Skip to main content
ReadYourLab Logo
ReadYourLab
Open menu
Sign Up Log In

Data Security & Privacy

Last updated: March 1, 2026

At ReadYourLab, we take data security and privacy seriously. Your medical documents and personal information are protected through multiple layers of security, encryption, and strict data handling policies. This page explains how we safeguard your sensitive health information.

1. No Third-Party Data Sharing

We do not share your data with third parties. Your medical documents, images, personal information, and analysis results are never sold, rented, or shared with advertisers, data brokers, or any other third parties.

What this means: Your health information remains private and is used solely for the purpose of providing you with AI-powered analysis. We do not monetize your data or use it for any purpose other than delivering the service you requested.

2. Data Storage and Deletion

We apply different storage policies depending on the type of data you upload:

Document uploads (PDFs, images): Processed and permanently deleted from our servers immediately after analysis is complete. We do not retain these files.

DICOM image series: Stored securely on our servers as processed JPEG images along with analysis reports. This allows you to view your images, access reports, and generate study summaries at any time. Original DICOM files are not retained — only compressed JPEG copies.

User-controlled deletion: You may delete any stored DICOM series at any time through the DICOM management page. Deletion permanently removes all stored images, analysis data, and associated records from our servers.

3. Data Breach Protection

We implement multiple layers of protection to safeguard your data. Document uploads are never stored long-term. For stored DICOM image series, we apply robust server-side security measures.

Security measures include:

  • Document uploads are deleted immediately after analysis
  • Stored DICOM images are accessible only to the authenticated account owner
  • All stored data is encrypted at rest
  • Access control enforces per-user data isolation
  • Server access restricted via SSH key authentication and firewall rules

We implement strong security measures to prevent unauthorized access. In the unlikely event of a security incident, encryption at rest ensures that stored data cannot be read without the proper decryption keys.

4. No Metadata Storage

Metadata extracted from medical documents is not stored. When we analyze your documents, we extract information (like test results, measurements, findings) to generate your analysis report. This extracted metadata is used only during the analysis process and is not stored in our databases.

What is metadata? Metadata includes information extracted from your documents such as:

  • Lab test values and results
  • Medical measurements and findings
  • DICOM image parameters and patient information from scan headers
  • Clinical notes and diagnoses

This metadata is processed in real-time to generate your analysis report, then discarded. We do not maintain databases of extracted medical information, test results, or diagnostic findings.

5. What We Store in Our Database

To provide you with a seamless experience and maintain conversation history, we store the following information in our encrypted databases:

Stored Information:

  • Past conversations: Your chat history and Q&A sessions with the AI are stored so you can reference them later and continue conversations.
  • User name and email address: Your contact information is stored (encrypted) to identify your account and send you analysis results.
  • DICOM image series: Processed JPEG images from your uploaded DICOM scans and their analysis reports are stored so you can view, compare, and download them. You can delete any series at any time.

Encryption at rest: All stored data (conversations, name, and email) is encrypted before being stored in our databases using industry-standard encryption algorithms, ensuring it cannot be read even if database access is compromised.

Minimal data collection: We only collect and store the information necessary to provide you with analysis results, maintain conversation history, and respond to support inquiries.

Important Privacy Protections: While we store this information to provide you with service continuity, we maintain strict privacy protections:

  • No third-party sharing: As described in section 1, we do not share your conversations, name, email, or any other stored data with third parties. This data is never used for marketing or sold to advertisers.
  • No medical documents: Your uploaded medical documents, images, and extracted metadata are not stored in our databases. They are processed and immediately deleted.

This stored information allows you to access your conversation history and receive personalized service, while maintaining the highest standards of privacy and security. Your medical documents and sensitive health information remain protected through our "process and delete" model.

6. SSL/TLS Encryption for All Communications

All communication between your browser and our servers is encrypted using SSL/TLS. This ensures that your data is protected while in transit over the internet.

HTTPS encryption: All connections to ReadYourLab use HTTPS (SSL/TLS), which encrypts data as it travels between your device and our servers.

Protected uploads: When you upload medical documents, the transfer is encrypted, preventing interception or tampering.

Secure API calls: All API requests and responses are encrypted, ensuring your data remains protected throughout the analysis process.

How to verify: Look for the padlock icon in your browser's address bar when visiting ReadYourLab. This indicates that your connection is encrypted and secure.

7. User-Controlled Browser Storage

The application stores user metadata in browser local storage, where you have full control. Some non-sensitive information (like your name and email preferences) may be stored locally in your browser for convenience, but this data never leaves your device and you can delete it at any time.

What is stored locally:

  • Your name and email (for convenience when filling forms)
  • UI preferences (like theme settings)
  • Session information (to maintain your session while using the site)

Your control: You can clear this data at any time through your browser settings. Local storage is managed entirely by your browser and is not accessible to our servers.

No medical data: Medical documents, images, analysis results, or any sensitive health information are never stored in browser local storage.

How to clear: You can clear local storage by going to your browser's settings and clearing site data, or by using your browser's developer tools. This will remove any locally stored information.

Security Summary

ReadYourLab implements a comprehensive security model designed to protect your sensitive medical information:

  • No third-party sharing — Your data is never shared with external parties
  • Document uploads deleted immediately — PDFs and images are removed right after analysis
  • DICOM series stored securely — Encrypted at rest, accessible only to the authenticated account owner, deletable at any time
  • Access control — Per-user data isolation ensures you can only access your own data
  • No metadata storage — Extracted information from medical documents is not stored in databases
  • Encrypted stored data — Past conversations, name, email, and DICOM images are encrypted at rest and never shared
  • SSL/TLS encryption — All communications are encrypted in transit
  • User-controlled deletion — Delete any stored series or clear browser storage at any time

Questions About Security?

If you have questions about our data security practices or privacy policies, please contact us at support@readyourlab.com.