Legal

Privacy Policy

Last updated: March 2026

1. Information We Collect

Account information: your name, email address, and professional role when you create an account.
Case data: the histopathological reports, templates, and associated metadata you create within the application.
Usage data: how you interact with the application, including pages visited, features used, and session duration. This data is anonymized and used solely to improve the product.
Device information: browser type, operating system, and IP address for security and session management purposes.
We do not collect patient-identifiable health information. The data you enter into case fields is stored as structured content under your control.

To provide and maintain the HistoCraft service, including generating reports, managing templates, and enabling collaboration features.
To authenticate your identity and secure your account.
To send transactional emails such as magic login links, export confirmations, and account notifications.
To analyze anonymized usage patterns and improve the application. We never use your case data for analytics.
To comply with legal obligations and respond to lawful requests from authorities.

Your data is stored in encrypted databases hosted on secure infrastructure. All connections use TLS encryption.
Database backups are encrypted at rest. Access to production systems is restricted to authorized personnel only.
We conduct regular security reviews and keep all dependencies up to date.
We do not store passwords. Authentication is handled through magic links sent to your verified email address.

We do not sell your data to third parties. Ever.
We do not share your data with advertisers or marketing companies.
We do not use your data to train artificial intelligence or machine learning models.
We may share anonymized, aggregated statistics (such as total number of reports generated) in public communications. No individual data is ever identifiable.
We may disclose information if required by law or to protect the rights, safety, or property of our users.

Right of access: you can request a copy of all personal data we hold about you.
Right to rectification: you can update or correct your personal information at any time through your account settings.
Right to erasure: you can request deletion of your account and all associated data. We will comply within 30 days.
Right to data portability: you can export your cases and templates in standard formats (DOCX, PDF) at any time.
Right to restrict processing: you can request that we limit how we use your data.
Right to object: you can object to processing of your data for specific purposes.
To exercise any of these rights, contact us at privacy@histocraft.com.

Active accounts: your data is retained as long as your account is active.
Deleted accounts: when you delete your account, all personal data and case data are permanently removed within 30 days.
Backups: encrypted backups that may contain your data are rotated and permanently deleted within 90 days of account deletion.
Anonymized usage data may be retained indefinitely as it cannot be linked back to any individual.

We use strictly necessary cookies for authentication and session management. These are essential for the application to function.
We do not use advertising cookies, tracking cookies, or third-party analytics cookies.
You can manage cookie preferences through your browser settings.

We may update this privacy policy from time to time. We will notify you of significant changes by email or through the application.
The date at the top of this page indicates when the policy was last updated.
Continued use of the service after changes constitutes acceptance of the updated policy.

Have questions about our privacy practices?