Log in

Legal documents

Transparency about platform use, social authentication and personal data processing for report generation.

Last updated: April 14, 2026

Privacy and legal requests: privacy@radiologic.io

Privacy Policy

How we collect, use, share and protect personal data.

TL;DR

We collect account, content and audio data to provide the report generation service. Patient PII (names, CPF, dates) is anonymized on our servers before any data is sent to external processors. Data is processed by Clerk (auth), Anthropic (AI), Deepgram (transcription), Stripe/Asaas (billing), Supabase (storage) and Sentry (errors). You can request access, correction or deletion at any time. We follow LGPD guidelines and sessions expire automatically via Clerk.

1. Data we may process

  • Account and authentication data from Clerk and OAuth providers.
  • User content such as dictated text, generated reports and templates.
  • Audio recordings and transcription data processed by Deepgram, plus related metadata.
  • Technical logs, telemetry and error diagnostics.
  • Billing identifiers related to Stripe and Asaas subscriptions.

2. Purposes

  • Authentication and account security.
  • AI transcription and report generation.
  • History, preferences and feature personalization.
  • Billing operations, fraud prevention and legal compliance.

3. OAuth disclosures

Google, Apple and GitHub data is used only for sign-in, session management and account security.

We do not request unnecessary scopes to read user files, contacts or calendars.

4. Processors

  • Clerk (authentication)
  • Anthropic (report generation)
  • OpenRouter (AI model routing)
  • OpenAI (fallback transcription)
  • Deepgram (audio transcription)
  • Stripe (payments)
  • Asaas (payments — Brazil)
  • Supabase and Vercel (infrastructure and storage)
  • Sentry (error monitoring)

5. Retention and deletion

Data is retained as needed for service operations, security and legal obligations.

Users can delete report history in-app and request additional deletion by email.

6. Your rights

Depending on applicable law, you may request access, correction, portability and deletion.

Requests: privacy@radiologic.io.

7. Security and international transfers

We apply technical and organizational controls to protect personal data. User sessions are managed by Clerk with automatic expiration and token rotation.

Some processors may handle data across jurisdictions under appropriate safeguards.

8. Sensitive data and LGPD

The service is not designed to profile or commercialize sensitive patient data.

Because users may submit clinical content, incidental health-related data processing may occur under user instructions. Data minimization and anonymization are strongly recommended.

When applicable, we act as a processor to provide the service and users remain responsible for the legal basis and governance of submitted data.

9. Data anonymization

Before any dictated text is sent to external AI processors (Anthropic, OpenRouter, Deepgram), Reporter applies a server-side anonymization layer. Placeholders are restored only when the report returns to your screen — never while in transit to third parties.

  • Detected types: CPF, dates, phone numbers, patient names and locations (hospital/city).
  • Placeholders used: [CPF_N], [DATA_N], [TEL_N], [NOME_N], [LOCAL_N].
  • Audit log stores only per-type counts + SHA-256 hash of the original text; never cleartext content.
  • The reverse map (placeholder → original value) exists only in server memory during the request and is discarded at the end.
  • Third parties receive no means to re-identify anonymized data.

10. Policy updates

This policy may be updated as legal or product requirements change.