Scan Explained
Menu
Start your review

Privacy & Security

Your privacy is the foundation of how I run this service.

I handle your imaging report and images the way I'd want my own family's handled — limited collection, encrypted storage, and a 14-day deletion window you can shorten on request.

Core principles

These are the rules I built the workflow around. They shape what I collect, how long I keep it, and who can see it.

  • I ask for the minimum needed to run your session.
  • I'm the only person who opens and reviews your materials.
  • Files are deleted within 14 days of your session — sooner on request.
  • Sessions aren't recorded by default.
  • No third-party tracking on upload, session, or deliverable pages.

How your materials are handled

Your uploaded report and images are stored on Cloudflare R2 with server-side encryption. Workflow records — your case status, scheduling details, and the post-session summary — live in a separate Supabase database, also encrypted. The two are kept apart on purpose: structured workflow data doesn't need to sit alongside the raw files.

Materials are used for one thing: running your case. That means reviewing whether the case fits, preparing for your session, leading the live walkthrough, and writing your short post-session summary. They're not used as an archive, a teaching dataset, or anything else.

Sessions aren't recorded

I don't record sessions by default. Routine full-session transcripts aren't created as a standard product artifact.

14-day retention, then deleted

Raw uploaded reports and images are kept only as long as they might still be useful — through case review, your session, and a short follow-up window. They're deleted within 14 days of your session.

Only I see your materials

There's no team viewing uploaded files in the course of normal operations. Sensitive materials aren't broadly visible by default — access is limited to what's required to run your case.

What happens to your file

From the moment you upload it, every step is bounded — including the last one.

  1. Upload

    You submit your report — and any images, if your format calls for them — through an encrypted upload.

  2. Reviewed

    I personally open your materials to confirm the case fits, before any payment is requested.

  3. Used in your session

    Your materials anchor our 1-on-1 walkthrough — read together, in plain language.

  4. Summary written

    I write a short educational recap of what we discussed and send it to you.

  5. Deleted

    Raw materials are permanently deleted within 14 days of your session — sooner if you ask.

What I never do with your information

Some of what privacy means is what doesn't happen. None of the following has happened, will happen, or is part of how this service works.

  • I never sell your information, or share it with insurers, employers, or marketers.
  • I never use your materials to train AI models — mine, anyone else's, or the platforms I rely on.
  • I never use your materials for demos, teaching, marketing, or anything outside your own case — unless I ask you specifically and you say yes in writing.
  • I never embed third-party trackers on the upload, session, or deliverable pages.
  • I don't record sessions by default.

Security baseline

Encryption in transit and at rest. Multi-factor authentication on every account that touches infrastructure. Access controlled by role, with audit logging on sensitive operations. Retention and deletion timelines defined and applied automatically rather than by memory.

Sensitive routes — upload, session, deliverables — don't load third-party tracking or marketing scripts. Where I need to measure something on a sensitive page, I prefer minimal server-side events that don't share data with marketing platforms.

Caregiver participation

Caregiver participation is join-only by default. It doesn't automatically create shared access to uploaded materials, summaries, or future sessions. This page is a readable overview of how I run the service, not the full legal notice.

Ask me to delete sooner

The 14-day window exists in case a follow-up question comes up after your session. If you'd rather I delete your materials sooner — including the day after your session ends — just send me a note and I'll confirm when it's done.

Contact me

In plain English

  • I collect only what's needed for your case.
  • Files are encrypted on Cloudflare R2; workflow records live separately on Supabase.
  • Everything is deleted within 14 days of your session — sooner on request.
  • I'm the only person who opens and reviews your materials.
  • No third-party tracking on upload, session, or deliverable pages.
  • Never used for AI training, demos, or marketing without your explicit, written consent.
View Privacy Notice