Privacy Policy

Effective Date: April 9, 2026

1. Introduction

This Privacy Policy describes how ReadingScan ("we," "us," or "our"), accessible at readingscan.com, collects, uses, stores, and protects your personal information when you use our AI-powered medical imaging report interpretation service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address and name — provided during registration or via Google OAuth sign-in
• Authentication credentials — hashed passwords for email/password accounts; we do not store Google account passwords

2.2 Medical Imaging Data

When you use our interpretation service, we collect:

• Uploaded medical images — radiology scans, MRI images, X-rays, and other medical imaging files (JPG/PNG format) that you voluntarily upload for interpretation
• AI-generated reports — the interpretation reports produced by our AI analysis of your uploaded images

Important: We do not require or collect any personally identifiable health information (such as your name, date of birth, or medical record number) in connection with image uploads. We strongly recommend that you remove any personal identifiers from images before uploading.

2.3 Payment Information

When you purchase credit packages, payment is processed by our third-party payment processor, Stripe, Inc. We do not store your credit card number, CVV, or full payment card details on our servers. We receive and store:

• Transaction records (amount, date, package purchased)
• Stripe customer ID for managing your purchases
• Billing email address

2.4 Usage Data

We automatically collect:

• Pages visited, features used, and time spent on the Service
• IP address, browser type, operating system, and device information
• Referring URLs and search terms

2.5 Cookies

We use essential cookies for authentication, session management, and language preferences. For more details, see our Cookie Policy.

3. How We Use Your Information

We use the information we collect to:

• Provide the Service — process your uploaded medical images through our AI pipeline and deliver interpretation reports
• Manage your account — authenticate your identity, manage your credit balance, and process transactions
• Communicate with you — send transactional emails (purchase confirmations, account notifications) via our email provider
• Improve our Service — analyze usage patterns to enhance functionality and user experience
• Ensure security — detect and prevent fraud, abuse, and unauthorized access
• Comply with legal obligations — meet applicable regulatory and legal requirements

4. AI Processing and Third-Party Data Sharing

Our Service uses artificial intelligence to interpret medical images. When you upload an image, it is processed through the following third-party AI services:

4.1 Lingshu API (Medical Image Analysis)

Your uploaded medical images are sent to the Lingshu API for professional medical image analysis. Lingshu processes the image and returns structured medical findings. The image data is transmitted securely and used solely for the purpose of generating your interpretation report.

4.2 OpenAI (Report Generation)

The structured medical findings from Lingshu are sent to OpenAI's API (GPT-4o mini) to generate a patient-friendly report in your preferred language. The data sent to OpenAI contains medical findings only — your uploaded image files are not sent to OpenAI.

4.3 Data Processing Commitments

• Both Lingshu and OpenAI process data as service providers acting on our behalf
• Data is transmitted via encrypted connections (TLS/SSL)
• We do not authorize these providers to use your data for training their AI models
• Processing occurs only for the purpose of delivering your interpretation report

5. Other Third-Party Services

In addition to AI processors, we use the following third-party services:

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

6. Data Retention

• Account data — retained for as long as your account is active. You may request account deletion at any time.
• Uploaded medical images — retained until you manually delete them from your account. You can delete your images at any time through the Service.
• AI-generated reports — retained for as long as the associated image exists in your account.
• Payment records — retained as required by applicable tax and financial regulations (typically 7 years).
• Usage data — retained in aggregated, anonymized form for analytics purposes.

7. Data Security

We implement industry-standard security measures to protect your data:

• All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Uploaded images are stored in encrypted cloud storage (Amazon S3)
• Access to personal data is restricted to authorized personnel only
• Authentication credentials are hashed and salted before storage

While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

8.1 For All Users

Regardless of your location, you have the right to:

• Access your personal data we hold
• Correct inaccurate personal data
• Delete your account and associated data
• Download your uploaded images and reports
• Withdraw consent for data processing by discontinuing use of the Service

8.2 European Economic Area (EEA) Residents — GDPR

If you are in the EEA, you additionally have the right to:

• Data portability — receive your data in a structured, machine-readable format
• Restrict processing — request limitation of processing under certain circumstances
• Object to processing — object to processing based on legitimate interests
• Lodge a complaint with your local data protection authority

Our legal basis for processing your data includes: performance of a contract (providing the Service), your consent (uploading images for AI processing), and legitimate interests (improving our Service and ensuring security).

8.3 California Residents — CCPA

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale of personal information — we do not sell your personal information
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@readingscan.com.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a person under 18, we will delete that information promptly.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using our Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Effective Date" at the top. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

• Email: support@readingscan.com
• Website: readingscan.com