Path-iQ Intelligence · For academic and research use only · Not a medical device
Home / Legal / Privacy Policy
Path-iQ Intelligence

Privacy Policy

Effective date: 16 May 2026  ·  Last updated: 16 May 2026

Jump to section
  1. 1. Information we collect
  2. 2. How we use information
  3. 3. AI processing of pathology images
  4. 4. How information is shared
  5. 5. International data transfers
  6. 6. Data retention
  7. 7. Security
  8. 8. Patient data & your responsibilities
  9. 9. Your rights
  10. 10. Children's privacy
  11. 11. iOS app permissions
  12. 12. Third-party SDKs
  13. 13. Changes to this policy
  14. 14. Contact us
This Privacy Policy explains how Path-iQ Intelligence ("Path-iQ", "we", "us", or "our") collects, uses, stores, and shares information when you use the Path-iQ web application at pathiq.space and the Path-iQ Mobile iOS application (collectively, the "Service"). By using the Service you agree to the practices described here.
!
Academic and research use only. Path-iQ is intended solely for academic and research purposes. It is a professional collaboration and research tool for pathologists, lab personnel, and the pathology supply ecosystem. It is not a medical device, is not intended to be used as the primary basis for clinical diagnosis or treatment, and outputs from any AI pipelines must always be verified by a qualified pathologist before any clinical action is taken.

01Information we collect

1.1 Information you provide

  • Account information. When you sign up, we collect your phone number (used for one-time-password authentication via Firebase Authentication). You may optionally add a full name, email address, professional role, specialization, institution or company name, and a profile picture.
  • Verification documents. If you choose to verify your professional profile or register a laboratory, we collect identity documents (e.g., government ID, professional license, incorporation certificate) that you upload through the Service.
  • User-generated content. This includes: whole-slide images and other digital pathology images you upload; annotations, snapshots, and reports you create; messages and attachments you exchange with other users; and case-level metadata such as filename, dimensions, and notes. Patient identifiers you may choose to add to a Quick Report (name, MRN, etc.) are treated as user-generated content (see Section 8).
  • Lab and supplier registry submissions. If you register a pathology laboratory or supplier, we store the name, type, city, country, contact email, phone, website, description, and any supporting documents you upload.

1.2 Information collected automatically

  • Device and usage data. IP address (transient, for security and abuse prevention), user agent / device type, operating system, app version, language, and timestamps of activity. Crash reports and performance metrics may be collected for diagnostic purposes.
  • Local storage. The Service uses your device's local storage (browser localStorage on web, the equivalent secure storage on iOS) to cache: your sign-in session, your private case archive, your snapshot library, your contacts list, your in-progress drafts (including Quick Reports), preferences, and dismissal state for in-app prompts. This data lives on your device and is not transmitted to our servers unless you take an action that requires it (such as sharing a case).
  • Cookies and similar technologies. Firebase authentication uses cookies set on the pathiq.space origin to maintain your signed-in state. We do not use third-party advertising or tracking cookies.

1.3 Information from other users

When another Path-iQ user shares a case, snapshot, or chat message with you, the content of that share is associated with your account so we can deliver it to you and so you can reply.

02How we use information

  • Provide the Service. Render your slides, run AI pipelines you trigger, deliver chat messages, populate the directory, and let you discover labs and suppliers.
  • Authentication and security. Verify it is you signing in, prevent unauthorized access, and detect abuse.
  • Verification. Review identity and licensing documents you submit so we can award the "Verified" badge on your profile or your lab listing.
  • Communications. Send transactional messages (one-time passwords, security alerts) and respond to your inquiries.
  • Improve the Service. Aggregate, anonymized usage data helps us understand which features are used and how to improve them. We do not use your pathology images or messages to train AI models without your explicit, separate consent.
  • Legal compliance. Comply with applicable law, court orders, and lawful requests from authorities.

03AI processing of pathology images

When you trigger an AI pipeline (such as SOLARIS, NEXUS, PRISM, LUX, or IRIS) on a slide region, that region is sent to our backend at pathiq.space/api/* for inference. The image data is processed in memory to produce the result and is not retained beyond the request unless you separately save it to a case. AI outputs are exploratory and must not be relied upon for clinical decisions.

04How information is shared

4.1 With other Path-iQ users

  • Your profile (name or masked phone number, picture, role, specialization, institution, verification status) is visible to other signed-in users in the Pathologist Directory and as the sender of any messages you send.
  • Phone numbers used purely as login identifiers (where you have not added a display name) are masked in the directory (e.g., +966 ••• 10) to limit exposure.
  • Content you share (cases via deep link, snapshots via Path-iQ Messenger, lab listings) becomes available to the recipients or audience you choose.

4.2 With service providers

We rely on the following service providers to operate the Service. Each receives only the data needed for the function they perform and is bound by their own privacy and security commitments.

Google Firebase Authentication
Purpose: phone OTP sign-in. Data handled: phone number, auth tokens, IP for fraud signals. Policy: firebase.google.com/support/privacy.
Google Cloud Firestore
Purpose: realtime database for chats, directory, labs. Data handled: profile, messages, listings, reactions. Policy: firebase.google.com/support/privacy.
Google Cloud Storage (Firebase Storage)
Purpose: verification documents, profile pictures. Data handled: identity and license files, avatar images. Policy: cloud.google.com/security/privacy.
IDrive e2 (S3-compatible)
Purpose: temporary slide hand-off uploads (24-hour TTL). Data handled: slide image bytes, presigned URL access. Policy: idrive.com/idrive/privacy-policy.
Hostinger VPS (Frankfurt, EU)
Purpose: hosting the Path-iQ web app and AI backend. Data handled: HTTP request logs, AI inference payloads. Policy: hostinger.com/privacy-policy.

4.3 Legal and safety

We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, enforce our Terms, prevent fraud or abuse, or protect the rights, property, or safety of Path-iQ, our users, or the public.

4.4 Business transfers

If Path-iQ is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you (and where required, obtain your consent) before your information is transferred and becomes subject to a different privacy policy.

05International data transfers

Path-iQ is operated from infrastructure located in the European Union (EU) and the United States. By using the Service from outside those jurisdictions you understand that your information will be transferred to and processed in those countries. Where required by law (e.g., for transfers out of the European Economic Area), we rely on Standard Contractual Clauses or equivalent mechanisms with our service providers.

06Data retention

  • Account data is retained for as long as your account is active and for a reasonable period afterward to comply with legal and audit obligations.
  • Messages and shared cases are retained in Firestore until you (or the other participant) delete them.
  • Temporary slide uploads on IDrive e2 are automatically removed by a daily server-side sweep approximately 24 hours after upload.
  • Locally cached cases, snapshots, and drafts remain on your device until you remove them or uninstall the app / clear browser data.
  • Logs and crash reports are kept for up to 90 days, then aggregated or deleted.

07Security

We use HTTPS/TLS for all network traffic, scoped tokens for service-to-service calls, and presigned URLs with short expirations for IDrive e2 uploads. Verification documents are stored in Firebase Storage with access controls limiting reads to administrators reviewing the submission. No method of electronic transmission or storage is 100% secure, however, and we cannot guarantee absolute security.

08Patient data and your responsibilities (HIPAA / GDPR)

!
Path-iQ does not currently offer a HIPAA Business Associate Agreement. Do not upload identifiable patient data in production clinical workflows without first contacting us about appropriate enterprise terms.

Path-iQ is a tool that pathology professionals use in the course of their work. Any information you upload — including images, annotations, Quick Report fields, and chat messages — may incidentally contain personal data or protected health information (PHI) under HIPAA, GDPR, or other applicable laws. You are solely responsible for ensuring you have the appropriate legal basis, consent, de-identification, and Business Associate Agreement (if applicable) before uploading or sharing any such information through the Service.

09Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your account and associated data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Request a portable copy of your data.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local supervisory authority (e.g., EU Data Protection Authority).

To exercise any of these rights, contact us using the details in Section 14. We will respond within 30 days. Within the app, you can update or delete most of your profile data directly via Edit Profile, and you can delete chats and cases from their respective views.

10Children's privacy

Path-iQ is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete the data.

11iOS app permissions

The Path-iQ Mobile iOS application may request the following permissions. Each can be denied; some features may be limited without them.

Photos / Camera
Used only when you choose to upload a profile picture or capture a snapshot. Photos remain on your device until you explicitly share them.
Notifications
Used to deliver in-app message and verification updates if you opt in.
Network
Required for sync, AI inference, and messaging.

The app does not request access to your contacts, calendar, microphone, location, Bluetooth, motion data, or HealthKit.

12Third-party SDKs

The Path-iQ Mobile iOS application bundles the following third-party SDKs and libraries:

  • Firebase Authentication, Firestore, and Storage (Google LLC)
  • OpenSeadragon (open-source viewer, runs client-side)
  • jsPDF (open-source PDF generation, runs client-side)
  • geotiff.js, TensorFlow.js / MobileNet (open-source, client-side image processing)

13Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, where appropriate, by a prominent notice within the Service. Your continued use of the Service after an update means you accept the updated policy.

14Contact us

If you have questions, concerns, or requests regarding this policy or your personal data:

If you are in the EEA / UK and we are unable to resolve your concern, you have the right to lodge a complaint with your local data protection authority.

Privacy question or data request?

Email us with a clear description of your request. We respond within 30 days.

privacy@pathiq.space
Cookies Data safety Delete account All policies

© Path-iQ Intelligence · pathiq.space