Privacy Policy

1. Who We Are

Predictoma ("we," "our," or "us") operates the Predictoma platform, an AI-powered cancer detection and prognostic analysis tool for healthcare professionals. We are the data controller for the personal data we collect through our services.

2. Information We Collect

We collect the following categories of information:

• Account data: Name, email address, organization, and role when you register.
• Protected Health Information (PHI): Patient data (e.g., demographics, medical records, images) that you upload for analysis. We process PHI only as a Business Associate under HIPAA and your organization's BAA.
• Usage data: Login history, feature usage, and system logs for security and troubleshooting.
• Cookies and similar technologies: See our Cookie Policy section and the Cookie Settings to manage preferences.

3. How We Use Your Information

We use your data to provide the service, authenticate users, process medical images for AI analysis, improve our models and platform, comply with legal obligations, and protect against fraud. We do not sell your personal information or PHI.

4. Legal Basis (GDPR)

For users in the EEA/UK, we rely on: (a) contract performance to deliver the service; (b) legitimate interests for security, analytics, and improvements; (c) consent for non-essential cookies and optional marketing; (d) legal obligation where required by law.

5. Sharing and Disclosure

We share data only as necessary: with our infrastructure and ML processing partners (under BAAs and DPAs), with your organization as configured, and when required by law. We do not share PHI for marketing or with third parties for their own purposes.

6. Data Retention

We retain account data for as long as your account is active and for a limited period after closure for legal and audit purposes. PHI retention follows your organization's policies and applicable regulations. Usage and audit logs are retained as required for compliance and security.

7. Your Rights

Depending on your location, you may have the right to:

• Access and receive a copy of your data
• Rectify inaccurate data
• Request erasure (subject to legal retention requirements)
• Data portability
• Object to processing based on legitimate interests
• Withdraw consent where consent is the basis
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at the address below. For PHI, your organization's HIPAA privacy officer may also handle requests.

8. Cookies and Similar Technologies

We use cookies and local storage to:

• Essential: Authenticate you (auth token), remember your preferences (theme, language), and maintain session state. These cannot be disabled.
• Analytics (optional): Understand usage patterns. Only set if you consent.
• Marketing (optional): Personalization and campaigns. Only set if you consent.

You can change your cookie preferences at any time via Cookie Settings in the footer.

9. Security

We implement technical and organizational measures (encryption, access controls, audit logging) to protect your data. Our platform is designed for HIPAA compliance and we maintain BAAs with relevant service providers.

10. International Transfers

Data may be processed in the United States or other jurisdictions. Where required, we use appropriate safeguards such as Standard Contractual Clauses or adequacy decisions for transfers from the EEA/UK.

11. Contact

For privacy inquiries or to exercise your rights, contact us at: privacy@predictoma.com. For HIPAA-related requests, your organization's Privacy Officer can also assist.