Radish Privacy Policy
Version 1.4 | October 2025
Introduction
Radish mobile application, operated by Radish LLC, respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your user data when you use our radiology collaboration app ("Site"). User data includes personal information (e.g., name, email, licensure details), anonymized radiology images, and usage data (e.g., comments, star/RadCoin activity). Contact us at support@radish.com for questions.
User Data We Collect
Personal Information
Name, email, mailing address, licensure details (e.g., NPI, license number), and demographics provided during registration.
Non-PHI Images
Anonymized radiology images (e.g., X-rays) without patient identifiers (e.g., names, dates, medical record numbers), deleted after 1–4 hours.
Usage Data
Comments, star/RadCoin activity, and app interactions.
How We Use User Data
- • To provide and improve the Site (e.g., case-sharing, star/RadCoin system).
- • To verify eligibility (e.g., licensure via CMS NPI Registry or medical boards).
- • To contact you (e.g., updates, notifications).
- • To comply with laws (e.g., HIPAA, GDPR, CCPA, NY SHIELD Act).
User Data Sharing
We do not share user data except with service providers (e.g., Supabase for hosting and storage) under strict data processing agreements or as required by law (e.g., law enforcement requests).
Images are not shared and are deleted after 1–4 hours.
Supabase infrastructure complies with industry security standards and data protection requirements.
User Data Security
Infrastructure and Encryption
We use Supabase infrastructure to securely store and process user data. User data, including images and databases, is encrypted at rest and in transit using industry-standard encryption protocols.
Image Security
Images are stored in an encrypted sandbox, inaccessible to the Photos app, with no screenshots or exports allowed. Images are automatically deleted after 1–4 hours with secure overwrite and audit logging to prevent PHI retention.
User Responsibility
You are responsible for ensuring images are free of patient identifiers (e.g., names, dates, medical record numbers) via in-app warnings, visual prompts, and training.
Security Measures
We implement comprehensive security measures including secure authentication, access controls, and continuous monitoring to protect user data.
Data Breach Protocol
In case of a data breach, we will notify affected users and relevant authorities without undue delay, in accordance with applicable laws (e.g., GDPR, CCPA, HIPAA, NY SHIELD Act). For GDPR, we aim to notify supervisory authorities within 72 hours where feasible. For HIPAA, notifications involving PHI will occur within 60 days. Notifications will use your registered email or in-app notifications.
While we take reasonable measures to secure user data, no system is completely immune to breaches. You are responsible for maintaining the confidentiality of your login credentials.
Your Rights
Under GDPR, CCPA, and other applicable laws, you may access, correct, or delete your user data (e.g., via "Remove Me" request). For international users, we ensure compliance with cross-border data transfer requirements (e.g., GDPR's standard contractual clauses).
Request deletion at support@radish.com; processed within 30 days, subject to applicable laws.
User Data Retention
- • Personal information is retained until account deactivation.
- • Images are deleted after 1–4 hours with secure overwrite and audit logging.
Changes to Policy
We may update this policy, notified via email or in-app. Continued use constitutes consent.
Contact
Radish LLC
123 Main St, City, State, ZIP
Questions About Your Privacy?
Our privacy team is here to help. Contact us anytime with questions or concerns about how we protect your information.