NAIQ NAIQ Health AI Privacy Policy
← Back to app Part of NAIQ
← Back to NAIQ Health AI

Privacy Policy

Last updated:
Do not upload personally identifiable patient information. Please remove or anonymise all patient identifiers (name, ID, date of birth, and DICOM metadata) before uploading any image. This tool is designed to process de-identified images only.

This Privacy Policy explains how NAIQ Health Tech ("NAIQ", "we") handles information when you use NAIQ Health AI ("the Service"). It is written to align with the principles of India's Digital Personal Data Protection Act, 2023 (DPDP Act) and, where applicable, the EU General Data Protection Regulation (GDPR). It is provided for transparency and does not constitute legal advice.

1. What we process

  • Images you upload (CT slices in DICOM, NumPy, or image format) and the region you mark. These are processed only to produce the assistive characterisation you request.
  • Minimal technical data that any web service receives (e.g. IP address, browser type, timestamps) for security and reliability.

We ask that uploaded images be de-identified. If an image nonetheless contains health data, note that health data is "sensitive/special category" data under the DPDP Act and GDPR and warrants heightened care — which is why we minimise its handling as described below.

2. How images are handled

  • Images are processed transiently to compute the result and are not stored on our servers after the response is returned, unless you are explicitly told otherwise for a specific feature and have given consent.
  • We do not use uploaded images to train or improve models without separate, explicit, opt-in consent.
  • We do not sell or rent your data, and we do not use it for advertising.

3. Legal basis & consent (DPDP Act / GDPR)

Where we process personal data, we rely on your consent, given by your voluntary choice to upload an image and request an analysis, for the specific purpose of returning that analysis. Under the DPDP Act you are a "Data Principal" and may withdraw consent at any time; under the GDPR you have rights of access, rectification, erasure, restriction, portability, and objection.

4. Data retention

Uploaded images and their derived features are held only for the duration of processing and are discarded afterwards. Minimal technical logs may be retained for a limited period for security.

5. Sharing & processors

We may use reputable infrastructure providers (for hosting and content delivery) that process data on our behalf under appropriate contractual safeguards. We do not otherwise disclose your data except where required by law.

6. International transfers

If data is processed outside your country, we take steps consistent with applicable law (including the DPDP Act and, for EU users, GDPR transfer mechanisms) to protect it.

7. Children

The Service is intended for professional and research users and is not directed at children. Under the DPDP Act, processing children's data requires verifiable parental consent; please do not use the Service to process a child's data without it.

8. Your rights & contact

To exercise your rights, ask a question, or raise a grievance, contact us at rrshivwanshi.phd2019.bme@nitrr.ac.in. We will respond within the timelines required by applicable law.

9. Changes

We may update this policy; the "last updated" date will change accordingly.

Medical Disclaimer · Terms of Use · Back to app