TestPlus AI

Privacy Policy

Effective date: June 12, 2026  ·  Last updated: June 12, 2026

This policy explains how Delfina Saint LLC (“TestPlus,” “we,” “us”) handles information in connection with the TestPlus AI mobile app (the “App”).

1. The short version

TestPlus AI is built to keep your information on your device. By default: the camera image of your strip is processed on your phone and deleted immediately after analysis — we do not upload or store your photos; only a small record of each reading (how many lines were detected, the test-type label, a scan-clarity figure, and the date) is saved locally on your device; and there is no account and no network connection unless you choose to turn on optional cloud backup. In the default configuration we do not receive, collect, or have access to your readings.

2. What the App is

TestPlus AI is an informational visual aid that detects whether one or two lines are visible on a compatible two-line lateral flow strip and keeps a log of those readings. It is not a medical device, does not diagnose any condition, and is not a substitute for professional medical advice.

3. Information we process

(a) On your device only (default). Captured camera frames are analyzed locally and discarded. The App stores, only on your device: the reading, control- and test-line status, a scan-clarity percentage, the test-type label, and a timestamp. We cannot see this data.

(b) Camera. The App requests camera access solely to capture and analyze the strip in real time. Frames are not retained after analysis and are never sent to us or any third party.

(c) Only if you enable Cloud Backup (optional). If you turn on cloud sync: an anonymous account identifier is created (or an email/password if you choose) via Google Firebase Authentication; the same limited reading fields from (a) are copied to a private, per-user space in Google Cloud Firestore so you can restore them (raw images are never uploaded); crash/error reports are collected via Crashlytics; and only generic, non-identifying app events are logged via analytics. We never send your reading, line statuses, or test type to analytics. We do not use your information for advertising and do not sell or share it for cross-context behavioral advertising.

4. Why we process it (GDPR legal bases)

For users in the EEA/UK where cloud features are enabled: explicit consent (Art. 9(2)(a) GDPR) for any reading data that may relate to health — turning on Cloud Backup is the consent action, which you can withdraw anytime by turning the feature off; and performance of a contract / legitimate interests (Art. 6(1)(b)/(f)) for operating accounts, storing your backup at your request, and keeping the App stable and secure. In default local-only mode we generally do not process your personal data as a controller, because it never leaves your device.

5. Sharing and sub-processors

We do not sell your personal information. When cloud features are enabled, your data is processed on our behalf by Google (Firebase Authentication, Cloud Firestore, Crashlytics, Analytics) under Google’s Data Processing Terms, and by Apple to the extent it provides app distribution and platform services. These providers act as our processors.

6. International transfers

If you are in the EEA/UK and use cloud features, your data may be processed on servers outside your country, including the United States. Where required, such transfers rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum). You may request details of the safeguards at the contact below.

7. Data retention

On-device records remain until you delete them in the App or uninstall it. Cloud records (if enabled) remain until you delete them, clear your history, disable cloud backup, or request account deletion; we honor deletion requests within 30 days.

8. Your choices and rights

In the App you can view, delete individual readings, clear all history, export a reading as PDF, enable or disable Cloud Backup, and sign out. Depending on where you live, you may have rights to access, correct, delete, port, or restrict your personal data, to object to certain processing, and to withdraw consent (GDPR/UK GDPR). California residents have rights under the CCPA/CPRA, including to opt out of sale/sharing — we do not sell or share personal information. To exercise rights over any cloud data, contact us at support@testplus.one.

9. Security

Camera frames are processed locally and discarded. Cloud data is transmitted over encrypted connections (HTTPS/TLS) and stored in a per-user space protected by access rules so that only your authenticated account can read or write it. No system is perfectly secure, but we work to protect your information.

10. Children

The App is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data through cloud features, contact us and we will delete it.

11. Changes

We may update this policy. We will revise the “Last updated” date and, for material changes, provide notice in the App or on our website.

12. Contact

Delfina Saint LLC, 2359 Saint Louis Dr, Honolulu, HI 96816, USA. Email: support@testplus.one.