Privacy Policy

Last updated: December 2025

Our Commitment to Privacy

Diagnoxal is designed with privacy as a core principle. We understand that clinical data is sensitive and we take our responsibility to protect it seriously.

Information We Collect

Account Information:

  • Email address
  • Password (hashed)
  • License information for clinician validation

Usage Information:

  • Number of analyses performed
  • Timestamps of analyses

Information We Do NOT Collect or Store

  • Clinical vignettes or patient information
  • Diagnostic analysis results
  • Any patient-identifying information

Clinical vignettes exist only in memory during the active analysis session and are immediately discarded after processing.

How We Improve The Service

We may collect anonymous, aggregated metrics such as:

  • Total number of analyses performed (not content)
  • General usage patterns (e.g., peak usage times)
  • Error rates for system reliability

These metrics contain no patient data and cannot be traced to individual sessions.

Data Sharing

We do not sell, rent, or share your personal information with third parties except:

  • When required by law
  • To protect our rights or safety

Your Rights

You have the right to:

  • Access your account information
  • Correct inaccurate information
  • Delete your account and all associated data
  • Export your account data

Cookies

We use essential cookies only for:

  • Authentication and session management
  • Security (CSRF protection)

We do not use tracking or advertising cookies.

Healthcare Information (HIPAA)

Remove all patient-identifying information before submission:

  • Names and initials
  • Dates of birth
  • Addresses and locations
  • Phone numbers and emails
  • Medical record numbers

Clinical vignettes are processed in memory and immediately discarded. No patient data is stored.

GDPR Compliance

  • No persistent storage of clinical data
  • Only essential information is processed
  • No patient data is retained
  • You can request or delete your account data anytime

Security Standards

  • All data transmitted via HTTPS with HSTS
  • API rate limiting to prevent abuse
  • JWT tokens with bcrypt password hashing
  • Strict Content Security Policy headers
  • Account lockout after failed login attempts

Contact Us

For privacy-related questions, contact us at support@diagnoxal.com

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the service.