Privacy Policy
Effective Date: January 2026
Overview
DICOMAnon.com is a privacy-first software application operated by Red Ion LLC, located in Birmingham, Alabama, United States. The application is designed to anonymize and process medical imaging and document files for research, clinical trials, and related non-clinical purposes.
DICOMAnon.com is architected so that file processing occurs entirely on the user's local system. We collect only the minimum information necessary to support licensing, authentication, and billing.
Information We Collect
We collect and store only limited, purpose-specific information required to operate the service.
Email Address
We collect and store a user's email address for the sole purpose of:
- Issuing and managing software licenses
- Associating licenses with authenticated users
- Communicating essential licensing or service information
Machine Identifier (Device Fingerprint)
For locally installed executable components, we collect a machine identifier generated on the client system.
- The identifier is a pseudonymous technical value
- It is associated with the user's email address and license entitlement
- It does not include file contents, patient data, or user activity
Information We Do Not Collect
We do not:
- Store passwords or authentication credentials
- Store payment card or banking information
- Store uploaded files of any kind
- Store DICOM files, PDFs, or derived metadata
- Store patient data or protected health information (PHI)
- Track user behavior or application usage
- Collect hardware serial numbers or precise geolocation
- Monitor or inspect file contents or network traffic beyond license validation
File Processing and Data Handling
DICOMAnon.com is implemented as a Blazor WebAssembly application that runs entirely within the user's web browser.
- All file anonymization and processing occurs locally on the user's system
- Files are not uploaded to DICOMAnon.com servers
- Application settings are stored using browser-local WebAssembly storage
- No medical data, imaging data, or documents are transmitted to or retained by our servers
As a result, DICOMAnon.com does not receive, transmit, or store medical files or protected health information.
Desktop Application Component
DICOMAnon.com may offer an optional locally installed executable application to facilitate communication with on-premises DICOM systems such as PACS or other DICOM services.
- The application runs entirely on the user's local machine
- It enables local network communication only
- Files remain on the user's system at all times
- Files are never routed through DICOMAnon.com servers
Device and License Management
When licensing a locally installed executable application:
- A machine identifier is generated on the client system
- The identifier is transmitted to DICOMAnon.com solely for license enforcement
- The identifier is associated with the user's email address and license
This information is used exclusively to:
- Enforce limits on the number of authorized devices
- Display licensed devices to the user
- Allow users to rename or remove devices through the application interface
Users maintain control over licensed devices and may deactivate or delete machine associations at any time.
Authentication
User authentication is handled by a third-party identity provider, Microsoft Entra ID.
- Authentication credentials are managed entirely by the identity provider
- DICOMAnon.com does not store usernames, passwords, or authentication secrets
- We receive only confirmation of authentication and the associated email address
Payments
Payments are processed by a third-party payment processor, Stripe.
- DICOMAnon.com does not store or have access to credit card numbers or payment credentials
- Upon confirmation of payment, a software license is issued and associated with the user's email address
Hosting and Infrastructure
DICOMAnon.com services are hosted using Microsoft Azure infrastructure.
- No user files, medical data, or PHI are stored or processed on our servers
- Server-side systems are limited to licensing, authentication validation, and billing integration
Cookies and Tracking
DICOMAnon.com does not use advertising or marketing cookies. Any cookies used are limited to those strictly necessary for application functionality or authentication flows.
Intended Use and Disclaimer
DICOMAnon.com is not intended for clinical use and is not a medical device. The application is provided as a user-interface tool for anonymization and file processing in non-clinical contexts such as research and clinical trial preparation.
Users are responsible for ensuring compliance with applicable regulations, institutional policies, and data-handling requirements.
Data Sharing
We do not sell, rent, or share personal information with third parties, except as required to operate essential services such as authentication, payment processing, and cloud infrastructure.
Data Retention
- Email addresses and associated license information are retained for as long as necessary to manage active licenses
- Machine identifiers are retained only while associated with an active or user-managed license
- No medical data, imaging data, or user files are retained
Legal Basis for Processing (GDPR)
For users in the European Economic Area or United Kingdom, we process personal data under the following lawful bases:
- Contractual necessity - to issue and manage software licenses
- Legitimate interests - to enforce license limits, prevent misuse, and maintain service integrity
Data collection is limited to what is necessary for these purposes.
Security Practices
We apply reasonable administrative, technical, and organizational measures designed to protect the limited personal information we process, including:
- Delegated authentication via a trusted identity provider
- Use of established third-party payment processors
- Minimization of stored personal data
- Isolation of client-side file processing from server-side systems
No system can be guaranteed to be completely secure; however, our architecture is intentionally designed to minimize exposure by avoiding server-side handling of user files or medical data.
Your Rights
Depending on your jurisdiction, you may have the right to:
- Request access to the personal data associated with your account
- Request correction or deletion of your email address
- Manage or remove licensed devices
- Request information about how your data is used
Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date.