Privacy Policy
Last updated: March 16, 2026
1. Overview
Analyze Your Knee ("the Service") is designed with privacy as a core principle. This Privacy Policy explains what data is collected, how it is used, and what control you have over your information.
2. Chat Data — 100% Browser-Local
All conversation history is stored entirely in your web browser using SQLite (via the sql.js library) and IndexedDB. This means:
- Your chat messages, AI responses, and analysis history are never transmitted to or stored on any server.
- Clearing your browser data or switching browsers will remove your conversation history.
- We have no ability to access, read, recover, or subpoena your conversation history because it does not exist on our systems.
3. Uploaded Medical Images
When you upload medical imaging files (DICOM, X-ray, PDF reports):
- Files are uploaded to the server for processing and AI analysis.
- Uploaded files are stored in isolated, temporary server directories.
- All uploaded files are automatically deleted within 24 hours.
- We do not create long-term copies, backups, or archives of your medical images.
4. Third-Party AI Processing
To perform imaging analysis, your uploaded images are sent to third-party AI model providers via API, including:
- OpenAI (GPT models)
- Google (Gemini models)
- Anthropic (Claude models)
- xAI (Grok models)
These providers process images according to their own privacy policies and data retention terms. We recommend reviewing their policies. We use API-based access which typically has stricter data handling than consumer-facing products, but we cannot guarantee third-party provider behavior.
If you have concerns about third-party processing, use the built-in DICOM anonymization tool to strip Protected Health Information (patient name, ID, birth date, institution, referring physicians) before analysis.
5. Cookies & Tracking
The Service uses a minimal httpOnly cookie for anonymous session identification (used only for credit tracking if applicable). We do not use:
- Third-party analytics (no Google Analytics, no Mixpanel, etc.)
- Advertising cookies or tracking pixels
- Fingerprinting or cross-site tracking
- Social media tracking scripts
6. Shared Analysis Links
If you choose to generate a shareable analysis link, the analysis results are stored on the server to enable sharing. Shared links can optionally be password-protected. You can delete shared links at any time.
7. DICOM Anonymization
The Service includes a built-in DICOM anonymization tool that strips Protected Health Information (PHI) including patient name, patient ID, birth date, institution name, and referring physician names. We strongly recommend using this tool before uploading data if you are concerned about privacy.
8. Data Retention Summary
| Data Type | Storage Location | Retention |
|---|---|---|
| Chat history | Your browser (IndexedDB) | Until you clear it |
| Uploaded images | Server (temp directory) | Auto-deleted within 24h |
| Shared analysis | Server | Until you delete it |
| Anonymous ID cookie | Your browser | 1 year (httpOnly) |
9. Your Rights
Because your chat data is stored locally in your browser, you have full control over it at all times. You can view, export, or delete your data directly from your browser without contacting us. For server-side data (uploaded images, shared links), you may request deletion by contacting us.
10. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing personal data is:
- Consent: You explicitly consent to our Terms of Service and this Privacy Policy before using the Service (via the consent modal).
- Legitimate interest: Temporary processing of uploaded images is necessary to provide the Service you requested.
- Contract performance: Processing is necessary to fulfill the service you are using.
Under GDPR, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Since chat data is stored locally in your browser, you can exercise these rights directly. For server-side data, contact us.
11. Data Breach Notification
In the unlikely event of a data breach affecting your personal data stored on our servers (uploaded images, shared analysis links), we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws. Note that chat history stored in your browser cannot be breached from our side as it does not exist on our systems.
12. International Data Transfers
Your uploaded images may be processed by third-party AI providers whose servers may be located in different jurisdictions (including the United States). By using the Service, you consent to the transfer of your data to these jurisdictions. We use API-based access with enterprise-grade data handling, but cannot guarantee that all third-party providers meet the standards of your local data protection regulations.
13. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Your continued use of the Service after changes constitutes acceptance.
15. Contact
For privacy-related inquiries, please contact us via the information provided on our website.