Privacy Policy

LEGAL

SightTrack BETA

Optic Disc Photograph Comparison

Last updated: 24 June 2026

Beta notice: SightTrack is beta software provided for evaluation and testing only. It is not approved for clinical or production use. Do not rely on it for diagnosis or patient care.

This Privacy Policy explains how SightTrack (“SightTrack”, “we”, “us”) handles information when you use the SightTrack change-detection evaluation tool and the SightTrack Console service it connects to. By using the tool you agree to the practices described here.

1. Information We Process

Retinal / optic disc images you upload for comparison.
Patient identifier you enter. This is hashed on your device into a pseudonymous patient token (“ppt”) before any request is sent — the raw identifier never leaves your browser or computer.
API key you paste, stored locally in your browser (stk_api_key) so you don't have to re-enter it.
Technical metadata generated by a comparison, such as request / transaction IDs, timestamps, and the engine's change-detection result.

2. How We Use It

To perform optic disc photograph comparisons and return a determination (no change / change / invalid pair).
To store run results keyed by the pseudonymous token so they can be retrieved later by patient.
To operate, secure, debug, and improve the service.

3. What We Do Not Do

We do not receive or store the raw patient identifier — only the pseudonymous token.
We do not sell your data or use it for advertising.

4. Local Storage

The tool remembers your API key in your browser (localStorage) for convenience. It is not used for tracking. Clearing your browser site data removes it.

5. Sharing & Processing

Images and request metadata are transmitted over an encrypted connection to the SightTrack Console processing service to compute results. Access is authenticated by your API key and is scoped to your organisation.

6. Data Retention

Run records and engine results are retained for the period needed to provide the service and meet operational and legal requirements, after which they are deleted or further anonymised.

7. Security

We use encryption in transit and pseudonymisation of patient identifiers. No system is perfectly secure; you are responsible for safeguarding your API key and for the images and identifiers you submit.

8. Your Responsibilities

You are responsible for ensuring you have the lawful basis, authorisation, and any necessary patient consent before uploading images or identifiers, and for complying with applicable data protection laws (for example UK GDPR / GDPR / HIPAA, as relevant).

9. Changes

We may update this policy. Material changes will be reflected by the “Last updated” date above.

10. Contact

Questions about this policy: privacy@sighttrack.io.