Data Retention and Deletion Policy

We keep personal data only as long as necessary for the purposes for which it was collected, plus the period required by law.

1. Retention by category

• Instant analysis images — processed in memory and not persisted to our servers after the analysis returns, unless you explicitly save the entry to your dataset.
• Saved dataset entries — retained until you delete them or your account.
• Clinician-review images and answers — retained for the minimum period required to complete the review and to meet professional record-keeping obligations (typically up to 24 months), after which they are deleted or anonymised.
• Account and authentication data — for the lifetime of your account, then deleted within 30 days of account closure.
• Billing and tax records — retained for the period required by applicable tax law (usually up to 10 years), in pseudonymised form where possible.
• Security and audit logs — typically up to 12 months.

2. Deleting individual entries

Open the patient dashboard, select an entry, and choose Delete. The image is removed from storage and the metadata is removed from the database within 24 hours.

3. Deleting your account

Go to Account → Privacy → Delete account. We immediately revoke access, queue your data for deletion, and complete it within 30 days, unless we are required by law to retain specific records (e.g. invoices). Anonymised, aggregated statistics that cannot be linked back to you may be retained.

4. Data subject deletion requests

You can also request deletion via our Contact & Privacy Requests page. We respond within one month, extendable by two further months for complex cases.

5. Backups

Deleted data may persist in encrypted backups for up to 35 days before it is overwritten in the normal backup rotation.