Privacy Policy
This Privacy Policy explains what personal data we collect when you use the MedSeg web application at app.medseg.ai (the "Service"), why we collect it, what we do with it, and what rights you have. The GDPR and UK-GDPR specifics for users in those jurisdictions are in Section 11. The Terms of Service contain the broader contract for using the Service.
1. Who we are
The Service is operated by Artificial Intelligence AS, a Norwegian-registered company trading as MedSeg ("MedSeg", "we", "us"). We act as the data controller (in the meaning of Article 4(7) of the GDPR) for the personal data described below. Contact us at dlinradiology@gmail.com.
2. What we collect
We collect only what we need to operate, secure, and improve the Service. We do not use third-party advertising trackers, third-party analytics beacons, or fingerprinting scripts.
2.1 Information you give us
- Account information: first name, last name, email address, and a password. The password is stored only as a bcrypt hash; the plaintext is never stored.
- Imaging data: what you choose to upload to your projects (NIfTI volumes, DICOM series, masks, model outputs). The Service is designed for de-identified data. You agree under the Terms of Service not to upload data containing direct patient identifiers.
- Assistant conversations: messages you send to the in-app assistant, and the assistant's replies. We use them to render the chat for you and, in aggregate, to improve the assistant's documentation. We do not use them to train AI models or share them with third parties.
- Support correspondence: any email you send to us is stored in our support inbox.
2.2 Information we collect automatically
- HTTP request logs for security and debugging: IP address, browser/user-agent string, request method and path, HTTP status, response size, and timestamps. Retained on a fixed-size rotation budget capped at roughly 200 MB per file.
- Usage events for quota enforcement: per-user counts of model-inference, training, and assistant calls with timestamps. Used to apply weekly credit limits and plan GPU capacity.
- First-party usage and attribution events for
product improvement: page paths on MedSeg public pages,
campaign parameters such as
utm_sourceandutm_campaign, referrer domain, video-play and call-to-action clicks, signup/login milestones, public-dataset copy events, editor opens, and model/training jobs queued. We use these to understand which pages and campaigns lead to real product use. These analytics records do not store IP addresses, project names, uploaded file names, patient identifiers, image content, or private case identifiers. If your browser sends Global Privacy Control or Do Not Track, the browser growth tracker does not create the MedSeg growth identifier or send these attribution events from that browser. - Storage occupancy: the byte size of your data directory, refreshed roughly hourly, used to apply your storage quota.
3. What we do not do
- We do not sell, rent, or share your data with advertisers, data brokers, or other third parties.
- We do not run third-party analytics trackers, advertising beacons, or fingerprinting on the Service.
- We do not fine-tune AI models on your imaging data or conversations. The pretrained models we ship come from their original authors as listed in Third-Party Notices and are not modified by us based on your data.
- We do not read or download your imaging data except as necessary to operate the Service (rendering it back to your browser, running the AI models you start, regenerating thumbnails, and similar operations) or to investigate a security incident or abuse complaint.
- We do not track you across websites. First-party MedSeg attribution is limited to understanding how visits to MedSeg pages turn into account creation and product use.
4. Cookies
The Service sets the following first-party cookies:
medseg_token: an HttpOnly, Secure, SameSite=Lax cookie containing a signed JSON Web Token (JWT). Identifies your session for up to 7 days. Without it you cannot stay signed in.medseg_csrf: a non-HttpOnly, SameSite=Strict cookie containing a random token. Used as a CSRF double-submit countermeasure. Without it state-changing requests are rejected.medseg_growth_id: a first-party SameSite=Lax identifier used for limited usage and campaign attribution on MedSeg pages. It helps connect an anonymous public-page visit to a later signup or product activation, without storing image data or project content in the analytics records. It expires after roughly 180 days. The same identifier may also be stored in browser localStorage so it persists across normal page navigations. It is not created when your browser sends Global Privacy Control or Do Not Track.
We do not set third-party analytics or advertising cookies.
5. Lawful bases for processing
We process the personal data above to:
- operate the Service for you, including storing your data, rendering it, running the models you choose, and signing you in (performance of contract);
- apply quota limits and prevent abuse (legitimate interests in keeping the Service running for everyone);
- measure which public pages, videos, and campaigns bring users who sign up and use the product (legitimate interests in improving the Service and deciding where to spend product and outreach time);
- send transactional email such as verification, password reset, and admin notifications, via our email provider Resend (performance of contract);
- comply with our legal obligations and respond to lawful requests where required (legal obligation);
- investigate security incidents and abuse (legitimate interests).
If you are based in the EU/EEA, UK, or another GDPR-equivalent jurisdiction, your rights and our lawful bases are detailed in Section 11.
6. Subprocessors
We use a small number of third parties to operate the Service. These are the only places your personal data leaves our infrastructure:
- Resend (resend.com): sends transactional email (verification, password reset, admin notifications). Receives your email address, first name, and the body of the email it delivers. Resend's privacy policy is at resend.com/legal/privacy-policy.
Pretrained AI models and the in-app assistant are run on infrastructure under our control and are not third-party SaaS services. Your imaging data and assistant conversations do not leave our servers.
7. Where data is stored
Account information, imaging data, server logs, and assistant conversations are stored on infrastructure we operate. Transactional email is delivered through Resend (see Section 6). Where any storage involves transfers outside the European Economic Area, those transfers are made under appropriate safeguards as recognised by the GDPR (typically the European Commission's Standard Contractual Clauses).
8. How long we keep it
- Account and uploaded data are kept for as long as your account is active. When you delete your account from the Account page, login is blocked immediately and the data is permanently purged 30 days later.
- Server access logs rotate on a fixed-size budget covering, at typical volume, a few weeks of access records.
- Application and error logs rotate on a fixed-size budget covering, at typical volume, several months of records. Older error logs are necessary to investigate regressions.
- First-party usage and attribution events are retained for up to 395 days by default, so we can compare campaign and product-activation patterns over time without keeping the raw event trail indefinitely.
- Email-verification and password-reset tokens are deleted when used. Unused tokens expire 24 hours (verification) or 1 hour (reset) after issue.
- Backups, if any, follow the same schedule as the data they back up.
9. Security
- HTTPS-only access, with TLS termination at our edge.
- Passwords hashed with bcrypt. The plaintext is never stored and we cannot tell you what your password is.
- HttpOnly Secure session cookies, plus a CSRF double-submit token on every state-changing request.
- Per-route rate limiting on authentication endpoints.
- Principle of least access internally. Only the small number of people who run the Service have administrative access, and their actions on user accounts are logged.
No system is perfectly secure. If we discover a personal-data breach affecting your account, we will notify you by email and, where required by law, the relevant supervisory authority within the legally required timescale.
10. Children's data
The Service is not directed to children, and we do not knowingly create accounts for users under 18. If you believe a child has registered an account, contact us and we will delete it.
11. Your rights (GDPR / UK-GDPR users)
If you are based in the EU/EEA or the United Kingdom, you have the following rights under the General Data Protection Regulation (EU) 2016/679 and the UK Data Protection Act 2018:
- Access: request a copy of the personal data we hold about you.
- Rectification: request that we correct inaccurate data. Name and email are editable on the Account page.
- Erasure ("right to be forgotten"): request that we delete your data. You can self-serve this on the Account page; if you need a faster purge than the 30-day grace window, contact us.
- Restriction of processing: request that we stop processing your data while we resolve a dispute about its accuracy or use.
- Portability: receive a structured copy of the data you provided to us. We can supply a tarball of your imaging data and a JSON dump of your account record.
- Objection: object to processing based on legitimate interests (Section 5).
- Lodge a complaint with your national data-protection authority. For users in Norway this is Datatilsynet (datatilsynet.no); users elsewhere in the EEA may complain to the equivalent authority in their member state. UK users may complain to the Information Commissioner's Office (ico.org.uk).
Send rights requests to dlinradiology@gmail.com. We aim to respond within 30 days.
12. Changes
We may update this Privacy Policy from time to time. When a change is material we will increase the version number at the top of this page and notify you by email. Other changes (clarifications, formatting, broken-link fixes) take effect when published.
13. Contact
Questions about this Privacy Policy or about how we handle your personal data? Write to dlinradiology@gmail.com.