DeepOCT is committed to protecting your privacy and medical data security. We collect account information (name, email, phone number, medical license number, specialty, institution affiliation), OCT images you upload, de-identified patient metadata (age, gender - we do NOT collect patient names, addresses, or personal identifiers), analysis results and reports, and usage data (device type, OS version, IP address, access times, features used, error logs). This information is used to provide OCT analysis services, improve AI accuracy through anonymized images, manage your account, provide customer support, ensure security, and comply with legal requirements. We DO NOT sell your data - we share information only with AWS for cloud hosting and storage (with TLS 1.3 and AES-256 encryption), email providers for account notifications, and legal authorities when required by law. Your data may be stored in AWS Singapore (primary) and AWS Tokyo (backup) with appropriate security measures and standard contractual clauses. We retain account information for the duration of your account plus 1 year, OCT images and results for 5 years, usage logs for 2 years, and anonymized research data indefinitely. You have the right to access your personal data, correct inaccurate information, request data deletion, export your data, opt out of AI training, and opt out of marketing emails. You are responsible for de-identifying patient data before upload, obtaining necessary patient consents, and complying with HIPAA or equivalent local privacy laws. We may update this policy with 30 days notice, and continued use means acceptance of changes. For questions about privacy, contact noreply.deepoct@gmail.com.