Privacy Policy

GlioWise LLC, a California limited liability company, operates GlioWise (“the Service”) and acts as the data controller for the purposes of the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and similar laws. Contact: info@gliowise.ai.

The Service is designed to collect as little as possible. There is no sign-up and no account. Specifically:

• Images and reports you upload. Brain imaging files, PDFs, and screenshots you voluntarily upload so the AI can analyze them.
• Context you provide. Optional information such as the date of your scan, whether you’re in treatment, and follow-up questions you choose to type.
• Technical logs. Standard web server information (IP address, user-agent, timestamps) is processed briefly by our hosting provider to deliver the page and detect abuse.
• Analytics and error reports (with your consent). If you allow it in the cookie banner, we may collect aggregated usage data and crash reports to help improve the Service. You can change this at any time on the Cookie Settings page.
• Email summary requests (planned feature, not currently active). An email-summary feature is on our roadmap. It is not active in this release and no email-summary data is currently collected. When it ships, you will type the recipient address yourself and click to confirm sending; at that moment your summary text and the recipient address will be transmitted to an email-delivery provider so the email can be sent. We will not save the recipient address, and nothing will be sent automatically. We will update this policy and the “Last updated” date at the top when the feature ships.
• Symptom journal entries (only if you use them). If you use the symptom journal at /symptoms, anything you log — a daily mood rating, a list of symptoms with severity values, seizure details (optional type, duration, time, aura, after-effects, and suspected trigger), and any free-text note — is saved only in your browser’s local storage. This data is never sent to our servers or to Anthropic. The 30-day trends chart and pattern callouts are computed entirely inside your browser.

We do not ask for your name, address, date of birth, government ID, or any other directly identifying information. We ask that you not include any such information (for example, the patient header on a radiology report) in what you upload.

Brain imaging and the AI’s interpretation of it are considered health data under the GDPR and similar frameworks. By uploading images and clicking “Analyze,” you are giving explicit consent under Article 9(2)(a) GDPR for us to process that health data for the sole purpose of returning an educational explanation to you. You can withdraw this consent at any time by not uploading further images and by deleting your local history from your browser.

We use what you upload only to run the analysis you requested and to display the result back to you. We do not sell your data. We do not use it to train AI models. We do not use it for advertising. Specifically, we:

• Transmit your uploaded content to our AI processor to generate an educational explanation.
• Return the explanation to your browser, where your past analyses are stored in your browser’s local storage.
• Briefly process technical logs to keep the Service running and prevent abuse.
• If you consented: process analytics and/or error reports in aggregated form to understand usage and fix bugs.
• (Planned, not currently active.) When the email-summary feature ships, clicking “Send email” in the review modal will transmit your summary text and the recipient address you typed to our email-delivery provider, who will deliver the email once and then have no further role. Your scan images will never be attached to email.

We rely on a small set of sub-processors to run the Service. Each one receives only the data it needs to do its job.

• Anthropic, PBC — provides the AI model that analyzes your images and text. Uploaded content is transmitted to Anthropic’s API to generate the response. Anthropic’s commercial API terms generally state that data submitted is not used to train their public models and is retained only as needed to provide the service and comply with law. You should review Anthropic’s current privacy and usage policies at anthropic.com/privacy.
• Vercel Inc. — hosts the website and may process standard web-server logs to deliver the page.
• Analytics / error-tracking (opt-in only). If you consent, we may use a privacy-respecting analytics provider and an error-tracking provider. The exact providers are listed on the Cookie Policy page. Scripts are not loaded unless you consent.
• Email-delivery provider (planned, not currently active). An email-summary feature is on our roadmap but is not running in this release — the review-and-send UI may be visible on results pages, but the server-side hand-off is stubbed and no email is transmitted. No transactional-email provider is currently in our processing chain. When we enable real delivery we will name the chosen provider here, link to its privacy policy, and update the “Last updated” date at the top of this policy.

These providers may process your data in the United States or other countries. Where applicable, we rely on Standard Contractual Clauses and each provider’s supplementary measures as the safeguard for international transfers under GDPR Articles 44–49.

Our goal is to keep as little as possible for as short as possible.

• Uploaded images: transmitted at request time and not stored on our servers afterwards. Our AI processor may retain content briefly for operational reasons per its policies.
• Your analyses and Q&A history: stored only in your browser’s local storage. Clearing browser data clears your history.
• Medication tracker entries: any medications you add, along with dose, frequency, start date, stop date, and personal notes, are stored only in your browser’s local storage. They are never sent to our servers.
• Drug-interaction check: the interaction panel on the medications page, and the summary banner on the case-timeline page, run entirely inside your browser. They compare the medications you have added to a small hand-curated list that ships with the app. Nothing is transmitted to our servers, to Anthropic, or to any third party; the check is purely informational and is heavily caveated in-app as not being a clinical interaction database.
• The unified Case Timeline: the /case-timeline page reads your existing past analyses and medication tracker from local storage and renders them as a single horizontal visualization. It does not copy or save anything; it is a read-only view of data that already lives on your device. Clearing your past analyses or medication tracker will cause the corresponding markers to disappear from the timeline.
• Symptom journal entries: each day you use the symptom journal at /symptoms, the mood rating, symptom list with severity values, seizure records (including optional duration, time of day, aura, after-effects, and possible trigger), and any free-text note you add are saved only in your browser’s local storage. Entries are never sent to our servers or to Anthropic. The 30-day trends chart, pattern callouts, and appointment-prep export (accessible from /symptoms/export) all run entirely in your browser. When you choose the export, the resulting one-pager is produced by your browser’s own print-to-PDF feature and is not uploaded anywhere by us. Clearing browser data, or using the “Clear all data” control in Cookie Settings, removes your journal entries.
• Pre-appointment prep packet: the prep generator at /prep assembles a one-page packet from data already living in your browser — past analyses, medication tracker, symptom journal, and drug-interaction findings. Two new pieces of information you can enter on that page (your next appointment date, provider/clinic name, and visit kind; and any custom questions or generated questions you have dismissed) are stored only in your browser’s local storage under the bsc:appointment:v1 key. Question generation is rule-based and runs entirely in your browser — no AI call is made and nothing about your prep packet is sent to our servers, to Anthropic, or to any third party. The print-to-PDF view is produced by your browser’s own print feature and is not uploaded anywhere. Clearing browser data, or using the “Clear all data” control in Cookie Settings, removes your prep data.
• Beyond-treatment view: the page at /beyond-treatment is gated by an explicit choice you make on a one-button setup card: “set up my surveillance view” or “not yet, tuck this away for now”. We never infer your phase from your timeline or any other data. Your choice is stored under bsc:carePhase:v1. If you set up surveillance, a second key, bsc:survivorship:v1, holds your surveillance rhythm (next/last MRI date, cadence, and an optional imaging facility name) and your late-effects monitor entries (the category you chose from a fixed list, a 0–10 severity, optional free-text notes, and which entries you flagged for your next visit). Both keys live only in your browser; nothing about your beyond-treatment view is sent to our servers, to Anthropic, or to any third party. The printable care-plan summary is rendered by your browser’s own print feature and is not uploaded anywhere. Clearing browser data, or using the “Clear all data” control in Cookie Settings, removes your phase choice and your beyond-treatment data.
• Technical logs: retained for up to 30 days for abuse prevention and debugging, then deleted or aggregated.
• Consent records: stored in your browser’s local storage. There is no server-side profile tied to you.
• Email summaries (planned, not currently active): no email-summary data is currently retained because the feature is not yet shipped. When it ships, summaries you send will be transmitted to the recipient at request time; we will not save a copy of the email or of the recipient’s address. The email-delivery provider may retain metadata and content briefly per its own policies. Once delivered, the email will live in the recipient’s mailbox under their control.

Depending on where you live, you may have the following rights regarding your data. We honor them regardless of your location where it is reasonably possible:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate data.
• Erasure (“right to be forgotten”). Ask us to delete personal data. Most of your data lives only in your browser and can be deleted by you immediately by clearing your local history.
• Restriction / objection. Ask us to pause or stop certain processing. You can refuse analytics and error-tracking at any time in Cookie Settings.
• Portability. Receive your data in a machine-readable format where technically feasible.
• Withdraw consent. Withdraw consent to the processing of health data (stop uploading and clear history) or to analytics/error-tracking at any time, without affecting the lawfulness of prior processing.
• Lodge a complaint. Residents of the EU/UK may lodge a complaint with a supervisory authority in their country.

To exercise any of these rights, email info@gliowise.ai. We may ask for information to verify your identity, but never more than necessary.

California residents have specific rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. We do not sell your personal information and do not share it for cross-context behavioral advertising. You have the right to know what we collect, to delete it, to correct it, and to not be discriminated against for exercising your rights. Requests can be made to info@gliowise.ai.

The Service is intended for adults aged 18 and over and is not directed to children. We do not knowingly collect personal data from children under 18. If you believe a child has used the Service, contact us and we’ll take appropriate steps.

We use HTTPS for all traffic, scope API keys narrowly, and rely on reputable providers (Anthropic, Vercel) for infrastructure. Because the Service does not hold accounts or an image database, the surface area for breach is small. No system is ever perfectly secure; we encourage you not to include directly identifying information in what you upload.

If we make material changes to this Privacy Policy, we will update the “Last updated” date at the top and, where feasible, display an in-app notice before the change takes effect.

For any privacy question or request: info@gliowise.ai.