Sein Medical

Privacy Policy

Last updated: February 2026

Sein Medical Technology Inc. ("Sein Medical", "we", "our", "us") is committed to protecting the privacy and security of the data processed through our AI-powered breast cancer screening platform. This policy explains how we collect, use, store, and protect your information in compliance with applicable Canadian privacy legislation.

PIPEDA Compliant

Fully compliant with Canada's Personal Information Protection and Electronic Documents Act.

Canadian Data Residency

Patient data is stored and processed in Canada. No data leaves Canadian jurisdiction.

HIPAA-Aligned

Our security practices align with HIPAA technical safeguards for organizations serving US patients.

1. Information We Collect

  • Account information: When you register, we collect your name, email address, and professional credentials (medical license number, specialty, clinic name).
  • Patient data: Patient names, dates of birth, biomarkers, risk factors, and medical notes entered by registered doctors.
  • Medical images: Mammogram images uploaded for AI analysis are stored securely in encrypted private object storage.
  • Usage data: We log API requests, AI analysis operations, and platform usage for operational and security purposes.
  • Device and browser information: Standard web analytics data for platform performance optimization.

2. How We Use Your Information

  • To provide AI-powered mammogram analysis and generate structured BI-RADS radiology reports.
  • To maintain patient records, biomarker data, and screening history as entered by authorized doctors.
  • To enable the AI chat assistant with relevant patient clinical context.
  • To monitor platform performance, costs, security incidents, and audit compliance.
  • To communicate with you about your account, platform updates, and service announcements.
  • To improve our AI models and platform capabilities (using de-identified, aggregated data only).

3. Data Storage and Security

  • All data is encrypted in transit using TLS 1.3/HTTPS with modern cipher suites.
  • All data is encrypted at rest using AES-256 encryption.
  • Patient images are stored in private, access-controlled object storage (S3-compatible) with presigned URL access patterns.
  • Database credentials, API keys, and secrets are stored as environment variables and managed through secure infrastructure, never in source code.
  • Access to patient data is restricted to the doctor who created the patient record through role-based access control (RBAC).
  • All access and modifications are logged in an immutable audit trail with timestamps and user identity.
  • Admin users can view aggregate statistics but cannot access individual patient records or images.
  • Regular security assessments and dependency audits are performed to maintain platform integrity.

4. Data Residency and Jurisdiction

  • Sein Medical Technology Inc. is a Canadian corporation headquartered in North Vancouver, British Columbia.
  • All patient data, medical images, and personal information are stored and processed within Canadian jurisdiction.
  • Our infrastructure providers maintain data centers in Canada, ensuring Canadian data residency requirements are met.
  • We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) for all data processing activities.
  • For organizations subject to US HIPAA regulations, our technical safeguards are aligned with HIPAA Security Rule requirements. Contact us for a Business Associate Agreement (BAA) if required.

5. AI Processing

  • Mammogram images are sent to our AI provider (Anthropic) for analysis. Images are processed in real-time and are subject to Anthropic's zero-retention API policy — images are not stored by the AI provider beyond the processing session.
  • AI-generated analyses are stored in our database and are accessible only to the patient's assigned doctor.
  • All AI outputs include a medical disclaimer and are intended as decision-support tools only, never as standalone diagnoses.
  • We log AI operations (token usage, cost, latency) for operational monitoring. These logs do not contain patient-identifiable information.
  • Biomarker data and patient context sent to the AI model are anonymized and do not include direct patient identifiers.

6. Data Retention

  • Patient data and medical images are retained for as long as the doctor maintains an active account.
  • Doctors can delete individual patient records, which permanently removes all associated data including images, reports, and chat history.
  • Account deletion requests result in permanent removal of all associated data within 30 days, except where retention is required by law.
  • AI logs and audit logs are retained for a minimum of 7 years for compliance and operational purposes. These logs do not contain patient-identifiable information.
  • Backups are encrypted and subject to the same retention policies as primary data.

7. Your Rights

  • Access: Doctors can access all patient records they have created at any time through the platform.
  • Correction: Doctors can modify patient records and clinical data as needed.
  • Deletion: Doctors can delete patient records, and individuals can request deletion of their account data.
  • Portability: We provide data export capabilities for patient records and reports.
  • Consent withdrawal: You may close your account at any time. Contact us at privacy@seinmedical.com for account deletion requests.
  • We will respond to all data access, correction, or deletion requests within 30 days as required by PIPEDA.

8. Third-Party Services

  • Anthropic (AI analysis): Mammogram images are processed through Anthropic's Claude API under their zero-retention API policy. See Anthropic's privacy policy for details.
  • Infrastructure providers: We use Canadian-based cloud infrastructure providers for hosting, storage, and database services.
  • We do not sell, trade, rent, or share patient data with any third parties for marketing, advertising, or commercial purposes.
  • We do not share patient-identifiable data with any third party without explicit, informed consent from the data controller (the doctor).

9. Breach Notification

  • In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA's breach notification requirements.
  • Notification will occur as soon as feasible and no later than required by applicable law.
  • We maintain an incident response plan that includes breach detection, containment, assessment, notification, and remediation procedures.

10. Changes to This Policy

  • We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements.
  • Material changes will be communicated via email to registered users and posted on this page with an updated effective date.
  • Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

  • For questions about this privacy policy or our data practices, contact our Privacy Officer at privacy@seinmedical.com.
  • Sein Medical Technology Inc., Unit 350 - 899 Harbourside Drive, North Vancouver, BC, Canada.
  • Phone: +1 778 929 5819