Service Privacy Policy
SERVICE PRIVACY POLICY
Precision Prostate Consulting, LLC
62 Portland Road, Suite 25A
Kennebunk, Maine 04043
Effective Date: February 6, 2026
Last Updated: February 6, 2026
1. INTRODUCTION AND SCOPE
This Service Privacy Policy (“Policy”) describes how Precision Prostate Consulting, LLC (“PPC,” “we,” “us,” or “our”), collects, uses, discloses, and protects your personal information and health data when you register for an account and use our Prostate MRI Analysis Service (the “Service”).
This Policy applies to:
- Registered users of our Service
- Individuals who submit MRI images for analysis
- All personal information and health data collected in connection with the Service
This Policy does not apply to:
- General visitors browsing our marketing website (see our Website Privacy Policy)
- Third-party websites or services linked from our platform
This Policy should be read in conjunction with our Terms of Service Agreement, which governs your use of the Service.
By registering for an account or using our Service, you acknowledge that you have read, understood, and consent to the practices described in this Policy.
2. INFORMATION WE COLLECT
2.1 Account and Contact Information
When you register for the Service, we collect:
- Full legal name
- Email address
- Telephone number (optional)
- Account credentials (username and password)
2.2 Payment and Transaction Information
Full payment card numbers are processed directly by our PCI-compliant third-party payment processor and are not collected or stored on our servers.
To process your payment, we collect:
- Transaction amount, date, and confirmation number
- Service history
2.3 Health and Medical Information
Due to the nature of our Service, we collect and process sensitive health-related information, including:
| Data Type | Description |
|---|---|
| Medical Images | Prostate MRI files in DICOM format that you upload |
| Image Metadata | Technical data embedded in DICOM files (may include patient identifiers, scan dates, facility information) |
| Analysis Results | AI-generated reports identifying regions of interest |
| Enhanced Images | DICOM files with color overlays produced by the analysis |
| Supplemental Information | Any health-related information you voluntarily provide in connection with your submission |
Important: We treat all health and medical information with the highest level of confidentiality in accordance with applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA) where applicable.
For additional information regarding our role and obligations under HIPAA, see Section 6.4 below.
2.4 Technical and Usage Information
When you access the Service platform, we automatically collect:
- IP address
- Browser type and device information
- Login timestamps and session data
- Platform usage and navigation patterns
3. HOW WE USE YOUR INFORMATION
3.1 Service Delivery
We use your information to:
- Create and manage your account
- Process and analyze your MRI images using AI technology
- Generate analysis reports and enhanced DICOM files
- Deliver your results through our secure platform
- Process payments and maintain transaction records
- Communicate with you about your submissions and results
3.2 Service Operations
We use your information to:
- Maintain, secure, and improve our Service platform
- Provide customer support and respond to inquiries
- Monitor for unauthorized access or fraudulent activity
- Ensure technical functionality and troubleshoot issues
3.3 Legal and Compliance
We use your information to:
- Comply with applicable laws, regulations, and legal processes
- Maintain records as required by law
- Respond to lawful requests from government authorities
- Protect the rights, safety, and property of PPC, our users, and others
3.4 Quality Assurance
We may use anonymized or de-identified data to:
- Monitor and improve service quality
- Conduct internal analytics and research
- Support regulatory compliance activities
4. DISCLOSURE OF YOUR INFORMATION
4.1 Third-Party Technology Provider
IMPORTANT DISCLOSURE: To perform the AI analysis of your MRI images, we share your medical imaging data with our technology partner:
Bot Image, Inc.
Developer of ProstatID™
FDA-cleared AI software for prostate MRI analysis
What we share: Your MRI image files (DICOM format)
Purpose: Solely to perform the AI-powered analysis and generate your report
Safeguards: Bot Image, Inc. is contractually obligated to:
- Use your data only for the purpose of providing analysis
- Maintain appropriate technical and organizational security measures
- Protect the confidentiality of your health information
- Comply with applicable privacy and data protection laws
4.2 Service Providers
We may share your information with trusted third-party service providers who assist us in operating the Service:
| Provider Type | Purpose |
|---|---|
| Payment Processors | Process credit/debit card transactions |
| Cloud Infrastructure | Secure data storage and hosting |
| Customer Support Tools | Manage support communications |
All service providers are contractually obligated to protect your information and use it only for the services they provide to us.
4.3 Legal Disclosures
We may disclose your information when required by law, including:
- Response to court orders, subpoenas, or legal process
- Requests from law enforcement or government agencies
- Protection of our legal rights or defense against claims
- Enforcement of our Terms of Service
4.4 Business Transfers
In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and your choices regarding your information.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
4.6 What We Do NOT Do
- We do NOT sell your personal information or health data
- We do NOT share your medical images for marketing or advertising
- We do NOT use your health data to market other products to you
- We do NOT provide your information to data brokers
5. DATA RETENTION
We follow a data minimization approach, retaining your information only as long as necessary for its intended purpose. This reduces security risk and demonstrates our commitment to responsible data stewardship.
5.1 Health and Medical Data
IMPORTANT: We retain your MRI files and analysis reports for a limited time. Please download your files promptly for your personal records.
| Data Category | Retention Period | Rationale |
|---|---|---|
| MRI Files (DICOM) | 90 days from upload | Service delivery complete; consumer downloads for personal records |
| AI Analysis Reports | 90 days from generation | Service delivery complete; consumer downloads for personal records |
| Enhanced DICOM Files | 90 days from generation | Service delivery complete; consumer downloads for personal records |
| Patient Demographics (submitted with MRI) | 90 days (tied to MRI retention) | Linked to MRI/report; no independent value after service delivery |
Action Required: We strongly encourage you to download your MRI files and analysis reports immediately upon availability. You will receive an email reminder at 60 days. After 90 days, files are automatically and permanently deleted.
Earlier Deletion: You may request deletion of your health data at any time before the 90-day period expires.
5.2 Account and Personal Information
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account Data (name, email, password hash) | Until account deletion + 30 days | Account recovery; fraud prevention grace period |
| Contact Information (phone, if provided) | Until account deletion + 30 days | Same as account data |
| Marketing Consent Records | 3 years after consent withdrawn | Prove consent obtained; defend against spam claims |
| Customer Support Records | 3 years from last contact | Service quality, dispute resolution |
5.3 Technical and Operational Data
| Data Category | Retention Period | Rationale |
|---|---|---|
| IP Addresses | 90 days | Security monitoring; fraud detection |
| Device/Browser Information | 90 days | Security monitoring; troubleshooting |
| Session Tokens/Cookies | Until session expiration or 24 hours | Authentication; session management |
| Security Audit Logs | 3 years | Compliance evidence; incident investigation |
5.4 Financial Records
| Data Category | Retention Period | Rationale |
|---|---|---|
| Payment Transaction Records | 7 years from transaction date | IRS tax record requirements |
| Invoices and Receipts | 7 years | IRS requirements; accounting records |
5.5 De-Identified Research Data (Optional)
| Data Category | Retention Period | Rationale |
|---|---|---|
| De-Identified Data (with explicit opt-in consent) | Indefinite | Research and service improvement |
De-identified data retention requires your separate, explicit opt-in consent (not bundled with service consent). If you provide consent, data is stripped of all identifiers per HIPAA Safe Harbor standards before retention. You may withdraw consent at any time; however, data already de-identified cannot be located or deleted as it is no longer linked to you.
Your Rights: You may request deletion of your information at any time, subject to our legal retention obligations. See Section 8 for details.
After Retention Period: Information is securely deleted using methods consistent with NIST 800-88 guidelines for media sanitization.
6. DATA SECURITY
We implement comprehensive security measures to protect your information:
6.1 Technical Safeguards
- Encryption in Transit: All data transmitted to and from our platform uses TLS/SSL encryption
- Encryption at Rest: Stored data is encrypted using industry-standard protocols
- Access Controls: Role-based access limiting data access to authorized personnel
- Secure Infrastructure: Cloud hosting with SOC 2 compliant providers
- Monitoring: Continuous security monitoring and intrusion detection
6.2 Administrative Safeguards
- Employee training on data privacy and security
- Background checks for personnel with data access
- Confidentiality agreements with all staff and contractors
- Incident response procedures
6.3 Third-Party Safeguards
- Due diligence review of service provider security practices
- Contractual data protection obligations
- Business Associate Agreements where required by HIPAA
6.4 HIPAA Compliance
Where applicable, we maintain administrative, technical, and physical safeguards consistent with the Health Insurance Portability and Accountability Act (HIPAA) for the protection of health information.
Role Under HIPAA:
We are not a healthcare provider and do not provide medical diagnosis or treatment. Where applicable, we operate as a service provider and/or business associate to technology partners in connection with the processing of medical imaging data. Our Service is intended to support information review and analysis and does not create a provider–patient relationship.
6.5 Security Limitations
While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. In the event of a data breach affecting your information, we will notify you in accordance with applicable law.
7. YOUR INFORMATION, YOUR CONTROL
7.1 Account Access
You can access and update your account information at any time by logging into your account on our platform.
7.2 Download Your Data
You can download copies of:
- Your analysis reports
- Enhanced DICOM images
- Account information
7.3 Communication Preferences
You can manage your communication preferences, including:
- Service notifications (required for active submissions)
- Account updates
- Marketing communications (opt-out available)
8. YOUR PRIVACY RIGHTS
8.1 General Rights
You have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you |
| Correction | Request correction of inaccurate or incomplete information |
| Deletion | Request deletion of your personal information, subject to legal retention requirements |
| Portability | Request your data in a portable format |
| Restriction | Request that we limit processing of your information |
| Objection | Object to certain processing activities |
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know: Request disclosure of the categories and specific pieces of personal information we collect
- Delete: Request deletion of your personal information (subject to exceptions)
- Correct: Request correction of inaccurate personal information
- Opt-Out of Sale: We do not sell personal information, so this right does not apply
- Non-Discrimination: We will not discriminate against you for exercising your rights
Categories of Information Collected: Identifiers, financial information, medical/health information, internet activity, geolocation data.
Verification: We will verify your identity before processing requests, which may require you to confirm account details or provide identification.
Response Time: We will respond within 45 days, with a possible extension of up to 45 additional days if necessary.
8.3 European Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Legal Basis for Processing: We process your data based on:
- Contract performance (to provide the Service)
- Legitimate interests (security, improvement, legal compliance)
- Legal obligations
- Your explicit consent (for health data processing)
Response Time: We will respond within one month, with possible extension for complex requests.
International Data Transfers:
Our Service is operated in the United States. If you are located in the European Economic Area, United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States or other jurisdictions that may not provide the same level of data protection as your home country. Where required, we rely on appropriate safeguards, such as standard contractual clauses or equivalent legal mechanisms, to protect your personal data.
8.4 How to Exercise Your Rights
To exercise any of your privacy rights, contact us:
Email: customerservice@precisionprostateconsulting.com
Mail:
Precision Prostate Consulting, LLC
Attn: Privacy Request
62 Portland Road, Suite 25A
Kennebunk, ME 04043
Please include:
- Your full name and account email
- Specific right(s) you wish to exercise
- Any details that will help us locate your information
We may need to verify your identity before processing your request.
8.5 Limitations on Deletion
We may be unable to delete information that:
- Is required to complete your requested service
- Must be retained for legal, regulatory, or compliance purposes
- Is necessary for security or fraud prevention
- Is required for our legitimate internal business purposes
If we cannot fully comply with a deletion request, we will explain why and delete what we can.
9. ELIGIBILITY
Our Service is intended for users who are at least 18 years of age and have legal capacity to enter into our Terms of Service Agreement.
We do not knowingly collect personal information from individuals under 18. If you believe someone under 18 has registered for our Service, please contact us immediately at customerservice@precisionprostateconsulting.com.
10. CHANGES TO THIS POLICY
We may update this Policy from time to time to reflect changes in our practices, legal requirements, or other factors.
How We Notify You:
- We will post the updated Policy on our platform with a new “Last Updated” date
- For material changes affecting how we use your health information, we will notify you by email and/or prominent notice on the Service prior to the change becoming effective
Your Continued Use: Your continued use of the Service after changes are posted constitutes your acceptance of the updated Policy.
Review Prior Versions: You may request copies of prior versions of this Policy by contacting us.
11. CONTACT US
If you have questions, concerns, or requests regarding this Policy or our privacy practices:
Precision Prostate Consulting, LLC
62 Portland Road, Suite 25A
Kennebunk, ME 04043
Email: customerservice@precisionprostateconsulting.com
Website:https://precisionprostateconsulting.com
Response Time: We aim to respond to privacy inquiries within 5 business days.
12. CONSENT AND ACKNOWLEDGMENT
By registering for an account and using our Service, you:
- Consent to the collection, use, and disclosure of your information as described in this Policy
- Explicitly consent to the processing of your health and medical information, including MRI images, for the purpose of AI-powered analysis
- Authorize the sharing of your medical images with Bot Image, Inc. as described in Section 4.1
- Acknowledge that you have read and understood this Policy and our Terms of Service Agreement
