Privacy Policy
Last updated: 2026-06-06
1. Overview
This Privacy Policy explains how Myelometrix LLC ("MyeloMetrix", "we", "us") collects, uses, and shares information when you use the MyeloMetrix desktop application, website, APIs, and related services (the "Service"). It is part of, and incorporated into, our Terms of Service.
MyeloMetrix is designed as a quantitative analysis tool for spinal-cord MRI. We try hard to minimize the information we hold about your patients and about you. This policy tells you exactly what we do hold, why we hold it, and for how long.
2. Roles: You as Controller, Us as Processor
For the imaging data you submit through the Service, you (or your institution) are the data controller and MyeloMetrix is the data processor. You decide which scans to submit and which patient identifiers to include. We process those submissions on your behalf solely to provide the analysis Service to you.
For information about you as our customer — account profile, subscription status, billing — we are the controller and the terms below apply.
3. Information We Collect
We collect the following information directly from you or from your use of the Service:
- Account information. When you sign up we collect your name, email address, password credentials (via our authentication provider — see section 7), and, where you elect to sign in with Google or another single sign-on provider, the profile fields that provider releases to us.
- License Keys. We generate License Keys associated with your account so that the desktop application and API can authenticate. We retain the metadata for each key (creation date, last-used timestamp, name you assigned). We do not retain the plaintext value of the key after creation; only a hash is kept for verification.
- Subscription and billing. If you subscribe, we and our payment processor collect the information required to process payment — billing name, country, the last four digits and type of your payment instrument, invoices, and renewal status. Full card numbers are handled directly by our payment processor; we do not store them.
- Imaging input. See section 4 below for the specific treatment of MRI scans.
- Service usage logs. When the desktop application or your code calls our API, we log the request URL, response status, timing, and a redacted fingerprint of the License Key used. We use these logs to operate, secure, and troubleshoot the Service. We do not include the contents of your imaging data in these logs.
- Website analytics. Our marketing website may use a privacy-preserving analytics tool to count anonymous page views and referrers. We do not use third-party advertising cookies on the website.
4. Imaging Data You Submit
When you submit a NIfTI file or a DICOM ZIP through the desktop application or API:
- The file is uploaded directly to our analysis backend and written to a temporary working directory for the duration of the analysis. The temporary copy is removed automatically at the end of the analysis and when the analysis container is recycled. We do not archive the source imaging.
- The pipeline produces a result package (measurements, plots, optional masks) that is delivered back to your device. The package is staged briefly on our infrastructure only for the moments between the analysis finishing and your desktop client downloading it, and is then deleted automatically.
- We do not keep per-patient databases of analysis results or longitudinal trends on our servers. The desktop client saves results locally on your computer, and longitudinal trend views are computed on your device from the local result files. Nothing leaves your computer for the purpose of building a trend view.
- The patient identifier you submit is used during the analysis run to name temporary outputs and is then discarded with the rest of the run. MyeloMetrix does not inspect DICOM tags for patient name, MRN, or date of birth and does not encourage you to send those values. If you want the identifier associated with a result to be a pseudonym rather than a real medical record number, supply a pseudonym.
5. How We Use Information
We use the information we collect to:
- provide, operate, and secure the Service;
- authenticate License Keys and enforce subscription limits;
- run the analysis you request and return results to you;
- support longitudinal comparison across scans for the same patient identifier (computed on your device from results saved locally — see section 4);
- send you transactional messages (sign-in confirmation, receipts, security notices, service announcements);
- investigate suspected abuse, fraud, or violations of our Terms;
- comply with our legal obligations.
We do not sell your information. We do not use your imaging data or your patients' identifiers to train models, except with your explicit, written opt-in.
6. How Long We Keep Information
- Source imaging (NIfTI / DICOM you upload): kept transiently for the duration of the analysis run and removed automatically at the end of the run.
- Analysis results (measurements, plots, optional masks): staged on our infrastructure only between the end of the analysis and the desktop download. Deleted automatically after the desktop picks up the result. No copy is retained on our side after delivery, and no per-patient database of past results is maintained.
- Account information (profile, License Key metadata, billing history): kept for the life of your account plus the period required by tax and accounting law in our jurisdiction.
- Service logs (request URLs, status codes, timing): kept up to 90 days, then deleted or aggregated to non-identifying form.
7. Service Providers and Sub-Processors
We use the following providers to operate the Service. Each is contractually required to use the information we share only to perform the service we hired them for.
- Clerk — account authentication, single sign-on, and License Key issuance and verification.
- Modal — managed compute that runs the analysis pipeline and stores longitudinal result packages on a persistent volume.
- Cloudflare — the public API gateway that fronts our analysis backend and our marketing website.
- Railway — hosting for the marketing website.
- [Payment processor TBD] — payment processing for subscriptions, once paid plans launch.
- [Email provider TBD] — transactional email (receipts, sign-in, security notices).
We will update this list when we add a sub-processor. If you rely on a written notice of sub-processor changes, contact us at the address in section 14 and we will add you to that notice list.
8. Protected Health Information
We have designed the Service so that you do not have to share identifiable patient information with us to get value out of it. MyeloMetrix does not inspect DICOM headers for patient name, date of birth, or medical record number, and we recommend that you use a pseudonymous identifier in place of a real medical record number when you submit a scan.
You remain responsible for confirming that any data you submit is permitted to leave your institution and to be processed by us under the law that applies to you, including the U.S. Health Insurance Portability and Accountability Act ("HIPAA"), the EU and UK General Data Protection Regulations ("GDPR"), and your institution's own data-sharing policies.
If your use of the Service requires us to act as a HIPAA Business Associate, contact us before submitting identifiable patient information. We may be willing to enter into a Business Associate Agreement on terms we agree in writing.
9. International Data Transfers
Our service providers run primarily in the United States. If you access the Service from outside the United States, the information you submit will be transferred to and processed in the United States and in other countries where our sub-processors operate. Where required by law, we rely on appropriate transfer mechanisms (such as the EU Standard Contractual Clauses) to legitimize those transfers.
10. Your Rights
Depending on where you live, you may have rights with respect to information we hold about you, including the right to:
- access or receive a copy of the information;
- correct information that is inaccurate;
- delete information, subject to limited legal exceptions;
- object to or restrict certain processing;
- withdraw consent where processing is based on consent;
- lodge a complaint with the data protection authority in your country.
You can manage your account profile and revoke License Keys from the account portal yourself. Because we do not retain analysis results on our infrastructure (see section 4), there is no per-patient deletion request to make for imaging or results. To exercise any of the other rights above, contact us at the address in section 14. We will respond within the time required by the law that applies to you.
11. Children
The Service is not directed to children under 16 and we do not knowingly create accounts for children. If you believe a child has signed up, contact us and we will delete the account.
The Service may be used by qualified clinicians and researchers to analyze pediatric imaging on behalf of their institution. In that case the patient whose scan is analyzed is not the holder of the MyeloMetrix account, and the consent and authorization required to submit that scan are the responsibility of the submitting clinician and their institution.
12. Security
We use reasonable administrative, technical, and physical safeguards to protect information that is in our control, including transport encryption for all network communication, gateway-level access control for the analysis API, hashed storage of License Keys, and access controls on the persistent volume that holds longitudinal results. No security control is perfect; we cannot guarantee that the Service will never be subject to unauthorized access.
If you become aware of unauthorized use of your account or a compromise of a License Key, revoke the key in the account portal and notify us at the address in section 14.
13. Changes to This Policy
We may update this Policy from time to time. When we make a material change we will update the "Last updated" date at the top of this page and, where appropriate, give additional notice (for example, by email or an in-product notice). Your continued use of the Service after the effective date of the updated Policy constitutes acceptance of the changes.
14. Contact
Privacy questions, requests to exercise your rights, and notices of suspected unauthorized License Key use should be directed to [privacy contact email].