Privacy Policy
Last updated: February 25, 2026
1. Introduction
This Privacy Policy describes how Doctor Opus ("we", "us", "our"), operated at doctor-opus.online, collects, uses, and protects information in connection with the use of our Clinical Decision Support System (CDSS) by licensed healthcare professionals. We are committed to safeguarding the privacy of our users and the confidentiality of any data processed through our platform.
2. Data We Collect and How We Store It
2.1. Patient data: Doctor Opus is designed so that any patient-identifying information (name, date of birth, diagnosis) entered into the Patient Database feature is stored exclusively in the local storage (IndexedDB) of your browser and is never transmitted to our servers. We do not receive, store, or process personally identifiable patient information (PII) or protected health information (PHI) on our infrastructure.
2.2. User account data: Physician account information (email address, hashed password, credit balance, and transaction history) is stored in a secured database on our servers. This data is used solely to provide the service.
2.3. Medical imaging and analytical data: When you submit images or clinical data for AI analysis, our Three-Level Anonymization System is applied before any data is transmitted to third-party AI inference APIs (e.g., OpenRouter). This system removes or replaces all potential patient identifiers at the pixel and metadata level. We do not link analyzed medical content to individual patient identities on our servers.
Key data protection principle:
We do not receive or store your patients' personal health information on our servers. The patient database is implemented exclusively in your browser. During AI analysis, only anonymized pixel data is processed — no personal identifiers are transmitted.
3. Three-Level Anonymization System
Before any clinical data reaches our AI inference partners, it passes through:
- Level 1 — DICOM Metadata Stripping: All DICOM header tags containing patient demographics (name, ID, DOB, institution) are removed.
- Level 2 — In-image Text Removal: OCR-based detection and masking of any visible text overlaid on imaging files.
- Level 3 — Context Sanitization: The physician's clinical prompt is parsed to remove or replace any direct patient identifiers before being forwarded to the AI model.
4. GDPR Considerations
For users accessing the service from the European Economic Area (EEA), we process your personal data (account data) on the lawful basis of contract performance(Article 6(1)(b) GDPR) and legitimate interests (Article 6(1)(f) GDPR).
Your rights under GDPR include:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to object to processing
To exercise any of these rights, contact us at: support@doctor-opus.online
5. HIPAA Notice
Doctor Opus is a software tool for licensed healthcare professionals and is not a Covered Entity or Business Associate as defined under the U.S. Health Insurance Portability and Accountability Act (HIPAA). By design, our platform does not receive, store, or transmit Protected Health Information (PHI) as defined by HIPAA. The physician is solely responsible for ensuring that any data submitted for analysis is properly de-identified in accordance with applicable law.
6. Third-Party AI Services
Doctor Opus uses OpenRouter as an API gateway to access large language model (LLM) inference services. Data submitted to these services is governed by OpenRouter's privacy policy and the policies of individual model providers. Only anonymized data passes through these channels, as described in Section 3.
7. Cookies
We use only technically necessary cookies required for secure session management:
| Name | Purpose | Lifetime |
|---|---|---|
| next-auth.session-token | Active physician session identifier | 30 days |
| next-auth.callback-url | Technical redirect parameter | Session |
| cookie-consent | Stores user cookie preference | 1 year |
We do not use tracking, advertising, or analytics cookies.
8. Data Retention and Deletion
Account data is retained for the duration of your subscription and for a reasonable period thereafter for legal and accounting purposes. You may request deletion of your account and associated data at any time by contacting support@doctor-opus.online. Patient data stored in your browser can be deleted at any time through your browser's storage settings.
9. Contact
For any privacy-related inquiries or data subject requests, contact us at:
Email: support@doctor-opus.online
Website: https://doctor-opus.online
If you have any questions about this document, please contact Doctor Opus support.