Short version: Your patient images stay on your computer. We never see them, store them, or transmit them anywhere. The only personal information we hold is your email address and subscription status.
How SurgPathPic processes your images
SurgPathPic is a browser-based pathology annotation tool. When you open an image in
SurgPathPic, the file is loaded directly into your browser's memory and stays there.
It is never uploaded to our servers, third parties, or any external service.
All annotation, calibration, grid mapping, and rendering happens entirely on your
device. When you export an annotated image, the export is generated locally in your
browser and saved to your computer — again, no upload.
We have no technical ability to view, store, or recover your patient images because
they never leave your machine.
What information we do collect
To run the service, we collect and store the following on our servers:
Email address — required to sign in to your account.
Authentication metadata — sign-in timestamps and the auth provider you used (Google or magic link). Stored by our authentication provider, Supabase.
Subscription status — your account state (active, trialing, canceled, etc.) and, if you subscribe, the subscription start and end dates.
Marketing opt-in preference — a single boolean recording whether you consented to product update emails when signing in.
Payment metadata — when subscriptions are active, our payment processor (Stripe) holds your billing information. We never see or store full card numbers; we receive only a customer ID and subscription status from Stripe.
What we do not collect
Patient images or any specimen data — these never leave your computer.
Annotation content (cassette positions, labels, outlines) — these stay in your browser.
Case identifiers, accession numbers, patient names, dates of birth, or any other
protected health information you may type into the tool — these are local to your
browser session.
Personally identifiable information beyond your account email.
Mouse movements, keystrokes, click recordings, or session replays.
Cross-site tracking cookies, advertising IDs, or third-party marketing pixels.
IP address logs beyond what is required by Netlify (our hosting provider) for
operational purposes.
Aggregate page-view analytics
We use Cloudflare Web Analytics to count anonymous page views so we can see how
many people visit the site each day. Cloudflare Web Analytics is privacy-friendly
by design:
It does not use cookies or any other persistent identifier.
It does not fingerprint individual visitors.
It does not track users across other websites.
It does not collect or sell personal information.
The only data we receive is aggregate counts: how many page views, which pages,
and approximate referrer/country breakdowns. We cannot identify individual visitors
from this data. See Cloudflare's
Web Analytics page for technical details.
Service providers
SurgPathPic relies on a small number of third-party services to operate:
Netlify — static hosting and serverless functions. Receives standard HTTP
request metadata to deliver the site to your browser.
Supabase — authentication and database. Stores the account information
listed above. Hosted in a single region.
Google Sign-In — optional authentication method. If you sign in with
Google, your Google account email is used to create your SurgPathPic account.
Stripe — payment processing for paid subscriptions. Stripe receives and
stores your billing information directly under their own privacy policy.
HIPAA and protected health information
SurgPathPic is designed to operate without ever receiving protected health information
(PHI). Because patient images and case data never leave your computer, no PHI is
transmitted to or stored by SurgPathPic infrastructure. SurgPathPic is not a
HIPAA Business Associate of any healthcare institution and does not require a Business
Associate Agreement (BAA) for typical use, because it does not handle PHI on its servers.
You are responsible for ensuring your own use of the tool — including which images you
open and where you save exports — complies with your institution's policies and applicable
law.
Cookies and local storage
SurgPathPic uses your browser's localStorage and sessionStorage
to keep you signed in between visits and to auto-save your in-progress work locally.
We do not use third-party tracking cookies, advertising cookies, or analytics cookies.
Email communications
We send transactional emails (sign-in links, password recovery, billing receipts) as
required to operate the service. If you opted in to product update emails when signing
in, we may also send occasional newsletters about new features. You can unsubscribe
from product emails at any time via the link in any newsletter.
Your rights
You can at any time:
Request export of all data we hold on your account.
Request deletion of your account and all associated data.
Update your marketing email preferences.
Cancel a paid subscription.
To exercise any of these rights, contact us at the address below.
Changes to this policy
We will update this page if our practices change. The "last updated" date at the top of
this page reflects the most recent revision. Material changes will be communicated by
email to active accounts.