Privacy
Privacy in this MVP
A plain-language summary of how data is handled today. This is not a substitute for a formal privacy or compliance review.
What happens to your data
- Controlled beta: access requires an account and is limited to invited participants. This is clinical decision support / coverage review software — it does not diagnose or replace a veterinarian.
- Clinical data is ephemeral. Case data, uploaded files, and generated reports are processed in memory to produce output and are NOT stored on the server or in any server-side database.
- Account data only is stored server-side (email, a securely hashed password, session, and rate-limit/audit metadata) in a local database, kept separate from clinical content.
- Uploaded PDF, DOCX, and TXT files are parsed in memory; extracted text is used only to produce your report during your session.
- Workflow state (your in-progress case and report) is kept in your browser's session storage and is cleared when you close the tab or log out.
- Case content is sent to the configured AI provider (OpenAI) to generate follow-up questions, the report, and chat responses. API keys are held server-side only.
- We do not log clinical records, uploaded text, generated reports, personal data, or secrets. Operational logs contain only short event names and privacy-safe metadata (e.g., a truncated IP).
Your responsibilities
- Do not upload sensitive data unless you are authorized to do so.
- Do not upload data you do not have permission to share.
- This product is not currently configured for regulated medical record storage.
Future production deployments
Any production deployment intended to handle real clinical records may require a formal privacy, security, and compliance review, including data processing agreements with any subprocessors and an assessment of applicable regulations. This MVP makes no compliance claims.