Home /Privacy Policy
Legal

Privacy Policy

Last updated: April 1, 2025. This policy explains how ClinexaOS collects, uses, and protects information when you use our platform and services.

Table of Contents
  1. Information We Collect
  2. How We Use Information
  3. Patient Data & Clinical Information
  4. Data Sharing & Disclosure
  5. Data Retention
  6. Security
  7. Your Rights
  8. International Transfers
  9. Cookies & Tracking
  10. Contact Us

Key principle: ClinexaOS is built on a zero-persistence architecture. Patient clinical data submitted for analysis is processed in-session and not retained on our systems beyond the duration of the analysis request, unless explicitly configured otherwise by your institution under a separate data processing agreement.

1. Information We Collect

Account & Administrative Data

When institutions and users register for ClinexaOS, we collect: organisation name, contact name and email, billing information, and platform configuration preferences. This information is used to provision and administer the account.

Usage & Telemetry Data

We collect anonymised platform usage data including feature usage patterns, API call volumes, error rates, and performance metrics. This data contains no patient information and is used for platform improvement.

Clinical Data (Zero-Persistence)

Medical images and reports submitted to ClinexaOS for analysis are processed within an isolated session environment. By default, no clinical data is retained after the analysis response is returned to the requesting system.

2. How We Use Information

  • Provisioning and managing your institution's platform access
  • Processing submitted clinical data to generate AI-assisted analysis outputs
  • Sending transactional communications (invoices, security alerts, service updates)
  • Improving platform performance through aggregated, anonymised telemetry
  • Complying with legal obligations and responding to lawful requests

We do not use your data for advertising. We do not sell data to third parties.

3. Patient Data & Clinical Information

ClinexaOS operates under a zero-persistence model for clinical data. Medical images, reports, and associated metadata submitted through the API or web interface are:

  • Processed in an isolated, encrypted session container
  • Never written to permanent storage by default
  • Purged from working memory upon session termination
  • Never used to train or fine-tune models without explicit written consent

Institutions operating under a retained-data configuration (for audit trail or retrospective review purposes) must execute a separate Data Processing Agreement and are solely responsible for ensuring that such retention is compliant with applicable healthcare data law in their jurisdiction.

4. Data Sharing & Disclosure

We do not share, sell, or rent personal or clinical data to third parties. We may disclose information in the following limited circumstances:

  • Service providers: Subprocessors (cloud infrastructure, payment processing) operating under contractual data protection obligations
  • Legal obligation: When required by law, regulation, or a valid court order in a jurisdiction where we operate
  • Protection of rights: To prevent fraud, security incidents, or imminent physical harm
  • Business transfers: In the event of a merger or acquisition, under equivalent privacy protections

5. Data Retention

Account and administrative data is retained for the duration of the active account relationship plus 7 years for legal and financial compliance purposes. Anonymised usage telemetry is retained for up to 24 months. Clinical data is retained for zero seconds beyond session termination under default configuration.

6. Security

ClinexaOS implements industry-standard and healthcare-grade security controls including: AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, multi-factor authentication, immutable audit logging, and annual third-party penetration testing. See our Security page for full details.

7. Your Rights

Depending on your jurisdiction, you may have rights including: access to your data, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, contact info@clinexaos.com. We respond to all verified requests within 30 days.

8. International Transfers

ClinexaOS operates globally. Data may be processed in jurisdictions outside your own. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses and/or adequacy decisions as the legal basis for transfer.

9. Cookies & Tracking

Our website uses essential cookies required for navigation and authentication. We do not use advertising cookies or cross-site tracking. You may disable non-essential cookies in your browser settings without affecting core platform functionality.

10. Contact Us

Data Controller: ClinexaOS Inc.
8201 Greensboro Drive, Suite 615, McLean, VA 22102, USA
Privacy enquiries: info@clinexaos.com

Related Policies
📜

Terms of Use

🔄

Data Processing Agreement

🔐

Security Overview

Compliance Framework

📧

info@clinexaos.com

Privacy enquiries