Privacy Policy

Last updated: March 2025

Your privacy is important to us. This policy explains what data TumorBD collects, how it is processed, and what rights you have regarding your information.

1. Introduction

TumorBD ("we", "us", "our") operates the decision-support platform available at app.tumorbd.com. This Privacy Policy describes how we collect, use, store, and protect information when you use our Service.

2. Data We Collect

2.1 Account Information

When you register for TumorBD, we collect:

Name and professional credentials
Email address
Institutional affiliation
Password (stored in hashed form only)

2.2 Patient and Clinical Data

In the course of using the Service, you may upload:

Medical documents -- lab reports, pathology reports, clinical notes, discharge summaries (PDF, TIFF, JPEG, PNG formats)
Medical images -- DICOM series, X-rays, pathology slides (DICOM, JPEG, PNG formats)
Chat messages -- questions and clinical context you provide to the AI tumor board
Case metadata -- patient demographics, staging information, treatment history

2.3 Usage Data

We automatically collect:

Log data (IP address, browser type, access times, pages viewed)
Feature usage patterns (which tools and agents are invoked)
Performance metrics (response times, error rates)

3. How We Process Your Data

Data type	Processing	Purpose
Medical documents	Azure Document Intelligence (OCR)	Text extraction for AI analysis
Medical images	Azure-hosted segmentation and analysis models	Image interpretation and measurement
Chat messages	Azure AI Foundry language models	Multi-agent deliberation and response generation
Usage data	Internal analytics	Service improvement and reliability

All AI processing occurs within Microsoft Azure cloud infrastructure. Data is transmitted over encrypted connections (TLS 1.2+) and processed in secure, managed environments.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

Encryption at rest: All stored data is encrypted using AES-256 encryption within Azure infrastructure.
Encryption in transit: All data transmission uses TLS 1.2 or higher.
Access controls: Role-based access controls limit data access to authorized personnel and systems only.
Infrastructure: Data is stored in Microsoft Azure data centers, which maintain SOC 2, ISO 27001, and HIPAA compliance certifications.
Isolation: Each user's clinical data is logically isolated and accessible only through authenticated sessions.

5. Data Retention and Deletion

Active data: Patient cases, documents, images, and chat history are retained for as long as your account is active and you choose to keep them.
Deleted cases: When you delete a patient case, all associated data (documents, images, chat messages, generated reports) is permanently removed within 30 days.
Account deletion: Upon account deletion, all your data is permanently removed within 30 days. You may request immediate deletion by contacting us.
Backups: Encrypted backups are retained for up to 90 days for disaster recovery, after which they are purged.

6. Third-Party Data Sharing

We do not sell, rent, or trade your personal data or patient data to third parties.

We share data only with:

Azure cloud services: As our infrastructure provider for processing and storage (under strict data processing agreements).
Legal obligations: When required by law, regulation, or valid legal process.

In the event that a fallback AI model provider (such as OpenRouter) is used for specific processing tasks, data is transmitted only as needed and subject to equivalent data protection agreements.

7. Cookies and Analytics

TumorBD uses the following types of cookies:

Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
Functional cookies: Store your preferences such as language selection and interface settings.
Analytics cookies: Help us understand how the Service is used so we can improve it. These can be disabled in your account settings.

We do not use third-party advertising cookies or tracking pixels.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate personal data.
Deletion: Request deletion of your personal data and account.
Portability: Request your data in a structured, machine-readable format.
Restriction: Request that we limit the processing of your data.
Objection: Object to the processing of your data for specific purposes.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

9. Children's Privacy

TumorBD is a professional tool intended for qualified healthcare professionals. The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]
Website: tumorbd.com