Radiology Report AI

1. Introduction

Radiology Report AI ("we," "our," or "the Platform") is a cloud-based, AI-powered radiology reporting system designed exclusively for healthcare professionals. We are committed to protecting the privacy, confidentiality, and security of all data processed through our Platform.

This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, your rights as a user, and how we comply with applicable data protection laws, including the Digital Personal Data Protection (DPDP) Act, 2023 of India.

2. Scope of Application

This Privacy Policy applies to individual radiologists and medical professionals using the Platform, clinics and hospitals (institutional users), enterprise customers operating under separate agreements, and visitors to our website.

3. Categories of Data We Collect

A. Account and Authentication Data

When you register and use the Platform, we collect your name, email address, phone number, organization or institutional affiliation, subscription tier and validity details, and login metadata (such as session timestamps and authentication tokens). This data is collected and managed via Supabase Authentication.

B. Clinical Data (User-Entered Content)

In the course of generating radiology reports — whether through voice dictation (Push-to-Talk), voice commands, or manual typing — the following data may be processed: audio recordings (if voice features are enabled), transcribed text from speech-to-text processing, AI-generated and user-edited report content, patient identifiers such as name, age, sex, referring doctor, and clinical indications (only if entered by the user), and custom instructions, vocabulary entries, and speech language preferences you configure.

Important: Users are solely responsible for ensuring the lawful handling of patient data before entering it into the Platform. We do not independently collect patient information.

C. Patient Directory Data

If you use the Patient Directory feature, the following data may be stored: patient name, phone number, age and gender, study details and report history. This data is stored securely in PostgreSQL via Supabase.

D. Usage and Telemetry Data

To improve platform performance and billing accuracy, we collect feature usage events (e.g., reports generated, AI models used), session duration and activity timestamps, API call metadata (model name, token count, latency — no clinical content), and subscription and payment metadata.

E. Technical and Device Data

We may collect browser type and version, device type and operating system, IP address (for security/fraud prevention), and microphone access status (solely for voice dictation functionality).

4. How We Use Your Data

We use your data to: deliver and operate core Platform features, process voice dictation and generate AI-assisted radiology reports, manage your account subscription and billing, provide technical support and troubleshoot issues, enforce our Terms of Service and prevent misuse, comply with applicable laws and regulatory requirements, and improve the Platform through anonymized, aggregated analytics.

We do not sell your personal data. We do not use clinical content or patient identifiers for AI model training without your explicit consent.

5. Data Storage and Security

All data is stored on Supabase (hosted on AWS ap-south-1 — Mumbai). Clinical data and patient records are stored in private, encrypted PostgreSQL databases. Audio recordings, if stored, are held in private Supabase Storage buckets and are not publicly accessible. We implement Row-Level Security (RLS) policies to ensure users can only access their own organization's data. Access to production databases is restricted to authorized personnel only.

6. Data Retention

Accounts and associated data are retained while your account remains active. Deleted accounts are purged within 30 days. Audit logs are retained for up to 12 months for compliance purposes. We do not retain audio recordings beyond the transcription session unless you explicitly save them.

7. Sharing of Data

We share data with the following third-party processors solely to operate the Platform: Supabase (database, authentication, storage), OpenAI / Groq / Fireworks AI (speech-to-text and language model APIs — only non-identifying transcription segments are sent), Razorpay / Stripe (payment processing — no clinical data shared), and Vercel (application hosting). All third-party processors are contractually bound to process data only as instructed and to maintain appropriate security standards.

8. Your Rights

Under applicable law, including the DPDP Act 2023, you have the right to: access your personal data, correct inaccurate information, request deletion of your account and associated data, withdraw consent for optional data processing, and file a complaint with the Data Protection Board of India. To exercise any of these rights, contact us at radiologyreportai@gmail.com.

9. Cookies and Tracking

The Platform uses session cookies for authentication. We do not use third-party advertising trackers or behavioral profiling cookies.

10. Children's Privacy

The Platform is not intended for use by individuals under 18. We do not knowingly collect data from minors.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. Continued use of the Platform after changes constitutes acceptance.

12. Contact Us

For privacy-related queries:

Email: radiologyreportai@gmail.com

Address: Hyderabad, Telangana, India