Privacy Policy

Last updated: April 15, 2026

1. Introduction

RadPal LLC ("RadPal," "we," "us," or "our") operates the RadPal desktop application and the radpal.ai website. This Privacy Policy describes how we collect, use, store, and protect your information when you use our products and services.

RadPal is a clinical decision-support and productivity tool for radiologists. It is not a medical device, does not provide medical advice, and is not a substitute for professional clinical judgment.

2. Information We Collect

Account Information

When you create an account, we collect your email address, a hashed password, and basic profile metadata (account creation date, subscription tier, subscription status).

Device Information

When you install the desktop application, we collect a hashed machine identifier, device name, operating system, and application version. This information is used for device management, trial enforcement, and license compliance.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or full payment details. We retain your Stripe customer ID and subscription metadata to manage your account.

Usage and Analytics

We collect aggregated, anonymized usage metrics such as feature usage counts, AI model selection, and token consumption. We use Vercel Analytics on our website. The desktop application may send diagnostic telemetry for development and stability purposes.

Clinical Content (Report Text)

When you use AI-powered features (report generation, impression generation, or AI chat), the text you provide is transmitted to third-party AI providers (currently Anthropic and OpenAI) for processing. RadPal does not store your clinical report content on our servers. The application acts as a pass-through — text is sent to AI providers, the response is returned to your device, and no copy is retained on RadPal infrastructure.

3. How We Use Your Information

  • To provide and maintain the RadPal service
  • To manage your account, subscription, and feature access
  • To process payments via Stripe
  • To enforce device limits and prevent trial abuse
  • To send transactional emails (account verification, subscription changes)
  • To improve the product through aggregated usage analytics
  • To provide customer support

4. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication, user profiles, and application data storage
  • Stripe — Payment processing and subscription management
  • Anthropic (Claude) — AI report and impression generation
  • OpenAI (GPT) — AI report and impression generation
  • Google (Gemini) — AI report and impression generation
  • Deepgram — Voice dictation and speech-to-text
  • Vercel — Website hosting and analytics
  • Cloudflare — CAPTCHA verification (Turnstile)

Each third-party service is subject to its own privacy policy. We select providers that offer data handling practices consistent with healthcare data protection requirements.

5. HIPAA and Health Data

RadPal is designed to support HIPAA-compliant workflows. Key safeguards include:

  • Business Associate Agreements (BAAs) with AI infrastructure sub-processors
  • Zero data retention policies with AI providers — your clinical content is not stored by AI providers and is not used for model training
  • RadPal does not store Protected Health Information (PHI) on its servers — the application acts as a pass-through for AI processing
  • Data encrypted in transit (TLS) and at rest

Your responsibility: You are solely responsible for HIPAA compliance at your institution, including obtaining necessary authorizations, ensuring your use of RadPal conforms to your institution's privacy and security policies, and verifying that RadPal's safeguards meet your requirements.

6. Data Retention

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Clinical content: Not retained on RadPal servers. Processed in-memory by AI providers under zero-retention agreements.
  • Payment records: Retained by Stripe per their data retention policy and applicable financial regulations.
  • Usage analytics: Retained in aggregated form for product improvement. No personally identifiable information is included.
  • Audit logs: Subscription events are retained for compliance purposes.

7. Data Security

We implement industry-standard security measures including TLS encryption for all data in transit, secure authentication via Supabase Auth, hashed passwords, and role-based access controls. However, no system is perfectly secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, contact us at support@radpal.ai.

9. Children's Privacy

RadPal is intended for use by licensed healthcare professionals. We do not knowingly collect information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of RadPal after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

RadPal LLC
Email: support@radpal.ai
Website: https://radpal.ai