Privacy, in writing.

We process three groups of data: account data (name, CRM, professional email), operational data (audio, transcription, report text), and telemetry (access logs and aggregated usage metrics).

Patient clinical data only moves through the platform when strictly necessary for the report and is encrypted at rest (AES-256) and in transit (TLS 1.3).

To provide the contracted service, and nothing beyond that. We do not use clinical data to train models unless there is explicit formal contractual opt-in from the service.

Anonymous telemetry is used for stability and product improvement, always aggregated and unable to identify a patient or professional.

We retain data for the contractual term (default: 10 years for reports) or for the legally required period, whichever is longer. After that, data is anonymized or destroyed under an auditable internal policy.

We do not sell data. We share data only with listed and audited subprocessors (Brazilian infrastructure) or under court order, with notice to the controller whenever legally permitted.

You can access, correct, port, anonymize, or delete your data at any time through /exercer-direitos. We respond within 15 business days.

Data Protection Officer: dpo@laudos.ai. We also receive mail at Av. Paulista, 1000, 12th floor, Sao Paulo, SP, Brazil.