Privacy Policy

Last updated: this MVP build.

What we collect

• The scan file you upload (DICOM zip or NIfTI).
• Your email address only if you create a Vault account.
• The Stripe payment record (no scan data is sent to Stripe).
• Server logs containing your IP address and User-Agent for abuse prevention.

What we do with your scan

1. It is uploaded directly to a private Cloudflare R2 bucket via a one-time signed URL.
2. A GPU worker pulls the file, strips DICOM patient identifiers per Supplement 142 Basic Profile, runs TotalSegmentator, and writes the results back to R2.
3. The worker wipes its temporary directory before returning. Nothing persists on the worker's filesystem between jobs.
4. The results are stored in R2 for at most 30 days, or until you click Delete my data now, whichever is sooner.

What we do NOT do

• We never use your scan to train any model. Not directly, not via any third party.
• We never sell your data.
• We never send your scan to any third party other than the inference provider (currently RunPod) which is contractually bound not to retain inputs.
• We do not put any patient identifier in Stripe metadata.

Your rights

• You can delete all data associated with a job at any time using the Delete my data now button on the results page. This issues a synchronous R2 deletion call before responding to you.
• You can request a copy of any data we hold about you by emailing bogdan.magometa@gmail.com.

Region availability

BodyMap is currently not available to visitors from the European Union, United Kingdom, China, Russia, or countries subject to U.S. sanctions. Requests from those regions receive HTTP 451.