Privacy Policy

GlioWise LLC, a California limited liability company, operates GlioWise (“the Service”) and acts as the data controller for the purposes of the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and similar laws. Contact: info@gliowise.ai.

The Service is designed to collect as little as possible. There is no sign-up and no account. Specifically:

• Reports and text you submit. Radiology reports (as PDFs or pasted text) submitted to the scan-report explainer or comparator, pathology reports (as PDFs, screenshots, or pasted text) submitted to the pathology decoder, NGS / molecular reports submitted to the NGS explainer, operative reports submitted to the surgery translator, and any medical text you paste into the plain-language translator. We don’t accept brain imaging itself; the scan-report flows translate the radiologist’s written report, not the underlying MRI/CT images.
• Privacy mode, on by default. Before any report text leaves your device, your browser automatically strips identifying information: patient name, MRN, date of birth, address, ZIP code, phone number, email address, SSN, and accession/account/specimen numbers. Each detected item is replaced with a categorical placeholder ([PATIENT NAME], [MRN], [DOB], etc.). The detection runs entirely in your browser using regular-expression patterns; no copy of your raw report ever leaves your device unless you paste it elsewhere yourself. We keep age, sex, scan/exam dates, and provider and facility names in the submitted text because removing them would degrade the AI’s translation without privacy benefit. You can see the list of categories removed in a chip-list below the textarea, and you can manually edit the cleaned text before clicking Analyze. This is a best-effort precaution rather than HIPAA-grade de-identification; rare names or unusual report formats may not be caught.
• Context you provide. Optional information such as the date of your scan or report, whether you’re in treatment, and follow-up questions you choose to type.
• Technical logs. Standard web server information (IP address, user-agent, timestamps) is processed briefly by our hosting provider to deliver the page and detect abuse.
• Analytics: we do not run any. No page-view tracking, no usage statistics, no behavioral data, no advertising pixels.
• Error reports (planned, not currently active). We may add an opt-in error-tracking provider in the future to help us catch and fix crashes. It is not running today, and no error reports are being collected.
• Email summary requests (planned feature, not currently active). An email-summary feature is on our roadmap. It is not active in this release and no email-summary data is currently collected. When it ships, you will type the recipient address yourself and click to confirm sending; at that moment your summary text and the recipient address will be transmitted to an email-delivery provider so the email can be sent. We will not save the recipient address, and nothing will be sent automatically. We will update this policy and the “Last updated” date at the top when the feature ships.
• Symptom journal entries (only if you use them). If you use the symptom journal at /symptoms, anything you log (a daily mood rating, a list of symptoms with severity values, seizure details such as optional type, duration, time, aura, after-effects, and suspected trigger, and any free-text note) is saved only in your browser’s local storage. This data is never sent to our servers or to Anthropic. The 30-day trends chart and pattern callouts are computed entirely inside your browser.
• Plain-language translator inputs (only if you use them). If you use the translator at /explain, any medical text you paste in (an email from your care team, a forum post, a research abstract, or a chunk of a discharge summary) is transmitted to Anthropic the same way an uploaded image is, so the AI can produce a plain-language explanation. The response renders in your browser. The translator does not save the input or output to your past-analyses history; each translation is a fresh one-off, and once you leave the page nothing about that text remains on our side.
• Clinical-trial filter selections (only if you use them). If you use the trials primer at /trials, the selections you make on the filter form (tumor type, IDH/MGMT status, prior treatments, recruiting-only flag, geographic radius, and so on) are used to construct a clinicaltrials.gov URL inside your browser. The URL is opened in a new tab when you click search. Your filter selections are not transmitted to our servers; clinicaltrials.gov receives the same query parameters any visitor with that link would send, governed by its own privacy practices.
• Post-visit debriefs (only if you use them). If you fill in a debrief after a past appointment, what you type (what the doctor said, what changed, what’s next, and any “wish I’d asked” lines) is stored only in your browser’s local storage. Each non-empty “wish I’d asked” line is also added to your custom-questions list for the next prep packet. Nothing about a debrief is sent to our servers or to Anthropic.

We do not ask for your name, address, date of birth, government ID, or any other directly identifying information. We ask that you not include any such information (for example, the patient header on a radiology report) in what you upload.

Radiology reports, pathology reports, and other clinical text about your care are considered health data under the GDPR and similar frameworks. By submitting a report or other clinical text and clicking “Explain” (or “Compare,” “Decode,” or “Translate” depending on the tool), you are giving explicit consent under Article 9(2)(a) GDPR for us to process that health data for the sole purpose of returning an educational explanation to you. You can withdraw this consent at any time by not submitting further reports and by deleting your local history from your browser.

We use what you upload only to run the analysis you requested and to display the result back to you. We do not sell your data. We do not use it to train AI models. We do not use it for advertising. Specifically, we:

• Transmit your uploaded content to our AI processor to generate an educational explanation.
• Return the explanation to your browser, where your past analyses are stored in your browser’s local storage.
• Briefly process technical logs to keep the Service running and prevent abuse.
• (Planned, not currently active.) If we ever enable opt-in error tracking and you consent, we would process aggregated crash reports in order to fix bugs.
• (Planned, not currently active.) When the email-summary feature ships, clicking “Send email” in the review modal will transmit your summary text and the recipient address you typed to our email-delivery provider, who will deliver the email once and then have no further role. Original reports will never be attached to email; only the plain-language summary you have reviewed.

We rely on a small set of sub-processors to run the Service. Each one receives only the data it needs to do its job.

• Anthropic, PBC: provides the AI model that translates the reports and text you submit. Submitted content is transmitted to Anthropic’s API to generate the response. Anthropic’s commercial API terms generally state that data submitted is not used to train their public models and is retained only as needed to provide the service and comply with law. You should review Anthropic’s current privacy and usage policies at anthropic.com/privacy.
• Vercel Inc.: hosts the website and may process standard web-server logs to deliver the page.
• Analytics provider: none. We do not use Google Analytics, Vercel Analytics, or any other analytics service. There are no analytics scripts on the page.
• Error-tracking provider (planned, not currently active). We may add an opt-in error-tracking provider in a future release to help us catch crashes. No error-tracking provider is currently in our processing chain. When we enable one, it will be opt-in and we will name the provider here.
• Email-delivery provider (planned, not currently active). An email-summary feature is on our roadmap but is not running in this release. The review-and-send UI may be visible on results pages, but the server-side hand-off is stubbed and no email is transmitted. No transactional-email provider is currently in our processing chain. When we enable real delivery we will name the chosen provider here, link to its privacy policy, and update the “Last updated” date at the top of this policy.

These providers may process your data in the United States or other countries. Where applicable, we rely on Standard Contractual Clauses and each provider’s supplementary measures as the safeguard for international transfers under GDPR Articles 44–49.

Our goal is to keep as little as possible for as short as possible.

• Submitted reports and text: transmitted at request time and not stored on our servers afterwards. Our AI processor may retain content briefly for operational reasons per its policies.
• Scan-report explanations (only if you use them). If you use the scan-report explainer at /explain-scan, the report text (or PDF text) you submit is transmitted to Anthropic to be translated into a structured plain-English explanation. The result is saved to your browser’s local storage as a new history entry of kind explain-scan, including the structured translation, the filenames of any PDFs you uploaded, and the first ~240 characters of the report text as a preview for the history list. The original report text itself is not stored beyond that preview. Entries can be deleted individually from the history page or wiped via Clear all data in Cookie Settings. Nothing about a scan-report explanation is retained on our servers.
• Scan-report comparisons (only if you use them). If you use the compare-reports flow at /explain-scan?mode=compare, two reports (older + newer) are transmitted to Anthropic to be aligned and compared in plain English. The structured comparison is saved to your browser’s local storage as a new history entry of kind compare-scans, with the filenames and first ~240-character previews of each report. As with single-report explanations, the full report text is not stored. Nothing is retained on our servers.
• Your analyses and Q&A history: stored only in your browser’s local storage. Clearing browser data clears your history.
• Medication tracker entries: any medications you add, along with dose, frequency, start date, stop date, and personal notes, are stored only in your browser’s local storage. They are never sent to our servers.
• Drug-interaction check: the interaction panel on the medications page, and the summary banner on the case-timeline page, run entirely inside your browser. They compare the medications you have added to a small hand-curated list that ships with the app. Nothing is transmitted to our servers, to Anthropic, or to any third party; the check is purely informational and is heavily caveated in-app as not being a clinical interaction database.
• The unified Case Timeline: the /case-timeline page reads your existing past analyses and medication tracker from local storage and renders them as a single horizontal visualization. It does not copy or save anything; it is a read-only view of data that already lives on your device. Clearing your past analyses or medication tracker will cause the corresponding markers to disappear from the timeline.
• Symptom journal entries: each day you use the symptom journal at /symptoms, the mood rating, symptom list with severity values, seizure records (including optional duration, time of day, aura, after-effects, and possible trigger), and any free-text note you add are saved only in your browser’s local storage. Entries are never sent to our servers or to Anthropic. The 30-day trends chart, pattern callouts above it, and appointment-prep export (accessible from /symptoms/export) all run entirely in your browser. When you choose the export, the resulting one-pager is produced by your browser’s own print-to-PDF feature and is not uploaded anywhere by us. Clearing browser data, or using the “Clear all data” control in Cookie Settings, removes your journal entries.
• Dismissed symptom-pattern callouts: the “Patterns we noticed” panel above the trend chart renders rule-based observations (e.g. “headaches have been worse on Mondays” or “5 seizures on 4 days in the last 30”). The detection runs in your browser against the journal entries above. If you tap the × on a callout, only the pattern’s stable identifier is saved (under bsc:symptomPatternsDismissed:v1) so the same pattern doesn’t re-prompt. You can restore all dismissed patterns from the strip above the chart. Nothing about the patterns themselves is sent to our servers.
• Pre-appointment prep packet: the prep generator at /prep assembles a one-page packet from data already living in your browser: past analyses, medication tracker, symptom journal, and drug-interaction findings. Information you can enter on that page (your next appointment date, provider / clinic name, visit kind; any custom questions or generated questions you have dismissed; and any post-visit debriefs you save) is stored only in your browser’s local storage under the bsc:appointment:v1 key. Question generation is rule-based and runs entirely in your browser; no AI call is made and nothing about your prep packet is sent to our servers, to Anthropic, or to any third party. The print-to-PDF view is produced by your browser’s own print feature and is not uploaded anywhere. Clearing browser data, or using the “Clear all data” control in Cookie Settings, removes your prep data.
• Post-visit debriefs: when an appointment date you saved on /prep passes, the countdown widget prompts you to capture a short debrief: what the doctor said, what changed, what’s next, and anything you wish you’d asked. The debrief record (date, optional provider and visit kind, your four text fields, and selected change-tags) is stored in your browser only, under the same bsc:appointment:v1 key as the rest of your prep data. Each non-empty “wish I’d asked” line is also appended to your custom-questions list so the next prep packet surfaces it pre-starred. Up to 60 past debriefs are kept locally; older debriefs roll off. Nothing about a debrief is sent to our servers or to Anthropic. Clearing browser data, or the “Clear all data” control in Cookie Settings, removes them.
• Care team contacts: the names, roles, phone numbers, emails, and free-text notes you add on /care-team, plus the flags indicating which contact is your primary and which is the after-hours line, are stored only in your browser under bsc:careTeam:v1. They are never transmitted to our servers or to Anthropic. The tap-to-call and tap-to-email links use your browser’s native tel: and mailto: handoff to your phone or email app; we don’t see the call or the email. Up to 50 contacts are kept locally. Clearing browser data, or the “Clear all data” control in Cookie Settings, removes them.
• Emergency wallet card: the page at /emergency-card composes a printable wallet card from your existing pathology, medications, and care-team data, plus a small set of new free-text fields stored under bsc:emergencyCard:v1: full name, year of birth, primary language, allergies, an emergency note, and an optional personal emergency contact. The composed card is rendered + printed entirely by your browser. Nothing about the wallet card is transmitted to our servers or to Anthropic. Clearing browser data, or the “Clear all data” control in Cookie Settings, removes the user-entered fields.
• Starred questions from analyses: if you star a question from the suggested-questions list inside any saved analysis (pathology report, scan-report explanation, or scan-report comparison), the star is recorded in your browser under bsc:starredQuestions:v1 so the next prep packet on /prep can carry those questions into your next visit. Stars never reach our servers; they live only on the device you starred them on. Unstarring removes the entry.
• Plain-language translator inputs and outputs: the translator at /explain sends pasted medical text to Anthropic to be explained and renders the response in your browser. Unlike a scan or pathology analysis, the translator does not save anything to your local past-analyses list; once you navigate away or paste new text, the previous translation is gone. We never store the input or output on our servers. Anthropic may briefly retain the input for operational reasons per its policies.
• Clinical-trial filter selections: the form on /trials runs entirely in your browser and builds a clinicaltrials.gov URL when you click search. Your selections are not stored beyond the current page session and are not transmitted to our servers. Clinicaltrials.gov receives the same query-string parameters any visitor would send, and is governed by its own privacy practices.
• Beyond-treatment view: the page at /beyond-treatment is gated by an explicit choice you make on a one-button setup card: “set up my surveillance view” or “not yet, tuck this away for now”. We never infer your phase from your timeline or any other data. Your choice is stored under bsc:carePhase:v1. If you set up surveillance, a second key, bsc:survivorship:v1, holds your surveillance rhythm (next/last MRI date, cadence, and an optional imaging facility name) and your late-effects monitor entries (the category you chose from a fixed list, a 0–10 severity, optional free-text notes, and which entries you flagged for your next visit). Both keys live only in your browser; nothing about your beyond-treatment view is sent to our servers, to Anthropic, or to any third party. The printable care-plan summary is rendered by your browser’s own print feature and is not uploaded anywhere. Clearing browser data, or using the “Clear all data” control in Cookie Settings, removes your phase choice and your beyond-treatment data.
• Technical logs: retained for up to 30 days for abuse prevention and debugging, then deleted or aggregated.
• Consent records: stored in your browser’s local storage. There is no server-side profile tied to you.
• Email summaries (planned, not currently active): no email-summary data is currently retained because the feature is not yet shipped. When it ships, summaries you send will be transmitted to the recipient at request time; we will not save a copy of the email or of the recipient’s address. The email-delivery provider may retain metadata and content briefly per its own policies. Once delivered, the email will live in the recipient’s mailbox under their control.

Depending on where you live, you may have the following rights regarding your data. We honor them regardless of your location where it is reasonably possible:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Ask us to correct inaccurate data.
• Erasure (“right to be forgotten”). Ask us to delete personal data. Most of your data lives only in your browser and can be deleted by you immediately by clearing your local history.
• Restriction / objection. Ask us to pause or stop certain processing. You can refuse error-tracking at any time in Cookie Settings (we don’t run analytics, so there is nothing to refuse there).
• Portability. Receive your data in a machine-readable format where technically feasible.
• Withdraw consent. Withdraw consent to the processing of health data (stop uploading and clear history) or to error-tracking at any time, without affecting the lawfulness of prior processing.
• Lodge a complaint. Residents of the EU/UK may lodge a complaint with a supervisory authority in their country.

To exercise any of these rights, email info@gliowise.ai. We may ask for information to verify your identity, but never more than necessary.

California residents have specific rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. We do not sell your personal information and do not share it for cross-context behavioral advertising. You have the right to know what we collect, to delete it, to correct it, and to not be discriminated against for exercising your rights. Requests can be made to info@gliowise.ai.

The Service is intended for adults aged 18 and over and is not directed to children. We do not knowingly collect personal data from children under 18. If you believe a child has used the Service, contact us and we’ll take appropriate steps.

We use HTTPS for all traffic, scope API keys narrowly, and rely on reputable providers (Anthropic, Vercel) for infrastructure. Because the Service does not hold accounts or an image database, the surface area for breach is small. No system is ever perfectly secure; we encourage you not to include directly identifying information in what you upload.

If we make material changes to this Privacy Policy, we will update the “Last updated” date at the top and, where feasible, display an in-app notice before the change takes effect.

For any privacy question or request: info@gliowise.ai.