Privacy Policy

Overview

X-ray Vault helps organizations securely store, search, and manage regulatory documents such as FDA 2579 and related files. We respect your privacy and are committed to protecting it through this policy.

Data Controller & Contact

X-ray Vault operates as the data controller for personal data it processes to provide the service. For questions or to exercise your rights, please reach us via the Contact page.

Information We Collect

• Account and Identity Information: When you authenticate (e.g., via an identity provider such as Google), we receive basic identifiers (name, email, provider ID) to create and maintain your account and session.
• Document Data: Files you upload (for example, FDA 2579 PDFs and images) and associated metadata (filename, size, upload timestamp, and any fields you supply for search or indexing).
• Usage and Device Data: Basic logs for security and diagnostics (IP address, timestamps, request paths, and error details). We do not profile users or perform behavioral advertising.

How We Use Information

• Provide, operate, and improve the X-ray Vault service.
• Authenticate users and enforce access controls.
• Store and retrieve documents on your behalf.
• Protect the security and integrity of our systems (fraud detection, abuse prevention, auditing).
• Comply with legal obligations.

Legal Bases (where applicable)

Depending on your jurisdiction, we process personal data under one or more of the following bases: contract (to provide the service), legitimate interests (security, fraud prevention, service improvement), legal obligation, and with your consent where required (for example, certain optional features).

AI-Based Processing

To help extract fields from certain uploaded documents (for example, FDA 2579 forms), we may send segments of document content to a third‑party AI service (such as Google’s Generative Language API) for automated extraction. Content sent to third parties is transmitted over HTTPS and processed according to their terms and privacy policies. We log minimal diagnostics (such as request size and type) to troubleshoot failures and improve accuracy. You can opt out by entering or correcting fields manually where available.

Data Security

X-ray Vault uses encryption in transit (HTTPS) and encrypts documents at rest. Access is role-based and actions may be logged for auditing. While we implement commercially reasonable safeguards, no method of transmission or storage is 100% secure.

Data Retention

We retain uploaded documents and related metadata for as long as your account or organizational contract is active or as needed to provide the service. Log data is retained for a limited period for security and compliance. You may request deletion of documents you control, subject to legal or contractual requirements and technical feasibility.

Sharing and Disclosure

• Service Providers: We may share limited data with vendors who process data on our behalf under contract, including cloud hosting, email delivery, and AI providers used for document field extraction.
• Legal Compliance: We may disclose information when required by law or to protect rights, safety, and security.
• No Selling of Personal Data: We do not sell your personal information.

Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal information, and to object to or restrict certain processing. To exercise rights related to your account or documents, please contact us via the Contact page.

Cookies and Similar Technologies

We use strictly necessary cookies for authentication and security (for example, ASP.NET Identity and anti‑forgery cookies). See our Cookie Policy for details.

International Transfers

If you access X-ray Vault from outside the hosting region, your information may be transferred and processed in that region. We take steps to help ensure appropriate protections consistent with applicable laws.

Children’s Privacy

X-ray Vault is not intended for children under 16 and we do not knowingly collect personal information from children.