249 lines
7.4 KiB
Cheetah
249 lines
7.4 KiB
Cheetah
{{define "dpa"}}
|
|
<style>
|
|
.dpa-container {
|
|
max-width: 1200px;
|
|
margin: 0 auto;
|
|
padding: 48px 24px 80px;
|
|
}
|
|
|
|
.dpa-card {
|
|
background: var(--bg-card);
|
|
border: 1px solid var(--border);
|
|
border-radius: 8px;
|
|
padding: 48px;
|
|
margin-bottom: 24px;
|
|
}
|
|
|
|
.dpa-card h1 {
|
|
font-size: 2.5rem;
|
|
font-weight: 700;
|
|
color: var(--text);
|
|
margin-bottom: 16px;
|
|
}
|
|
|
|
.dpa-card .intro {
|
|
font-size: 1.15rem;
|
|
font-weight: 300;
|
|
color: var(--text-muted);
|
|
line-height: 1.8;
|
|
margin-bottom: 0;
|
|
}
|
|
|
|
.dpa-card h2 {
|
|
font-size: 1.4rem;
|
|
font-weight: 600;
|
|
color: var(--text);
|
|
margin-top: 0;
|
|
margin-bottom: 24px;
|
|
}
|
|
|
|
.dpa-card h3 {
|
|
font-size: 1.1rem;
|
|
font-weight: 600;
|
|
color: var(--text);
|
|
margin-top: 24px;
|
|
margin-bottom: 8px;
|
|
}
|
|
.dpa-card h3:first-child { margin-top: 0; }
|
|
|
|
.dpa-card p {
|
|
font-size: 1rem;
|
|
font-weight: 300;
|
|
color: var(--text-muted);
|
|
line-height: 1.8;
|
|
margin-bottom: 16px;
|
|
}
|
|
.dpa-card p:last-child { margin-bottom: 0; }
|
|
|
|
.dpa-card strong {
|
|
font-weight: 600;
|
|
color: var(--text);
|
|
}
|
|
|
|
.dpa-card a {
|
|
color: var(--accent);
|
|
}
|
|
|
|
.inou-brand {
|
|
font-weight: 700;
|
|
color: var(--accent);
|
|
}
|
|
|
|
.dpa-card ul {
|
|
margin: 0 0 16px 0;
|
|
padding-left: 24px;
|
|
}
|
|
|
|
.dpa-card li {
|
|
font-size: 1rem;
|
|
font-weight: 300;
|
|
color: var(--text-muted);
|
|
line-height: 1.8;
|
|
margin-bottom: 8px;
|
|
}
|
|
|
|
/* Mobile */
|
|
@media (max-width: 768px) {
|
|
.dpa-container { padding: 24px 16px 48px; }
|
|
.dpa-card { padding: 32px 24px; }
|
|
.dpa-card h1 { font-size: 2rem; }
|
|
.dpa-card .intro { font-size: 1.05rem; }
|
|
.dpa-card h2 { font-size: 1.25rem; }
|
|
.dpa-card h3 { font-size: 1rem; }
|
|
.dpa-card p { font-size: 0.95rem; }
|
|
}
|
|
|
|
@media (max-width: 480px) {
|
|
.dpa-container { padding: 16px 12px 32px; }
|
|
.dpa-card { padding: 24px 16px; }
|
|
.dpa-card h1 { font-size: 1.75rem; }
|
|
.dpa-card .intro { font-size: 1rem; }
|
|
.dpa-card h2 { font-size: 1.15rem; }
|
|
.dpa-card p { font-size: 0.9rem; }
|
|
}
|
|
</style>
|
|
|
|
<div class="dpa-container">
|
|
|
|
<div class="dpa-card">
|
|
<h1>Data Processing Agreement</h1>
|
|
<p class="intro">This agreement describes how <span class="inou-brand">inou</span> processes your health data. It applies to all users and any third-party services that access your data through our platform.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Definitions</h2>
|
|
|
|
<h3>Data Controller.</h3>
|
|
<p>You. You decide what data to upload, who can access it, and when to delete it.</p>
|
|
|
|
<h3>Data Processor.</h3>
|
|
<p><span class="inou-brand">inou</span>. We store, encrypt, and transmit your data according to your instructions.</p>
|
|
|
|
<h3>Sub-processors.</h3>
|
|
<p>Third-party services you explicitly connect to your account, such as AI assistants. We do not use sub-processors for storage or core functionality.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Data we process</h2>
|
|
|
|
<h3>Health data.</h3>
|
|
<p>Medical imaging (DICOM files including MRI, CT, X-ray), laboratory results, genetic/genomic data, and any other health information you upload.</p>
|
|
|
|
<h3>Account data.</h3>
|
|
<p>Name, email address, date of birth, and sex. Used for account management and medical context.</p>
|
|
|
|
<h3>Technical data.</h3>
|
|
<p>IP addresses and session identifiers. Used exclusively for security and access control.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>How we process it</h2>
|
|
|
|
<h3>Storage.</h3>
|
|
<p>All health data is encrypted using FIPS 140-3 validated cryptography before storage. Data resides on dedicated infrastructure in the United States that we own and operate.</p>
|
|
|
|
<h3>Transmission.</h3>
|
|
<p>All data in transit is protected by TLS 1.3 encryption. When you connect third-party services, data travels through an encrypted bridge directly to your session.</p>
|
|
|
|
<h3>Access.</h3>
|
|
<p>Only you and accounts you explicitly authorize can access your data. Staff access requires your explicit request, is restricted to senior personnel, and is logged.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Processing restrictions</h2>
|
|
|
|
<p>We process your data solely to provide the service. Specifically, we do <strong>not</strong>:</p>
|
|
<ul>
|
|
<li>Use your data for AI model training</li>
|
|
<li>Sell, rent, or share your data with third parties</li>
|
|
<li>Analyze your data for advertising or profiling</li>
|
|
<li>Access your data without your explicit request</li>
|
|
<li>Retain your data after account deletion</li>
|
|
</ul>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Third-party connections</h2>
|
|
|
|
<p>When you connect an AI assistant or other service to <span class="inou-brand">inou</span>:</p>
|
|
<ul>
|
|
<li>You explicitly authorize each connection</li>
|
|
<li>Data is transmitted only for your active session</li>
|
|
<li>We do not store copies of transmitted data</li>
|
|
<li>You can revoke access at any time</li>
|
|
<li>Each third party operates under their own privacy policy</li>
|
|
</ul>
|
|
<p>We recommend reviewing the privacy policy of any service you connect.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Security measures</h2>
|
|
|
|
<h3>Encryption.</h3>
|
|
<p>FIPS 140-3 validated encryption at rest. TLS 1.3 encryption in transit. Application-layer encryption before database storage.</p>
|
|
|
|
<h3>Infrastructure.</h3>
|
|
<p>Dedicated hardware. No shared cloud environments. Redundant storage with RAID-Z2. Uninterruptible power with generator backup.</p>
|
|
|
|
<h3>Access control.</h3>
|
|
<p>Role-based access control. Mandatory authentication. All access logged and auditable.</p>
|
|
|
|
<h3>Monitoring.</h3>
|
|
<p>Continuous automated monitoring. Intrusion detection. Regular security assessments.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Data retention</h2>
|
|
|
|
<p>We retain your data for as long as your account is active. When you delete your account:</p>
|
|
<ul>
|
|
<li>All personal data is permanently destroyed</li>
|
|
<li>All health data is permanently destroyed</li>
|
|
<li>Deletion is immediate and irreversible</li>
|
|
<li>Backups are overwritten within 30 days</li>
|
|
</ul>
|
|
<p>We do not offer recovery of deleted data.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Your rights</h2>
|
|
|
|
<h3>Access.</h3>
|
|
<p>See and export everything we store — data you've entered, account details, access logs, and audit history.</p>
|
|
|
|
<h3>Rectification.</h3>
|
|
<p>Correct any inaccurate data directly or by request.</p>
|
|
|
|
<h3>Erasure.</h3>
|
|
<p>Delete your account and all associated data instantly.</p>
|
|
|
|
<h3>Portability.</h3>
|
|
<p>Download data you've entered in standard formats. Your uploaded files are already yours.</p>
|
|
|
|
<h3>Objection.</h3>
|
|
<p>Revoke any permission at any time. We comply immediately.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Compliance</h2>
|
|
|
|
<p>This agreement is designed to comply with:</p>
|
|
<ul>
|
|
<li><strong>GDPR</strong> (European Union General Data Protection Regulation)</li>
|
|
<li><strong>FADP</strong> (Swiss Federal Act on Data Protection)</li>
|
|
<li><strong>HIPAA</strong> (US Health Insurance Portability and Accountability Act)</li>
|
|
</ul>
|
|
<p>We apply the highest standard regardless of your jurisdiction.</p>
|
|
</div>
|
|
|
|
<div class="dpa-card">
|
|
<h2>Contact</h2>
|
|
<p>Questions about data processing: <a href="mailto:privacy@inou.com">privacy@inou.com</a></p>
|
|
<p>This agreement was last updated on January 21, 2026.</p>
|
|
</div>
|
|
|
|
{{template "footer"}}
|
|
|
|
</div>
|
|
{{end}}
|