Privacy Policy

We process two categories of information: (a) hospital and user account data such as hospital name, full name, email, phone number, and assigned role; and (b) clinical content uploaded by authorized users, including chest X-ray images, scan metadata, and the AI- generated structured reports derived from them.

Uploaded images and reports are used solely to provide the service to the uploading hospital: generating, storing, and presenting reports to authorized clinicians. We do not sell personal or clinical data, and we do not use identifiable patient data to train third-party models.

Patient data is stored securely in encrypted storage and is accessible only to authenticated, authorized users belonging to the owning hospital. Row-level security policies enforce that hospital admins, doctors, and technicians can only access records that belong to their hospital and that match their role-based permissions.

All requests to the platform are transmitted over TLS, and administrative actions are logged for auditability.

Hospitals are the controllers of the clinical data they upload. Records are retained for as long as the hospital account is active or as required by applicable medical record retention laws. Hospital admins may request deletion of their organization's data at any time.

We share data with infrastructure subprocessors (cloud hosting, database, and AI inference providers) strictly as necessary to operate the platform. These subprocessors are bound by confidentiality and data protection obligations.

Patients with rights under their local data protection laws should contact the treating hospital, which acts as the data controller. Hospitals can contact us to assist with access, correction, or deletion requests.

For privacy questions, contact your hospital administrator or reach out via our Contact page.