CuraLabel
Menu
Home
Services
X-rays AnnotationMRI AnnotationCT-Scan AnnotationUltrasound AnnotationHistopathologyECG/EKGDe-identificationQA & AuditRaw Data
AboutContact

Privacy Policy

Last Updated: February 12, 2025

1. Introduction

CuraLabel (“we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of all information entrusted to us. This Privacy Policy explains how we collect, use, store, and safeguard personal information, including Protected Health Information (PHI), in connection with our medical annotation services.

2. Information We Collect

  • Protected Health Information (PHI): Medical images (e.g., X-rays, MRIs, CT scans), diagnostic notes, and related clinical data provided by healthcare providers for annotation.
  • Personal Information: Names, contact details, and professional information of clients, partners, and authorized users.
  • Technical Data: IP addresses, browser type, device information, and usage patterns for security and operational purposes.

3. How We Use Information

  • Providing medical annotation services to our clients
  • Quality assurance, consensus review, and accuracy improvements
  • Meeting contractual obligations under BAAs and DPAs
  • Maintaining audit logs and compliance records
  • Improving and securing our platform

4. PHI Handling & Compliance

  • PHI minimization and de-identification where feasible
  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Least-privilege access controls and role-based permissions
  • Comprehensive audit logging for PHI access and processing
  • Annual security and privacy training for all personnel

5. Sharing & Disclosure

  • With authorized personnel and contractors under confidentiality obligations
  • With vetted service providers for hosting, storage, or secure processing (under signed agreements)
  • As required by law, court order, or regulatory request
  • In M&A or similar transactions, under confidentiality commitments

6. Data Retention

We retain PHI and personal data only as long as necessary for the stated purposes or as required by law or contract. After the retention period, data is securely deleted or anonymized.

7. International Transfers

Where data is transferred cross-border, we implement safeguards such as Standard Contractual Clauses (SCCs) and data localization where required.

8. Security Measures

We maintain administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal information
  • Restrict or object to certain processing
  • Request a copy of your data in a portable format
  • File a complaint with a supervisory authority

10. Contact Us

Privacy Officer — CuraLabel
Email: privacy@curalabel.com