Data Policy

Spanish | French

Effective January 1, 2025

At Upstream Vision, data integrity and security are at the core of our operations. This Data Policy outlines how we collect, store, process, and manage data to ensure compliance, transparency, and protection for all users and stakeholders. By accessing or using our services (the "Service"), you agree to the terms of this Data Policy.

1. Data Collection

1.1 Operational Data: We collect data generated during the use of our Service, including imaging data, clinical trial data, and associated metadata, to facilitate seamless workflows and analytics.

1.2 User Data: User-provided information such as account credentials, contact details, and user preferences is collected to personalize and optimize the Service.

1.3 System Data: System-generated data, including device logs, access times, and IP addresses, is collected to enhance security, troubleshoot issues, and monitor performance.

1.4 Optional Data: Feedback, surveys, or other optional inputs users provide may also be collected to support research, service improvements, and user engagement initiatives.

2. Data Usage

2.1 Service Operations: Collected data is used to deliver, optimize, and enhance our core Service offerings, including imaging analysis, reporting, and clinical trial management.

2.2 Regulatory Compliance: Data is processed to comply with regulatory requirements, including but not limited to GDPR, HIPAA, and 21 CFR Part 11.

2.3 Security and Integrity: We use data to ensure the integrity and security of our systems, detect anomalies, and prevent unauthorized access.

2.4 Research and Innovation: Aggregated and anonymized data may be used for research purposes to drive innovation and improve medical and technological solutions.

2.5 User Communication: We may use user data to send critical updates, respond to inquiries, and provide support.

3. Data Sharing

3.1 Internal Sharing: Data may be shared across authorized teams within Upstream Vision to support operational needs and service delivery.

3.2 External Partners: We only share anonymized or aggregated data with research institutions, collaborators, or service providers to advance clinical trials and medical research, and only with prior confirmation and appropriate agreements.

3.3 Legal Compliance: Data may be disclosed to comply with legal obligations, court orders, or regulatory requests.

3.4 User Consent: We may share data with third parties when users provide explicit consent.

4. Data Retention

4.1 Retention Duration: Data is retained for the duration of its utility in active clinical trials and for a minimum of five years following trial completion or as required by applicable regulations.

4.2 Archival Practices: Historical data may be archived securely to support audits, compliance reviews, or research initiatives.

5. Data Security

5.1 Encryption Standards: We employ dual-layer encryption (TLS 1.2+ for data in transit and AES 256+ for data at rest) to protect sensitive information.

5.2 Access Controls: Data access is restricted to authorized personnel and governed by stringent access protocols.

5.3 Monitoring and Alerts: Real-time monitoring and alert systems are in place to detect and mitigate security threats.

6. User Rights and Data Management

6.1 Access Requests: Users may request access to their data and receive detailed records of collected information.

6.2 Correction and Updates: Users can update or correct inaccuracies in their data by contacting us or through account settings.

6.3 Data Deletion: Users may request the deletion of their data, subject to legal and operational requirements.

6.4 Preferences: Users can adjust their data-sharing preferences and opt out of non-essential data collection or processing.

7. International Data Handling

7.1 Global Operations: Data may be stored and processed within its region of origin. All transfers comply with applicable legal standards to ensure adequate protection.

7.2 Cross-Border Compliance: We adhere to international data protection regulations to safeguard user data during cross-border transfers.

8. Policy Updates

We may update this Data Policy periodically to reflect changes in our practices or regulatory requirements. Any significant updates will be communicated to you, and continued use of the Service signifies acceptance of the revised Policy.

9. Contact Information

For questions, concerns, or requests related to this Data Policy, please contact us at:

hello@upstream.vision

Thank you for trusting Upstream Vision with your data. We are committed to maintaining the highest standards of data security and integrity.