Privacy Policy

Effective Date: December 29, 2025

1. Introduction

Welcome to iRad Report ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our radiology reporting platform.

By using iRad Report, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Personal Information

  • Name and contact information (email address, phone number)
  • Professional credentials and medical license information
  • Institution or practice affiliation
  • Billing and payment information (see Payment Security below)
  • Account credentials

Usage Information

  • Service usage data (minutes used, features accessed)
  • Report generation history
  • Speech-to-text transcription data
  • IP addresses and device information
  • Browser type and operating system

Medical Data

Important: We do not store patient health information (PHI). All medical reports generated are processed in real-time and are not retained on our servers. Users are responsible for managing and storing their generated reports according to applicable regulations.

Payment Security

Your payment card information is never stored on our servers. We prioritize your financial security:

  • All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor
  • We do not have access to your full credit card or debit card numbers
  • No CVV/CVC codes are ever stored or retained
  • Only the last 4 digits of your card and card type are retained for reference
  • All payment data transmission is encrypted using industry-standard TLS 1.3
  • Tokenization is used to process recurring payments without storing card details

3. How We Use Your Information

We use the collected information for:

  • Providing and maintaining our services
  • Processing your subscription and billing
  • Improving our speech recognition and AI models
  • Communicating with you about service updates
  • Providing customer support
  • Monitoring usage to prevent abuse
  • Complying with legal obligations

4. Data Security

We implement industry-standard security measures to protect your information:

  • 256-bit SSL encryption for all data transmission
  • Secure data centers with physical security controls
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data security best practices

While we strive to protect your information, no method of transmission over the internet is 100% secure.

5. HIPAA Compliance

iRad Report is designed to support HIPAA compliance:

  • We sign Business Associate Agreements (BAAs) with covered entities
  • We implement administrative, physical, and technical safeguards
  • We conduct regular risk assessments
  • We maintain audit logs of system access
  • We provide training to our staff on HIPAA requirements

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third parties who assist in operating our platform (e.g., payment processors, cloud infrastructure providers)
  • Legal Requirements: When required by law, subpoena, or other legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Consent: With your explicit consent

7. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account information: Retained while your account is active
  • Usage data: Retained for 24 months for analytics
  • Billing records: Retained for 7 years per financial regulations
  • Medical reports: Not stored on our servers

8. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Portability: Request your data in a portable format
  • Opt-out: Opt-out of marketing communications

To exercise these rights, please contact us at info@irad.app

9. International Data Transfers

If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: info@irad.app