We built inou because health data is personal. Not personal like "preferences" — personal like your body, your history, your family. So we made privacy the foundation, not an afterthought.
Name, email address, date of birth, and sex. Date of birth and sex help provide accurate medical context — an MRI interpretation differs significantly between a 6-year-old and a 16-year-old.
DICOM images (MRI, CT, X-ray), lab results, genetic data, and any other health information you choose to share — photos, measurements, symptoms, or anything else you want to track or discuss with your AI.
IP addresses, for security purposes only. We do not collect physical addresses or phone numbers. Payment is handled by third-party processors — we never see your card details.
Your data is used solely to store and display your medical information. We do not perform AI analysis — you connect your own AI tools to access your data. We do not use your data to train AI models or for any purpose beyond providing the service.
We process your data based on your explicit consent, given when you create your account and upload health information. For account management and security (such as login sessions and IP logging), we rely on legitimate interest in operating a secure service. You may withdraw consent at any time by deleting your account — we will stop all processing immediately.
Genetic and genomic data is classified as special category data under GDPR Article 9. By uploading genetic data to inou, you provide explicit consent for us to store and display it. We process this data solely to show it back to you and to transmit it to services you authorize. We do not analyze, profile, or make decisions based on your genetic information.
Not with advertisers. Not with partners. Not with anyone. We will comply with lawful requests from authorities (such as court orders or subpoenas), but nothing else. In the event of a company acquisition, your data would not be sold — it would either transfer under the same privacy terms or be deleted.
Your scans, your labs, your DNA — none of it feeds any model. Period.
There is no business model that involves your information. You are the customer, not the product.
No Google Analytics. No Meta pixels. No tracking scripts. We have no idea what you click, where you came from, or where you go next.
Access requires your explicit request, is restricted to senior staff, and is logged in both your audit trail and ours.
We use one cookie to keep you logged in. Your language preference is stored in your account. No tracking, no analytics, no third parties.
HIPAA is the US law that governs how medical records must be protected. We follow those same standards.
FIPS 140-3 is the US government standard for cryptographic security. Your files are encrypted using FIPS 140-3 validated cryptography — tested, audited, and certified by independent labs.
We don't run on Big Tech clouds. No Google. No Amazon. No Microsoft. Data is stored on servers in the United States. If you access inou from outside the US, your data crosses international borders. We apply the same security and privacy protections regardless of your location.
Request a full export of everything we store — in a format you can actually use.
Found a mistake? You can correct it yourself, or ask us to help.
One click. All your data — files, metadata, everything — permanently destroyed. No questions, no delays, no recovery. Backups exist solely to protect the service as a whole in case of disaster. Backup copies are overwritten within 30 days of deletion. We do not offer restores of individual accounts or deleted data.
Want to move to another service? We'll export your data in standard formats. You're never locked in.
Gave us permission for something? Revoke it anytime. We stop immediately.
When you connect your AI to inou, your data travels through an encrypted bridge directly to your AI session.
What we control: keeping your data encrypted, secure, and private on our side.
What we can't control: what happens once your AI processes it. Each AI provider has their own privacy policy. We encourage you to read it.
We chose this architecture so your data is never copied, never stored by the AI, and never used for training — but ultimately, your choice of AI is your choice.
inou is a personal health data viewer. It is not a medical device and is not intended for clinical diagnosis, treatment, cure, or prevention of any disease or medical condition. The platform stores and displays your health data — it does not analyze, interpret, or act on it. Always consult a qualified healthcare professional for medical decisions.
inou is not available to users under 18 years of age — unless authorized by a parent or guardian. Minors cannot create accounts independently. A parent or guardian must set up access and remains responsible for the account. Parents or guardians retain full control and can revoke access at any time. Minors cannot share their information with third parties.
We comply with FADP (Swiss data protection), GDPR (European data protection), and HIPAA (US medical privacy) standards. Regardless of where you live, you get our highest level of protection.
We may update this policy. Registered users will be notified by email of material changes. Continued use after changes constitutes acceptance.
Regardless of your jurisdiction, you may request access to your data, correction of inaccuracies, or complete deletion of your account. We will respond within 30 days.
Data Protection Officer: privacy@inou.com
This policy was last updated on February 8, 2026.