Privacy Policy

Understand how Ezm5 collects, stores, and protects your personal and health data.

By Renan Correa •  8 min read

This Privacy Policy explains how Ezm5 Digital Inc. (“Ezm5”, “we”, “our” or “us”) collects, uses, stores, and protects your information. By using our website and web application, you agree to the terms of this Privacy Policy.

1. Who We Are

Ezm5 is a company registered in Delaware, United States of America ("USA", "U.S."). We help individuals and families organize, store, and analyze their health data. Users voluntarily add information to their accounts, including for family members and children.

2. Data Collection

When you use Ezm5, we collect different types of information to provide, maintain, and improve our services. This section outlines the categories of data we collect and how that data is gathered. The types of data we collect fall into the following categories: Account Information, Protected Health Information (PHI), and Usage Data.

2.1. Account Information

When you register for Ezm5, we collect certain information to create and manage your account. This includes your email address, a securely encrypted password, the date and time of registration, and your initial consent to receive communications via email (including our newsletter, which you can unsubscribe from at any time).

This data is collected at the time of registration and is necessary for us to provide you access to our services. The legal basis for this collection is:

  • Contractual necessity: provide you with access to your account and the web application features.
  • Legitimate interest: to communicate relevant information and updates about the platform.
  • Consent: for optional newsletter communication.

Your email is also stored in our secure mailing list system upon registration. If you opt out of the newsletter, your email will be retained only for essential communications related to your account and use of the service.

2.2. Protected Health Information (PHI)

When you use Ezm5 to upload documents, enter health values, or record notes, we collect and store personal health data that you voluntarily provide. This may include laboratory results, biomarker readings, structured entries, and uploaded files such as PDFs, images, or scanned reports.

This data is collected at the moment you interact with these features: either manually (when you input or upload information) or automatically (when files are processed through our secure digitalization services). The data is encrypted at rest in our database and is only accessible to you when logged into your account. The legal basis for collecting this information includes:

  • Contractual necessity: to provide the core features of the service (data organization, history tracking, personalized visualizations).
  • Legitimate interest: to improve the user experience, ensure data accuracy, and support meaningful health tracking.
  • Consent: you explicitly provide your health data for storage and tracking within the Ezm5 services.

This information is never shared or accessed by third parties beyond the service providers strictly necessary to process and store your data securely (see Section 3).

2.3. Usage Data

When you interact with the Ezm5 platform, either browsing, logging in, or performing actions like uploading or deleting files, we automatically collect certain technical data about your device and activity.

This usage data (e.g., page visits, feature use) is collected automatically through server logs and analytic tools to help us secure the system, monitor usage patterns, and improve user experience. Some of this data may also be gathered using cookies and similar tracking technologies.

For more details, refer to the Cookie Policy.

3. How we handle your information

To provide Ezm5's core services, we rely on a small number of highly trusted third-party providers. These partners are essential for delivering secure infrastructure and advanced data processing capabilities that make Ezm5 work as intended.

Administrative access to all cloud and data processing services we use is protected by Multi-Factor Authentication (MFA). This adds an additional layer of security to prevent unauthorized access and ensure that only authorized personnel can access system-level controls and configurations.

3.1. Heroku

Heroku provides the platform-as-a-service (PaaS) infrastructure used for hosting and operating the Ezm5 website and web application. All communication is encrypted in transit using HTTPS, and all information stored in separate encrypted storage infrastructure provided by AWS. Heroku does not retain or access user data beyond what is necessary to operate the platform securely and efficiently.

3.2. Amazon Web Services (AWS)

AWS provides the cloud infrastructure we use to securely store and manage all data associated with your account, including uploaded documents and structured records. All data is encrypted in transit and at rest.

Ezm5 has a signed Business Associate Agreement (BAA) with. Through this agreement, AWS commits not to retain or access your data beyond what is technically required to deliver the services.

3.3. OpenAI

We use OpenAI's API to process and structure certain types of health-related data that you upload or input. This enables features such as automatic extraction of values and improved organization of information. Data is transmitted securely to OpenAI with encryption in transit, and OpenAI does not retain the contents after the processing is complete.

Ezm5 has a signed Business Associate Agreement (BAA) with OpenAI. Through this agreement, OpenAI enforces a zero-retention policy for Ezm5 data transmitted to their API, meaning your data is not stored, used for training, or accessible after processing is complete.

4. Data Storage and Retention

All information you provide to Ezm5 is encrypted at rest on servers located in the United States. We retain your data only as long as it is necessary to deliver services to you, or as long as required for legal, operational, or compliance purposes.

4.1. Retention Periods

  • Account information is kept for as long as your account remains active.
  • Health data is retained so long as it is part of your account and has not been deleted by you.
  • Usage data may be retained temporarily in anonymized or aggregated form to improve platform performance and security.

4.2. User-Initiated Deletion

You may delete your data at any time using the tools available in your account or by sending a request to us. When you delete data:

  • Individual items (e.g., a lab result or file) are permanently and immediately removed from our active systems. Deleted items may remain briefly in encrypted backups for up to 30 days, after which they are automatically purged.
  • Full account deletion triggers the permanent removal of all associated data, including account credentials, health records, uploaded documents, and usage logs. This process is typically completed within 30 days of the request.
  • Newsletter subscriptions are removed from our mailing list immediately when you unsubscribe.

5. How You Can Protect Your Personal Data

While we take strong steps to protect your data on our side, you also play an important role in safeguarding your personal information. Here are a few ways we recommend for you to enhance your own data security while using Ezm5:

  • Choose a password that is long, complex, and not reused across other services.
  • Never share your login details with others. If you suspect unauthorized access to your account, change your password immediately and contact our support team.
  • Protect your computer or mobile device with up-to-date antivirus software and system updates. Always log out when using public or shared devices.
  • Use a passcode, screen lock, or biometric protection on your phone, tablet, or laptop to prevent unauthorized access if the device is lost or stolen.
  • Ezm5 will never ask for your password by email. Watch for phishing attempts or suspicious messages. If you're unsure, reach out to us.

Security is a shared responsibility. We’re committed to doing our part and providing tools that help you do yours.

6. Your Rights

We believe in giving you full control over your personal data. Following data protection laws, you have the following rights:

  • Access your data: You have the right to request a copy of the personal data we hold about you.
  • Correct your data: If your information is inaccurate or incomplete, you may ask us to update or correct it.
  • Delete your data: You may request deletion of some or all of your data at any time. This includes individual files or your full account.
  • Export your data: You can request your data in a portable format so you can transfer it to another service.
  • Withdraw consent: If we rely on your consent to process your data, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Object or restrict processing: In certain cases, you may object to or request that we restrict how we use your personal data.
  • Unsubscribe from marketing: You can opt out of receiving our newsletter and marketing emails at any time.

To exercise your rights or make a request, contact us and we will respond within a reasonable time and in accordance with applicable laws.

7. Children’s privacy

Only adults (18+) may register for Ezm5. Adults may store data about their children under their account. Ezm5 does not knowingly collect data directly from users under 18 years of age.

8. International data transfers

If you are outside the USA, be aware that your data will be stored and processed in the USA. We apply encryption and contractual obligations to protect your data during transfers.

9. Policy changes

We may update this Privacy Policy to reflect changes in laws or services. When we do, we’ll notify you on our website or by email.

Last updated: April 07, 2025

10. Contact us

If you have questions, want to access or delete your data, or just want to say hi, contact us at info@ezm5.com.

  • data privacy
  • ezm5
  • consent
  • privacy policy

Articles

Image of a laptop keyboard with a hand typing, and icons showing diverse internet services surrounding a padlock

The Truth About How Exposed Your Health Data Really Is

When lab results are scattered across unsecured systems, your most private health information becomes an easy target for leaks, misuse, and cyberattacks.

Read More
Modern parents tracking child's data with a smartphone instead of a paper record

Why Are We Still Using Paper Charts for Our Kids’ Growth in 2025?

Would you manage your savings in a handwritten notebook? Then stop using one for your child’s health. Digital records give you clarity, access, and peace of mind.

Read More