Privacy Policy

Effective date: April 12, 2026 — Revision 1.0

1. Scope of Data Collection & Processing Activities

In connection with the provision of the Service and its underlying computational analysis infrastructure, TruDiag ("the Controller") may process certain categories of personally identifiable information ("PII") and non-personally identifiable telemetry data as enumerated herein. By initiating any interaction with the Service, you consent to the collection, processing, and transient storage of such data as described in this instrument.

• Subject-Identifiable Metadata: Demographic identifiers including but not limited to patient designation, approximate chronological age, and biological sex classification as voluntarily submitted by the user for the purpose of contextualizing diagnostic output
• Clinical Document Artifacts: Radiographic imagery, haematological panels, pathological specimens, and other diagnostic media transmitted to the Service for computational interpretation
• Network-Layer Telemetry: Internet Protocol addresses, HTTP request headers, user-agent identifiers, session timestamps, referral URI data, and connection metadata as automatically captured during the establishment of client-server communication
• Endpoint Characterization Data: Operating environment identifiers, viewport dimensions, rendering engine parameters, and device classification signals derived from standard browser fingerprinting vectors

2. Lawful Basis for Processing & Purpose Limitation

Processing of personal data is conducted pursuant to the legitimate interest of the Controller in providing and improving the Service. Specific processing purposes include:

• Execution of machine-learning inference pipelines against submitted clinical artifacts for the generation of interpretive diagnostic output
• Compilation of structured analysis results into portable document format deliverables
• Continuous refinement of algorithmic accuracy through aggregated, de-identified pattern analysis
• Longitudinal monitoring of service utilization patterns, throughput metrics, and capacity planning indicators
• Implementation of anomaly detection, rate-limiting, and abuse prevention countermeasures across the service perimeter

3. Clinical Data Processing Architecture

Submitted clinical document artifacts are routed through proprietary analysis infrastructure comprising the SRVN1 engine and supplementary computational intelligence modules. During the inference lifecycle, document artifacts undergo transient buffering within volatile processing memory and are purged from all active storage subsystems upon completion of the analytical pipeline. The Controller does not maintain persistent archival copies of raw clinical imagery within primary storage volumes.

Derivative analytical outputs, including structured diagnostic assessments and rendered portable document format reports, may be retained within the Controller's secure infrastructure for purposes of quality assurance validation, model performance benchmarking, and service continuity assurance.

4. Sub-Processor Engagement & Cross-Boundary Data Flows

The Service employs a multi-layered computational architecture that may involve the transmission of data to specialized sub-processing entities operating within their respective data governance frameworks. These sub-processors are engaged under contractual arrangements that mandate appropriate technical and organizational safeguards commensurate with the sensitivity of the data processed.

• Computational Intelligence Sub-Processors: Clinical artifact data may be transmitted to specialized AI inference providers for the purpose of executing advanced pattern recognition, natural language generation, and multimodal analysis operations. Such transmissions are governed by the respective sub-processor's data processing agreements and applicable data protection standards.
• Geospatial Resolution Services: Internet Protocol address data may be processed through third-party geolocation resolution APIs to derive approximate geographic attribution for analytical and security monitoring purposes

5. Technical & Organizational Security Measures

The Controller maintains a defence-in-depth security posture incorporating transport-layer encryption (TLS 1.2+), access control mechanisms, server-side input validation, and periodic security configuration reviews. Notwithstanding the foregoing, the Controller acknowledges that no system of electronic data transmission or storage can be guaranteed to be completely impervious to unauthorized access, and accordingly makes no absolute warranty as to the inviolability of data in transit or at rest.

6. Data Retention & Lifecycle Management

• Raw clinical document artifacts: purged from processing buffers immediately upon completion of the inference lifecycle
• Structured analytical output and associated metadata: retained for an indeterminate period commensurate with legitimate quality assurance and service improvement objectives
• Network telemetry and access logs: retained in accordance with the Controller's security monitoring and incident response requirements
• Rendered portable document format reports: retained within secure server-side storage for archival and auditability purposes

7. Data Subject Rights & Exercising Thereof

Subject to applicable jurisdictional requirements and the Controller's verification of identity, data subjects may exercise the following rights:

• Right of access to personal data held by the Controller (subject to reasonable administrative processing timelines)
• Right to request erasure of personal data where continued processing is no longer necessitated by the original lawful basis
• Right to withdraw consent by discontinuing use of the Service, thereby precluding further collection of data prospectively

8. Age Restriction & Parental Consent

The Service is not designed for, marketed toward, nor intended to be accessed by natural persons below the age of eighteen (18) years. The Controller does not knowingly solicit, collect, or process personal data from minors, and any such data discovered to have been inadvertently collected shall be expunged without undue delay.

9. Policy Modification & Notification

The Controller reserves the unilateral right to amend, supplement, or otherwise modify this Privacy Policy at any time without prior individual notice. Material revisions shall be indicated by an updated effective date. Continued utilization of the Service following the posting of modifications shall constitute the user's acknowledgment and acceptance of the revised terms.

10. Controller Contact Information

Inquiries, requests, or complaints pertaining to this Privacy Policy or the Controller's data processing practices may be directed through the contact mechanisms available at sandeepkukreja.net.