a website that collects user data beyond standard server logs.
2. Information We Collect
We design Jude to collect the minimum information necessary to operate the App. Specifically:
- Device identifier. A random identifier generated on your device the first time you open the App. We use this identifier solely to enforce daily scan limits.
- Hashed IP address. Your network IP address is hashed (SHA-256 with a salt) by our backend before being stored. We never store or have access to your raw IP address. We use the hashed value only as a secondary rate-limit signal when multiple devices share an IP.
- Photos you submit for analysis. When you tap “Analyze,” your photos are transmitted over an encrypted connection (TLS) to our backend, which forwards them to Anthropic’s Claude AI service for analysis. For most categories of scans, photos are processed and discarded within seconds of analysis. Medication scans are an exception — see Section 6 below.
- Crash and error reports. If the App crashes or encounters an error, an anonymized report is sent to Sentry for diagnostic purposes. Image content, device identifiers, file paths, API keys, and similar sensitive values are stripped before transmission.
- Voice transcription text. When you use the voice-input feature to dictate a question, your device’s operating system (Apple Speech on iOS, Google on Android) transcribes the audio to text. Jude receives only the transcribed text, never audio recordings. Depending on your device and language settings, the OS may process the audio on-device or transmit it briefly to Apple or Google for transcription; we request on-device transcription where the platform supports it.
3. Information We Do NOT Collect
We do not collect:
- Your name, email address, mailing address, or phone number.
- Payment information. The App has no in-app purchases during beta.
- Precise location or GPS coordinates. (You may optionally provide an approximate city for certain features; if you do, that information is described in Section 5.)
- Advertising identifiers or behavioral tracking data.
- Contents of your contacts, calendar, or other on-device data.
We do not require you to create an account.
4. How We Use Information
We use the information described in Section 2 to:
- Provide the App’s core analysis functionality.
- Enforce daily scan limits to prevent abuse.
- Diagnose and fix bugs and crashes.
- Comply with legal obligations and respond to legal process.
- Maintain records for safety auditing in connection with medication-identification features (Section 6).
We do not sell or rent personal information. We do not use personal information for advertising or behavioral profiling.
5. Optional Information You May Provide
Certain features may ask you to provide additional information to improve results. These features are opt-in, and we will tell you in-app what is being collected and why before you provide it. Examples include:
- Approximate city. Some features (such as identifying a local sports team or suggesting nearby facilities) may ask for an approximate city based on your device’s location services. If you grant access, your device performs reverse-geocoding locally and shares only a city-and-state-level string with our backend (for example, “Brooklyn, NY”). We do not receive your precise coordinates. You may decline this at any time in your device settings.
- Notes and tags. Notes you add to a scan are stored only on your device and never transmitted to our servers (except as part of the seven-year medication-scan retention rule in Section 6, where applicable).
6. Medication Scans: Special Rules
The pill-identification and prescription-label-reading features (“Medication Scans”) are safety-critical. The following additional rules apply to Medication Scans and override the general retention rules in Section 7.
6.1 Medication Safety Disclaimer
Jude’s medication identification is provided for informational purposes only and is not medical advice. Identifications may be incorrect. Never take, administer, or rely on the identification of any medication based solely on Jude’s output. Always independently verify with a pharmacist, physician, or the original prescription packaging before taking, administering, or storing any medication. Taking an unknown or misidentified medication can cause serious injury or death.
In a US poisoning emergency, call 1-800-222-1222 (American Association of Poison Control Centers) or your local emergency services. Outside the United States, contact your local poison-control authority or emergency number.
You will be presented with this disclaimer in-app the first time you use a Medication Scan feature and at least every 30 days thereafter. By proceeding with a Medication Scan, you agree to these warnings and confirm you will not rely on Jude as a sole source of medication identification.
6.2 Medication Scan Data Retention
When you submit a Medication Scan, we retain the following information for seven (7) years from the date of the scan:
- The photo(s) you submitted.
- The identification results and confidence ratings returned by the App.
- The timestamp of the scan.
- Your device identifier.
- The version of the disclaimer in effect when you submitted the scan and the timestamp at which you accepted it.
- Any context text you typed in connection with the scan (for example, in the follow-up chat feature).
- Whether you were prompted to add supplemental photos and, if so, your response to that prompt.
This retention is necessary for safety auditing, product-improvement review, and to maintain records required to respond to any safety concerns or legal inquiries related to medication identifications. Retention applies regardless of whether you later delete the scan from your in-app history.
Medication-scan photos and metadata are stored encrypted at rest on our backend (Supabase) or in a cold-storage archive (Backblaze B2) under the same retention rules. Access is restricted to authorized personnel of LES Systems and to legal process directed to LES Systems.
6.3 Right-to-Delete Carve-Out
Where you have a right to request deletion of your personal data — including under the California Consumer Privacy Act (“CCPA”), the Washington My Health My Data Act, the European Union General Data Protection Regulation (“GDPR”), and similar laws — you may exercise that right by contacting us at the address in Section 12.
However, medication-scan records retained under Section 6.2 are subject to a legitimate-interest exception for safety and legal-record purposes and will not be deleted before the end of the seven-year retention period. We will confirm this carve-out in writing in our response to any deletion request that touches medication-scan data. Other categories of personal data are deleted in accordance with the rest of this Policy.
7. Retention Periods (General)
Except for Medication Scans (Section 6), we retain information for the following periods:
| Category | Retention |
|---|---|
| Photos submitted for non-medication scans | Discarded within seconds of analysis |
| Device identifier in the rate-limit log | 24 hours |
| Hashed IP in the rate-limit log | 24 hours |
| In-app scan history | Stored locally on your device only; deleted when you uninstall the App |
| Crash and error reports (Sentry) | Approximately 90 days |
| Medication-scan photos and metadata | 7 years (see Section 6) |
8. Third-Party Services
We use the following third-party services to operate the App:
- Anthropic. Provides the Claude AI service used to analyze images. Anthropic’s stated policy is not to retain or train on API inputs.
- Supabase. Hosts our backend infrastructure, including the rate-limit log and (for Medication Scans only) the seven-year evidence database and photo storage.
- Sentry. Receives anonymized crash and error reports.
- Backblaze B2. May be used as a cold-storage archive for medication-scan records older than the most-recent 60 days.
- Apple and Google. Provide on-device voice transcription when you use the voice-input feature.
- Public-data APIs (e.g., NIH RxNorm/openFDA, iNaturalist, NHTSA vPIC, OpenStreetMap). Queried by our backend to enrich scan results. We send these services subject-matter queries (e.g., a drug name, a scientific name, a vehicle model) — never your photos, device identifier, or other personal data.
9. Children’s Privacy
Jude is not directed to children under 13, and we do not knowingly collect information from anyone under 13. If we become aware that we have inadvertently received information from a user under 13, we will delete that information promptly, subject to the medication-scan retention carve-out in Section 6.3.
10. Security
We use encryption in transit (TLS) for all network communication and encryption at rest for medication-scan records. The Claude API key and other backend secrets are stored in server-side configuration and are never present in the App on your device. No security control is perfect; you acknowledge that transmission of information over the internet is never fully secure.
11. Changes to This Policy
We may update this Policy from time to time. When we do, we will update the “Effective Date” at the top and, for material changes, notify you in-app before continued use. Your continued use of the App after a change becomes effective constitutes acceptance of the updated Policy.
The full version history of this Policy is preserved in the project repository for audit purposes.
12. Contact
LES Systems LLC
- Data-deletion requests: myrecords@lessystems.ai
- Other privacy-related inquiries: privacy@lessystems.ai
We aim to respond to all inquiries within 45 days, consistent with the response window required by CCPA and similar laws. Please use the data-deletion address for requests under CCPA, GDPR, the Washington My Health My Data Act, or similar laws so that they are routed to the appropriate workflow.
Jude is currently in private beta. This Policy will be reviewed and may be substantially revised before public launch.