Back to Home

Legal

Privacy Policy

Effective Date: March 31, 2026  ·  Last Updated: March 31, 2026

Summary

This Privacy Policy explains how Medisight, Inc. ("Medisight," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website at medisight.ai and our AI diagnostics platform at platform.medisight.ai (collectively, the "Services"). By using the Services, you agree to the practices described in this policy.

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Cookies & Tracking Technologies
  5. Data Retention
  6. Security
  7. Children's Privacy
  8. GDPR — Rights of EU/EEA Residents
  9. CCPA/CPRA — California Residents
  10. CalOPPA — California Online Privacy Protection
  11. Health Data Notice
  12. International Data Transfers
  13. Changes to This Policy
  14. Contact Us

1. Information We Collect

We collect the following categories of personal information:

Information you provide directly:

  • Identifiers: First name, last name, and email address.
  • Account credentials: When you sign in using Google ("Sign in with Google"), we receive your public Google profile information, which may include your name, email address, profile picture URL, and Google account ID. We do not receive your Google password.
  • Communications: Any messages, inquiries, or feedback you send us directly.

Information collected automatically:

  • Usage data: Pages visited, features accessed, time spent, click paths, and interaction data.
  • Device and technical data: IP address, browser type, operating system, device identifiers, and referring URLs.
  • Analytics data: Aggregated behavioral data collected via Google Analytics and similar tools.

Information from third parties:

  • Google OAuth: When you authenticate via Google, we receive the profile information described above from Google LLC under their own privacy policy.
  • Calendly: If you schedule a demo through Calendly, scheduling-related information (name, email, selected time) is processed by Calendly, Inc. under their privacy policy.

Health Information

If you upload or input health-related data (such as laboratory results or biomarker information) through the Medisight platform, that data is also collected and processed. See Section 11 — Health Data Notice for important disclosures regarding this category of information.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To create and manage your Medisight account.
  • To authenticate your identity via Google Sign-In.
  • To provide, operate, and improve our AI diagnostics Services.
  • To communicate with you about your account, updates, or support requests.
  • To send you service-related notices, security alerts, and policy updates (you may not opt out of these while you hold an account).
  • To send you optional marketing communications, where you have consented (you may opt out at any time).
  • To analyze usage patterns and improve platform performance, accuracy, and user experience.
  • To comply with applicable laws, regulations, and legal obligations.
  • To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity.
  • To enforce our Terms of Service and other agreements.

Legal bases for processing (GDPR): We rely on the following legal bases under Article 6 of the GDPR: (a) performance of a contract — to provide the Services you request; (b) legitimate interests — for analytics, security, and fraud prevention; (c) legal obligation — to comply with applicable law; and (d) consent — for optional marketing communications.

3. How We Share Your Information

We do not sell your personal information. We share personal information only as described below:

  • Service providers: Third-party vendors who process data on our behalf (e.g., cloud hosting, email delivery, analytics). These providers are contractually obligated to use your data only to provide services to us and in compliance with applicable law.
  • Google LLC: As our OAuth provider. Your use of "Sign in with Google" is also governed by Google's Privacy Policy.
  • Calendly, Inc.: For demo scheduling functionality. Governed by Calendly's Privacy Notice.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website of any such change.
  • Legal requirements: We may disclose your information when required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Medisight, our users, or others.
  • With your consent: For any other purpose with your explicit consent.

4. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Services. The types we use include:

  • Essential cookies: Required for the Services to function (e.g., authentication session tokens). These cannot be disabled.
  • Analytics cookies: We use Google Analytics (via gtag.js) to collect aggregated usage statistics. This may involve transfer of data to Google servers in the United States. You may opt out via the Google Analytics Opt-out Browser Add-on.
  • Preference cookies: Used to remember your settings and preferences across sessions.

CalOPPA disclosure: In accordance with the California Online Privacy Protection Act, we disclose that our Services do not currently respond to browser "Do Not Track" (DNT) signals. Third parties may collect personally identifiable information about your online activities when you use our Services. For more information about our third-party analytics practices, see Section 3 above.

When you first visit our website, a cookie consent banner powered by Cookiebot will appear and allow you to accept or decline non-essential cookie categories (analytics, preferences, marketing). You may change your consent preferences at any time by clicking the "Cookie Settings" link or by clearing your browser cookies to trigger the banner again.

You may also control cookies through your browser settings. Disabling essential cookies may prevent parts of the Services from functioning correctly.

5. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymize your personal information within 90 days, unless a longer retention period is required by law.

Analytics data is retained in aggregated, de-identified form and is not subject to the same deletion timelines.

6. Security

We implement administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption in transit (TLS), access controls, and regular security assessments.

No method of data transmission or storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

7. Children's Privacy

The Services are not directed to children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe we have collected information from a minor, please contact us at contact@medisight.ai and we will take prompt steps to delete that information.

8. GDPR — Rights of EU/EEA Residents

Applies to EU, EEA, and UK residents

If you are located in the European Union, European Economic Area, or United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR give you specific rights regarding your personal data.

Medisight acts as the data controller for personal information you provide to us. You have the following rights:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): You may request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).
  • Right to restriction of processing (Art. 18): You may request that we limit how we process your data in certain circumstances.
  • Right to data portability (Art. 20): You may request your personal data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Art. 7): Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., the Information Commissioner's Office in the UK).

To exercise any of these rights, contact us at contact@medisight.ai. We will respond within 30 days.

International transfers: When we transfer personal data from the EEA or UK to the United States, we do so in accordance with applicable data transfer mechanisms, such as Standard Contractual Clauses (SCCs) adopted by the European Commission, where applicable. See also Section 12.

9. CCPA/CPRA — California Residents

Applies to California residents

This section supplements the rest of this Privacy Policy and applies to residents of California under the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (together, "CCPA/CPRA").

Categories of personal information collected in the past 12 months:

  • Identifiers (name, email address, IP address, Google account ID)
  • Personal information categories listed in the California Customer Records statute (name, email)
  • Internet or other electronic network activity information (usage data, browsing interaction with the Services)
  • Inferences drawn to create a profile about a consumer (e.g., feature preferences)
  • Sensitive personal information: health or medical data you voluntarily upload to the platform (see Section 11)

Purposes for collection: As described in Section 2.

Categories of sources: Directly from you, automatically through your use of the Services, and from Google OAuth.

Categories of third parties to whom we disclose personal information: Service providers, Google LLC, Calendly, Inc. (as described in Section 3).

We do not sell or share personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.

Sensitive Personal Information: Under the CPRA, health data constitutes sensitive personal information. We use sensitive personal information only for the purpose of providing the Services you have requested. We do not use or disclose sensitive personal information to infer characteristics about you beyond what is necessary to provide our Services.

Your California Rights:

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources and purposes of collection, and the categories of third parties to whom it was disclosed.
  • Right to delete: You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing: We do not sell or share personal information. No opt-out is needed, but you may contact us to confirm.
  • Right to limit use of sensitive personal information: You may request that we limit our use of sensitive personal information (including health data) to purposes necessary to provide the Services.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Submitting a request: To exercise your California rights, contact us at contact@medisight.ai with "California Privacy Request" in the subject line. We will verify your identity before processing your request and respond within 45 days (extendable to 90 days with notice).

Authorized agents: You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization and verification of your identity.

10. CalOPPA — California Online Privacy Protection Act

In compliance with the California Online Privacy Protection Act (CalOPPA), we make the following disclosures:

  • We post this Privacy Policy conspicuously on our website and include a link to it on every page.
  • Users can review and request changes to their personally identifiable information by contacting us at contact@medisight.ai.
  • This Privacy Policy identifies the categories of personally identifiable information collected through the Services and the categories of third-party persons or entities with whom we may share that information.
  • Our Services do not currently respond to web browser "Do Not Track" (DNT) signals. This is consistent with the current lack of an industry-wide standard for DNT response. We will revisit this policy if a standard is established.
  • Third parties may collect personally identifiable information about your online activities over time and across different websites when you use our Services (e.g., through Google Analytics). See Section 4 for details.
  • This Privacy Policy was last updated on the date stated at the top of this document. We will notify California residents of material changes by updating this page and, where appropriate, by email.

11. Health Data Notice

Medisight's platform may allow you to upload or input health-related information, such as laboratory blood test results or biomarker data. This category of data is treated as sensitive personal information under applicable privacy laws, including the CPRA and GDPR.

Important limitations: Medisight is not FDA approved and the Services are not intended to diagnose, treat, cure, or prevent any disease. The platform provides informational and analytical outputs only and does not constitute medical advice. You should always consult a licensed healthcare professional before making any health decisions.

HIPAA: Medisight does not currently operate as a HIPAA-covered entity or business associate. The Services are not a covered healthcare provider, health plan, or healthcare clearinghouse. Accordingly, the Health Insurance Portability and Accountability Act (HIPAA) does not apply to information you voluntarily submit to Medisight. However, we implement security and privacy controls consistent with best practices for protecting health-related data.

Health data you provide is used solely to generate your personalized diagnostic insights and to improve the accuracy of our AI models in aggregate, anonymized form. We do not sell your health data under any circumstances.

12. International Data Transfers

Medisight is based in the United States. If you access the Services from outside the United States, your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) as adopted by the European Commission, to provide an adequate level of protection for your personal data.

By using our Services, you acknowledge that your personal information will be processed in the United States as described in this Privacy Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law, notify you by email or by prominent notice within the Services.

Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us at:

For GDPR inquiries, please include "GDPR Request" in the subject line. For California privacy requests, please include "California Privacy Request" in the subject line.

Questions about your privacy?

Our team typically responds within 2 business days.

Email contact@medisight.ai