Legal

Privacy Policy

Learn how we collect, use, and protect your data as we build our AI products for healthcare and education — Orasis AI and Gnosis AI.

Last updated: June 11, 2025

Development phase notice

BioAnalytiX is currently under development. This privacy policy outlines our commitment to data protection and our intended practices. As we progress toward launch and obtain necessary certifications, this policy will be updated accordingly.

Overview

BioAnalytiX (“we,” “our,” or “us”) builds AI products for healthcare and education: Orasis AI, an AI assistant that helps radiologists analyze brain CT scans faster and more accurately, and Gnosis AI, an AI study companion for university students grounded in their official course material. While several of our products are still in development and piloting, we are committed to the highest standards of data protection and privacy from the outset.

This Privacy Policy explains our intended practices for collecting, using, and protecting information as our products mature. We are working toward compliance with:

  • General Data Protection Regulation (GDPR) — in progress
  • Health Insurance Portability and Accountability Act (HIPAA), for healthcare data via Orasis AI — planned
  • Education data-protection standards, for student data via Gnosis AI — under review
  • Other applicable healthcare, education, and privacy regulations — under review

Current status

Our products are in development and limited release: Orasis AI is in closed beta using only anonymized or synthetic medical images, and Gnosis AI is running a university pilot (starting with Anatomy). Participation is voluntary and consent-based. We do not process real patient data, and we are not yet a commercial service.

Information we currently collect

Pilot & beta participant data

During our development, beta, and pilot phases, we collect:

  • Participant information: name, email, and role or institution (if applicable)
  • Orasis AI test data: sample medical images (anonymized or synthetic only)
  • Gnosis AI pilot data: study activity and progress (e.g. quizzes taken, topics practiced) tied to your official course material
  • Feedback: bug reports, feature suggestions, and user-experience feedback
  • Usage analytics: how participants interact with our products

Website visitor information

  • Contact forms: information you provide when contacting us
  • Basic analytics: page views and browser type (anonymized)

Future data collection (planned)

As our products mature, we intend to process the data below. This will only occur after obtaining the necessary approvals and implementing all required security measures.

  • Medical images (Orasis AI): CT scans, MRI images, and X-rays (with proper authorization)
  • Healthcare-professional accounts: credentials and contact details
  • Diagnostic data: AI-generated analysis and reports
  • Student accounts (Gnosis AI): institutional email, course enrollment, and learning progress

Cookies and tracking

We use essential cookies that are necessary for the site to function. We also use Google Analytics to understand how visitors use the site — these analytics cookies are only set after you give consentvia our cookie banner, and we enable IP anonymization. We do not use marketing or advertising cookies. You can accept, decline, or change your choice at any time using the “Cookie settings” link in the footer.

How we use your information

Current use (development phase)

  • Platform development: improving our AI algorithms and user interface
  • Beta testing: evaluating functionality and gathering feedback
  • Communication: sending progress updates to interested parties
  • Research: understanding user needs and market requirements

Future use (when operational)

As our products launch, we plan to use data to:

  • Process medical images and generate diagnostic reports (Orasis AI)
  • Personalize study plans, explanations, and practice for learners (Gnosis AI)
  • Improve AI accuracy through anonymized, aggregated data
  • Provide customer support and platform maintenance
  • Comply with legal and regulatory requirements

What we will never do

  • Sell personal, health, or education data to third parties
  • Use health or education data for advertising purposes
  • Share identifiable information without explicit consent
  • Process real patient data before obtaining proper certifications

Data protection & security

Current security measures

Even in our development phase, we implement security best practices:

  • Encryption: SSL/TLS for all data transmission
  • Access control: access limited to the development team only
  • Secure development: following secure coding practices
  • Regular updates: keeping all systems and dependencies current

Planned security enhancements

Before processing any real medical data, we will implement:

  • End-to-end encryption for all medical images
  • HIPAA-compliant infrastructure (pending certification)
  • Multi-factor authentication for all users
  • Regular third-party security audits
  • 24/7 security monitoring and incident response

Security commitment

We are committed to achieving the highest security standards before handling any real patient data. Our platform will not be available for clinical use until all necessary security measures and certifications are in place.

Planned compliance & certifications

As a company under development, we are actively working toward GDPR compliance, HIPAA readiness, medical-device regulations in our target markets, and relevant ISO standards. Our compliance roadmap targets full GDPR compliance before any EU launch, HIPAA certification before any US launch, and CE marking under the Medical Device Regulation as we mature the platform.

Important notice

BioAnalytiX is not yet certified as a medical device. Our platform is currently for research and development purposes only and should not be used for clinical decision-making.

Your rights

Current rights (participants & visitors)

As a beta or pilot participant, or a website visitor, you have the right to:

  • Access any personal information we hold about you
  • Request correction of inaccurate information
  • Withdraw from a beta or pilot at any time
  • Request deletion of your data
  • Opt out of communications

Future rights (when operational)

Once fully operational, we will ensure all users have rights under applicable laws, including GDPR rights for EU users (access, rectification, erasure, restriction, portability, and objection) and HIPAA rights for US healthcare (access to health information, amendments to records, an accounting of disclosures, and restrictions on uses).

Pilot & beta program data

For our beta and pilot programs:

  • Voluntary participation: all testing and pilots are voluntary
  • Orasis AI:we use only anonymized or synthetic medical images — never real patient data
  • Gnosis AI: the pilot is grounded in official course material, and we process only the study data needed to personalize learning
  • Confidentiality: unreleased features are confidential

Participant consent

All participants provide explicit consent before joining a beta or pilot. You may withdraw at any time by contacting us.

Data retention

We retain data only as long as needed for its purpose. Beta tester information is kept until the end of the beta plus six months for program management; test images are kept until the end of development for algorithm training; anonymized feedback may be retained indefinitely for product improvement; and website inquiries are kept for up to two years for business development.

International data

As we develop our platform:

  • Our development team is based in Greece (EU)
  • We use cloud services that may process data internationally
  • We will implement appropriate safeguards before any commercial launch
  • Beta testers will be informed of any international transfers

Updates to this policy

This Privacy Policy will be updated as we:

  • Progress through development phases
  • Obtain necessary certifications
  • Expand our services
  • Respond to legal requirements

We will notify all registered users and beta testers of significant changes via email.

Contact us

For privacy questions or to exercise your rights, email us at info@bioanalytix.info. We aim to respond within 72 hours. Our team is based in Greece (EU).