Privacy
Your brain MRI is sensitive personal data. This page explains what we do with it, what we don't, and how you stay in control.
What we collect
- Your account. Your email address and a securely hashed password. If you sign in with Google, your name and Google account identifier instead of a password.
- Your scans. The MRI files you choose to upload and the analysis we run on them.
- Reading-only metadata. Your age, sex, and the acquisition date of each scan, used to compute your report.
What we do with it
- We remove identifying details from each scan before processing or long-term storage. Anything that could link a file back to your identity in a clinical records system is stripped.
- We analyse your scan to produce your report and keep the result available in your account.
- We retain the original file you uploaded so we can re-run the analysis if our model improves. You can request that we delete it at any time.
What we don't do
- We don't sell, share, or rent your data.
- We don't use your scans to train any machine-learning model.
- We don't share your scans with other users. Your longitudinal view is yours alone.
- We don't show your data to advertisers, and we don't run third-party advertising trackers.
Where your data lives
Your account, scans, and reports are stored on private servers inside the European Union (Germany), with data encrypted in transit and at rest. Only the NeuroVol service has access; no third party holds a copy.
How long we keep it
We keep your account and scans for as long as your account exists. Delete the account and everything goes — there's no soft delete and nothing lingers in backups beyond a short rolling window for outage recovery.
Your controls
- Delete everything. You can request deletion of your account at any time. We remove your account, every scan you've uploaded, every report, and any backups within a few business days. There is no soft delete.
- Sign-in. You can change your password or disconnect Google sign-in at any time.
Last updated: 2026-06-22.