We built inou because health data is personal. Not personal like "preferences" — personal like your body, your history, your family. So we made privacy the foundation, not an afterthought.
Name, email address, date of birth, and sex. Date of birth and sex help provide accurate medical context — an MRI interpretation differs significantly between a 6-year-old and a 16-year-old.
DICOM images (MRI, CT, X-ray), lab results, genetic data, and any other health information you choose to share — photos, measurements, symptoms, or anything else you want to track or discuss with your AI.
IP addresses, for security purposes only. We do not collect physical addresses or phone numbers. Payment is handled by third-party processors — we never see your card details.
Your data is used solely to store and display your medical information. We do not perform AI analysis — you connect your own AI tools to access your data. We do not use your data to train AI models or for any purpose beyond providing the service.
Not with advertisers. Not with partners. Not with anyone. We will comply with lawful requests from authorities (such as court orders or subpoenas), but nothing else. In the event of a company acquisition, your data would not be sold — it would either transfer under the same privacy terms or be deleted.
Your scans, your labs, your DNA — none of it feeds any model. Period.
There is no business model that involves your information. You are the customer, not the product.
No Google Analytics. No Meta pixels. No tracking scripts. We have no idea what you click, where you came from, or where you go next.
Access requires your explicit request, is restricted to senior staff, and is logged in both your audit trail and ours.
We use one cookie to keep you logged in. Your language preference is stored in your account. No tracking, no analytics, no third parties.
HIPAA is the US law that governs how medical records must be protected. We follow those same standards.
FIPS 140-3 is the US government standard for cryptographic security. Your files are encrypted using FIPS 140-3 validated cryptography — tested, audited, and certified by independent labs.
We don't run on Big Tech clouds. No Google. No Amazon. No Microsoft. Data is stored on servers in the United States. If you access inou from outside the US, your data crosses international borders. We apply the same security and privacy protections regardless of your location.
Request a full export of everything we store — in a format you can actually use.
Found a mistake? You can correct it yourself, or ask us to help.
One click. All your data — files, metadata, everything — permanently destroyed. No questions, no delays, no recovery. Backups exist solely to protect the service as a whole in case of disaster — we do not offer restores of individual accounts or deleted data.
Want to move to another service? We'll export your data in standard formats. You're never locked in.
Gave us permission for something? Revoke it anytime. We stop immediately.
When you connect your AI to inou, your data travels through an encrypted bridge directly to your AI session.
What we control: keeping your data encrypted, secure, and private on our side.
What we can't control: what happens once your AI processes it. Each AI provider has their own privacy policy. We encourage you to read it.
We chose this architecture so your data is never copied, never stored by the AI, and never used for training — but ultimately, your choice of AI is your choice.
inou is not available to users under 18 years of age — unless authorized by a parent or guardian. Minors cannot create accounts independently. A parent or guardian must set up access and remains responsible for the account. Parents or guardians retain full control and can revoke access at any time. Minors cannot share their information with third parties.
We comply with FADP (Swiss data protection), GDPR (European data protection), and HIPAA (US medical privacy) standards. Regardless of where you live, you get our highest level of protection.
We may update this policy. Registered users will be notified by email of material changes. Continued use after changes constitutes acceptance.
Regardless of your jurisdiction, you may request access to your data, correction of inaccuracies, or complete deletion of your account. We will respond within 30 days.
Questions, concerns, or requests: privacy@inou.com