Last updated: 2026
StethoSuite ("we", "us", "our") is committed to protecting the privacy of healthcare providers and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. Please read this policy carefully.
When you register, we collect your name, email address, organization name, and contact details to create and manage your account.
Through the Service, you may input patient identifiers such as Medical Record Numbers (MRN), accession numbers, dates of birth, and phone numbers. This data is used solely to generate and manage secure viewing links. We do not store DICOM imaging files — these remain on your own infrastructure.
We automatically collect information about how the Service is used, including link creation timestamps, view counts, IP addresses of viewers, and API call logs. This data is used for security monitoring and service improvement.
We do not sell patient data or account data to third parties. We may share information in the following limited circumstances:
We implement industry-standard security measures including TLS encryption for all data in transit, encrypted storage, access controls, and regular security audits. Viewing links require patient identity verification (date of birth). Links automatically expire and can be revoked at any time. However, no method of transmission over the internet is 100% secure.
We retain account data for as long as your account is active. Viewing link records are retained for audit purposes for up to 12 months after expiry. You may request deletion of your data by contacting us. We will delete data within 30 days of a valid request, subject to legal retention requirements.
As a healthcare provider using the Service, you are responsible for obtaining appropriate patient consent before sharing their data through StethoSuite, complying with all applicable data protection laws in your jurisdiction (including PDPA, HIPAA, GDPR, or other relevant regulations), and ensuring your use of patient data is lawful and authorized.
We use essential session cookies to authenticate users and maintain secure sessions. We do not use advertising cookies or third-party tracking technologies. Patient viewing sessions use minimal session storage for verification purposes only.
Your data may be stored and processed in servers located outside your country. We ensure appropriate safeguards are in place for any cross-border data transfers in accordance with applicable data protection laws.
Depending on your jurisdiction, you may have the right to:
To exercise these rights, contact us at [email protected].
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice in the Service. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or our data practices, contact us at [email protected].