Privacy Policy

Effective date: 2025/05/26

This Privacy Policy informs you about how we collect, use, and protect your personal data when using our online service dicomtostl an online tool that converts medical DICOM images into STL 3D models.

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR), we are committed to protecting your privacy and ensuring the lawful, fair, and transparent processing of your data.

1. CONTROLLER INFORMATION

   Controller:

   The data controller is the owner and operator of dicomtostl. If you have questions or concerns regarding your personal data, please contact:

   Email: [email protected]

2. Information We Collect

   We collect the following types of information:

   • Personal Information: When you make a purchase or contact us, we may collect your name, email address, and payment-related information.

   • Usage Data: We collect information about your interactions with the website, such as pages visited and features used, to help improve our services.

   • Cookies and Tracking Technologies: We may use cookies or similar technologies to track your activity on the website for functionality and analytics.

3. How We Use Your Information

   We use your information to:

   • Provide and improve our services

   • Process payments and fulfill orders

   • Communicate with you about your account, purchases, or inquiries

   • Monitor and analyze usage to improve our website

4. Payment Processing with Stripe

   We use Stripe to process payments securely. Your payment information is transmitted directly to Stripe and is not stored on our servers. Stripe may collect and store your personal and payment information in accordance with their own Privacy Policy, which you can review here: https://stripe.com/privacy.

5. PURPOSE OF DATA PROCESSING

   We process personal data strictly for the following purposes:

   • To convert user-submitted DICOM files into STL models and provide downloadable results

   • To maintain server security, detect misuse, and prevent DoS or spam attacks

   • To respond to user inquiries (if contact is initiated)

   • To improve service quality through aggregate analytics

   All data processing follows the principle of data minimization.

6. LEGAL BASIS FOR PROCESSING

   Your data is processed under the following legal bases:

   • Article 6(1)(b) GDPR: Data processing is necessary to provide a requested service (conversion tool)

   • Article 6(1)(f) GDPR: Legitimate interest in ensuring security, service improvement, and fraud prevention

   • Article 6(1)(a) GDPR: When you give explicit consent (e.g., by contacting us voluntarily)

   We do not use your data for marketing purposes without your explicit consent.

7. COOKIES AND TRACKING TECHNOLOGIES

   Our website uses only essential cookies necessary for:

   • Remembering your language preferences

   • Ensuring smooth file upload and download functionality

   • Security and session control

   We do not use tracking cookies, advertising cookies, or third-party analytics (e.g., Google Analytics) unless explicitly stated.

   You may configure your browser to block cookies, but this may affect the functionality of our service.

8. RETENTION PERIOD

   1. Uploaded DICOM files are automatically deleted from our server within 1 hour after conversion.

   2. IP logs are stored for a maximum of 30 days for security purposes.

   3. Emails or inquiries are stored for up to 12 months to ensure customer service follow-up.

   After these periods, data is either deleted or anonymized.

9. DATA SHARING AND TRANSFER

   We do not sell, rent, or share your personal data with third parties.

   However, we may use secure hosting services (e.g., AWS, OVH, or similar providers) for data storage and processing. These providers are contractually bound by GDPR-compliant data protection agreements.

   If compelled by law (e.g., court order), we may disclose necessary data to competent authorities.

10. YOUR RIGHTS UNDER GDPR

    You have the following rights:

    • Right to access your personal data

    • Right to rectify inaccurate or incomplete data

    • Right to erasure ("right to be forgotten")

    • Right to restrict processing

    • Right to object to processing

    • Right to data portability

    To exercise any of these rights, please email us at [email protected].

11. DATA SECURITY

    We take reasonable technical and organizational measures to protect your data, including:

    • Secure HTTPS connection

    • Automatic deletion of sensitive uploads

    • Controlled access to server resources

12. CHANGES TO THIS POLICY

    We may update this Privacy Policy from time to time. Changes will be posted on this page with a new effective date. We encourage you to review this policy periodically.

Contact:

For questions regarding this Privacy Policy or data protection, contact us at: [email protected].