Legal

Authorization for Use of Medical Information and Explicit Consent to Health-Data Processing

Version France / EEA 1.0

Effective date April 5, 2026

This Authorization for Use of Medical Information and Explicit Consent to Health-Data Processing (the Authorization) applies to the self-use Centurion services provided by THE BORING AI LTD, PROFILE WEST, SUITE 2 FIRST, 950 GREAT WEST ROAD, BRENTFORD, TW8 9ES, United Kingdom, trading as Centurion (Centurion, we, us, our).

Contact: hello@centurionos.com

This Authorization is designed for a France / EEA launch of a self-use AI assistant. It is not a medical-treatment consent, not a telemedicine consent, and not an authorisation for a doctor, laboratory, pharmacy or hospital to provide care. It is presented and accepted separately from the Terms of Service and Privacy Policy whenever Centurion allows a user to import, analyse, synchronise, export or share medical or health-related information.

By using the relevant feature and, where required, ticking the relevant box, activating a toggle, or otherwise taking a clear affirmative action, you acknowledge and, for the specific purposes selected, explicitly consent to the processing described in this Authorization.

1. Important notice about the nature of Centurion

Centurion is a self-use AI assistant.

Centurion is not a doctor, nurse, laboratory, pharmacy, imaging centre, healthcare establishment, emergency service, or telemedicine provider. Centurion does not diagnose, prescribe, treat or provide medical care.

Outputs generated by Centurion, whether local or remote, are informational and support-oriented only unless a specific feature is separately identified as regulated and subject to additional product-specific terms, instructions and notices.

Do not use Centurion for emergencies, urgent medical situations, or as a substitute for in-person assessment by a qualified healthcare professional. If you think you may need urgent or emergency care, contact local emergency services or seek immediate medical assistance.

2. What information this Authorization covers

For purposes of this Authorization, Medical Information means any information that you enter, import, upload, paste, dictate, photograph, synchronise, export or otherwise make available through Centurion that relates to your physical or mental health, medical history, symptoms, conditions, diagnoses, medications, allergies, laboratory results, clinical measurements, care plans, lifestyle factors, wearable-device or health-app metrics, imaging, medical correspondence, discharge summaries, reports, referrals, prescriptions, genetic information, biometrics used in a health context, or other information that may constitute data concerning health or another special category of personal data under applicable law.

Medical Information may also include:

  • PDFs, photos, screenshots, scans and structured data extracted from records;
  • questions you ask about your health or records;
  • AI-generated summaries, timelines, tags, classifications, reminders and action lists derived from that information; and
  • technical metadata necessary to operate the selected feature, such as file type, timestamps, language, model-routing information, device identifiers, crash diagnostics and security events.

3. Core product architecture and default local-only mode

Centurion is designed so that its core self-use features can, by default, operate locally on your device.

Unless and until you enable an optional remote feature described below:

  • your Medical Information is intended to remain on your device;
  • Centurion does not require upload of your Medical Information to Centurion-controlled servers merely for you to import, view, organise or locally analyse it; and
  • you do not need to consent to remote processing in order to use local-only features, except to the extent a specific feature is technically impossible without remote processing.

Local-only use does not mean zero risk. Your Medical Information may still be exposed if your device, operating-system account, backups, screenshots, clipboard, notifications, family-sharing configuration, employer-managed profile, or unlocked sessions are compromised.

You remain responsible for protecting your device, passcodes, operating-system account, cloud-account credentials and any other access path to your information.

4. Optional remote features

Centurion may offer optional remote features. These are not enabled by default unless clearly stated otherwise, and they require your specific instruction and, where applicable, your explicit consent.

Optional remote features may include:

  • transmission of selected Medical Information to external AI or machine-learning providers in order to generate an answer, summary, extraction, classification, translation, transcription, or other output;
  • synchronisation or backup using a device-linked cloud service such as iCloud or a similar operating-system or account-level sync mechanism that you choose to activate;
  • export or sharing, at your direction, to another application, recipient, storage location or service;
  • support or troubleshooting workflows in which you choose to transmit logs, screenshots, files or prompt history to us; and
  • any future remote feature that clearly states that your Medical Information will leave the device.

Each optional remote feature is described to you in-product before activation.

5. Specific authorisations and consents

5.1 Local import, local storage and local analysis

By importing or entering Medical Information into Centurion in local-only mode, you authorise Centurion to:

  • store that Medical Information locally on your device;
  • index, structure, classify, extract and analyse it locally;
  • generate local summaries, reminders, search results, explanations, timelines and other local outputs for your personal use; and
  • maintain local settings and encrypted local caches reasonably necessary to make the application function.

This local authorisation applies only to operation on your device and does not by itself authorise remote transmission to Centurion, to external AI providers, or to any third party.

5.2 Optional external AI processing

If you choose to use a feature that relies on external AI or external model APIs, you explicitly consent to Centurion transmitting the Medical Information, prompts, instructions, attachments, relevant surrounding context and technical metadata reasonably necessary to operate that feature to the external provider or providers involved.

By enabling or using such a feature, you authorise Centurion to:

  • transmit the selected content and reasonably necessary context to the relevant external provider;
  • receive the resulting output back from that provider;
  • display, cache, log or store the resulting output as needed to provide the selected feature; and
  • apply safety, abuse-prevention, quality-control and security measures, including automated filtering and limited human review where strictly necessary.

You acknowledge that:

  • external AI processing may occur outside your device and, depending on the provider architecture, outside France or the EEA;
  • external providers may be located in, or access data from, jurisdictions with different legal frameworks;
  • AI outputs may be inaccurate, incomplete, misleading, biased or unsuitable;
  • the amount of Medical Information sent remotely may vary depending on the task, model context requirements and the feature you selected; and
  • the selected feature may not work if you do not provide this consent.

Centurion will not use your identifiable Medical Information for general model training, advertising, sale of data, or unrelated secondary purposes unless we separately and expressly ask for that specific consent and you freely give it.

5.3 Optional device-cloud sync or backup

If you activate sync or backup through a device-linked cloud service such as iCloud, you instruct Centurion to permit copies of your Medical Information and related application data to be synchronised or backed up through the operating-system or account-level service that you selected.

By enabling such sync or backup, you acknowledge and accept that:

  • copies of your Medical Information may be stored outside the local device;
  • restoration or access may occur on other devices linked to the same account or backup environment;
  • the cloud-account provider or operating-system provider may process that data under its own terms, privacy information, security architecture and legal obligations; and
  • Centurion does not control account-level security choices that you make with that provider, including weak passcodes, shared family accounts, shared work devices, backup retention, or account recovery settings.

If you do not want this, do not activate sync or backup and disable any relevant device-level backup feature.

5.4 Export or sharing at your direction

If you choose to export or share Medical Information, you authorise Centurion to transmit the selected content to the recipient, application, location or service you identify.

Recipients may include, depending on your choice:

  • your own email or storage account;
  • another application on your device;
  • a person you designate, such as a family member, caregiver or healthcare professional;
  • a productivity tool or note-taking tool you choose; or
  • another third-party service or device.

Once data is shared at your direction, the recipient may act as an independent controller or service provider under its own legal terms. Centurion is not responsible for the recipient's later handling of the information, except to the extent applicable law makes us responsible for the transmission itself.

5.5 Support, abuse-prevention and troubleshooting

If you contact support or if a security incident, fraud event, abuse report, malfunction or legal issue requires investigation, you authorise Centurion to process the information reasonably necessary to:

  • verify your identity and account ownership;
  • investigate and resolve the issue;
  • maintain security, prevent misuse and protect users;
  • comply with law, lawful requests and legal claims; and
  • document the incident and the resolution.

Where this requires Medical Information, we will seek to minimise what is accessed or requested. Do not send us more Medical Information than necessary for the issue you want addressed.

5.6 Product improvement, analytics, research and model training

Your identifiable Medical Information must not be used by Centurion for research, analytics beyond strict service operation, product improvement using identifiable health content, internal model training, external model training, benchmarking or publication unless Centurion separately presents that purpose to you and obtains any consent or other legal basis required by law.

If Centurion ever offers such an optional secondary use, it will be presented through a separate, independent and unticked opt-in. Refusing that separate opt-in will not block the core local-only product.

6. Purposes of processing covered by this Authorization

Subject to your selected options, you authorise Centurion to process your Medical Information for the following purposes:

  • to let you import, view, organise and search your records;
  • to generate summaries, explanations, timelines, reminders and structured outputs for your personal use;
  • to let you ask questions about your records and receive AI-generated responses;
  • to let you synchronise, back up, export or share information when you choose to do so;
  • to maintain service security, integrity, abuse prevention and fraud prevention;
  • to troubleshoot technical issues and provide support you request;
  • to comply with legal obligations and defend rights and claims; and
  • to carry out any other specific purpose separately disclosed to you and separately authorised by you.

7. Legal basis and effect of your consent

Where Centurion determines the purposes and means of optional remote processing of your Medical Information, the special-category condition relied upon for that health-data processing is your explicit consent for one or more specified purposes.

Your consent under this Authorization is:

  • specific, because different processing purposes are activated separately;
  • informed, because this Authorization and the Privacy Policy describe what happens to your Medical Information;
  • freely given, because optional remote features are not required for local-only features unless the selected feature cannot technically operate without them; and
  • withdrawable, because you can disable the feature, withdraw consent, request deletion where applicable, or stop using the relevant functionality.

This Authorization does not reduce any mandatory rights you have under the GDPR, French law or other applicable law.

8. Risks you acknowledge

By using Centurion with Medical Information, and especially by enabling optional remote features, you acknowledge the following risks:

  • Medical Information is highly sensitive and may expose you to privacy, confidentiality, reputational, employment, insurance or safety risks if accessed by an unauthorised person;
  • AI outputs may be wrong, incomplete, not clinically appropriate, or based on incomplete records;
  • imported records may be outdated, illegible, incomplete, mistranscribed or inconsistent;
  • synchronisation, export or sharing may create additional copies that are harder to control or delete;
  • third-party providers may be subject to their own legal disclosure obligations, terms and security limitations; and
  • once you share information with a third party or restore it through a third-party cloud account, Centurion may not be able to recover, amend or delete every copy.

9. Withdrawal of consent and effect of withdrawal

You may withdraw your consent at any time for any consent-based optional processing.

You can generally do this by:

  • disabling the relevant feature in app settings;
  • disconnecting the relevant remote feature or linked service;
  • deleting the imported files or records from the app;
  • disabling cloud sync or backup in device or app settings;
  • contacting us at hello@centurionos.com; or
  • using any other withdrawal tool we make available.

Withdrawal applies going forward. It does not affect the lawfulness of processing carried out before withdrawal.

If you withdraw consent:

  • Centurion will stop the relevant consent-based processing going forward, unless another lawful basis requires limited continued processing;
  • remote AI features that depend on that consent may stop working;
  • local copies on your device may remain until you delete them;
  • copies in your own cloud backups, exports, emails, recipient systems or device restore points may remain outside Centurion's control; and
  • we may retain limited information where required by law, security needs, fraud prevention, dispute handling or legal defence.

10. Retention, deletion and local copies

Centurion aims to minimise retention of identifiable Medical Information outside your device.

Unless a specific remote feature says otherwise:

  • Medical Information remains on-device by default;
  • remote processing is limited to what is necessary for the user-requested feature;
  • any server-side copies retained by Centurion are limited to what is necessary for security, support, abuse-prevention, legal compliance or short-lived service operation; and
  • retention details for remote features, providers, logs and backups are described in the Privacy Policy or in a just-in-time notice for the specific feature.

Deleting data inside the app may not automatically delete:

  • operating-system backups;
  • synced copies on other linked devices;
  • exported files outside the app;
  • copies already shared with third parties; or
  • logs or records that must be retained for legal, security or dispute reasons.

11. Security and confidentiality

Centurion will implement technical and organisational measures appropriate to the risk of the processing it carries out, taking into account the sensitivity of Medical Information and the selected feature set.

However, no security measure is perfect. You acknowledge that:

  • local storage can still be exposed through compromised devices, weak credentials, malware, shoulder surfing, shared devices, notifications, screenshots or backup leaks;
  • remote transmission can still be exposed through network compromise, provider incidents, misconfiguration or unlawful third-party access; and
  • Centurion cannot guarantee absolute security of your device, your cloud account, your email, third-party recipients or third-party services you choose to use.

12. Your promises and representations

By using the relevant feature, you confirm that:

  • the Medical Information you provide relates to you, or you are legally authorised to act for the person concerned;
  • you will not upload another person's information without the authority and legal basis required to do so;
  • you understand that Centurion is a self-use AI assistant and not a substitute for a clinician;
  • you will not rely on AI outputs as the sole basis for urgent or high-risk health decisions;
  • you will review outputs critically and seek qualified professional advice where needed;
  • you will not use Centurion to commit fraud, forge records, impersonate someone else, falsify symptoms or obtain prescriptions or benefits unlawfully; and
  • you are at least 18 years old, unless and until Centurion launches a separate minor-specific offering with separate consent and parental-authority rules.

13. Your GDPR and France / EEA rights

Subject to applicable law and depending on the legal basis and feature involved, you may have rights to:

  • access your personal data;
  • obtain rectification of inaccurate data;
  • obtain deletion of data in certain cases;
  • obtain restriction of processing in certain cases;
  • withdraw consent at any time where processing is based on consent;
  • receive portable data in a structured, commonly used and machine-readable format where the right applies;
  • object to certain processing where the law allows; and
  • lodge a complaint with the competent supervisory authority, including the CNIL if France is relevant to your use.

For privacy-rights requests, contact hello@centurionos.com or any dedicated privacy contact stated in the Privacy Policy.

14. International transfers and third-party providers

Optional remote features may involve service providers or recipients located in the United Kingdom, the EEA or other countries.

Where Centurion transfers personal data outside the EEA, Centurion will rely on the transfer mechanism or legal basis identified in the Privacy Policy or feature-specific notice, which may include an adequacy decision, standard contractual clauses, or another mechanism permitted by law.

You acknowledge that user-directed sharing that you initiate may result in the information being sent to a recipient outside the EEA and outside Centurion's control.

15. Relation to other documents

This Authorization must be read together with:

  • the Centurion Terms of Service;
  • the Centurion Privacy Policy;
  • any feature-specific notice shown in-product;
  • any export, sync or linking notice shown when you connect a third-party service; and
  • any support or incident-response notice shown when you transmit materials to us for troubleshooting.

If there is a conflict between this Authorization and a feature-specific notice presented at the time you enable an optional remote feature, the feature-specific notice controls for that feature to the extent of the conflict.

16. Contact details

Controller
THE BORING AI LTD
PROFILE WEST, SUITE 2 FIRST
950 GREAT WEST ROAD
BRENTFORD
TW8 9ES
United Kingdom

General contact: hello@centurionos.com