Last updated:
RetGuard ("we," "our," or "us") operates the RetGuard AI-powered retinal screening system and this website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services.
1. Information We Collect
Device and System Data
When the RetGuard device is in operation, we may collect anonymized system performance data, including processing times, confidence distributions, hardware utilization metrics, and error logs. This data contains no patient-identifiable information and is used solely to improve system reliability and performance.
Usage Analytics
Our website may collect standard analytics data such as page visits, browser type, referring URLs, and general geographic location. We use this information to improve our website experience and understand how visitors engage with our content.
Contact Form Data
When you submit a contact form, request a demo, or otherwise communicate with us, we collect the information you provide — including your name, email address, organization, role, and message content. This information is used to respond to your inquiry and, with your consent, to send relevant product updates.
2. How We Use Information
We use the information we collect to:
- Provide, maintain, and improve our products and services
- Respond to inquiries and provide customer support
- Monitor and analyze system performance and usage patterns
- Develop new features and improve screening accuracy
- Communicate product updates and relevant information (with consent)
- Comply with legal obligations and regulatory requirements
3. Data Security
Security is at the core of RetGuard's architecture. Our edge-first design means that all AI inference and image processing occurs locally on the NVIDIA Jetson Orin device at the point of care. No retinal images or patient screening data are transmitted to our servers or any external cloud infrastructure during normal operation.
For data that we do collect (such as anonymized performance metrics and website analytics), we implement industry-standard security measures including encryption in transit and at rest, access controls, and regular security assessments.
4. Patient Data
This section is critically important to understanding RetGuard's privacy posture:
- Local processing only: All retinal images are processed entirely on the local RetGuard device. Images are analyzed by our screening algorithms, results are generated, and the process completes without any data leaving the clinical environment.
- No cloud transmission: Patient retinal images and screening results are never transmitted to RetGuard servers or any third-party cloud services.
- No persistent storage by default: The RetGuard device does not retain patient images after screening is complete, unless the healthcare facility explicitly configures local storage for their own record-keeping purposes.
- Healthcare provider responsibility: The healthcare facility operating the RetGuard device is the data controller for any patient data processed through the system. RetGuard acts as a tool within their clinical workflow.
5. Third-Party Services
Our website may use third-party services for analytics and functionality (such as hosting providers and analytics platforms). These third parties have access only to website interaction data and are contractually obligated to protect this information and use it only for the purposes we specify.
The RetGuard screening device does not share any data with third parties during clinical operation.
6. Data Retention
We retain contact form submissions and communication records for as long as necessary to fulfill the purpose for which they were collected, or as required by applicable law. Anonymized system performance data may be retained indefinitely for ongoing product improvement. You may request deletion of your personal data at any time by contacting us.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Under GDPR (European Economic Area)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with your local supervisory authority
Lawful Basis for Processing
We process personal data under the following lawful bases as defined by the GDPR:
- Consent: When you submit a contact form, subscribe to our newsletter, or request a demo.
- Legitimate interests: For anonymized system telemetry and website analytics that help us improve our products and services.
- Contractual necessity: When processing is required to fulfill customer support obligations or deliver services under an existing agreement.
Residents of the European Economic Area may contact our EU representative at eu-representative@retguard.com for any data protection inquiries.
Under HIPAA (United States)
RetGuard's edge-first architecture is designed to support covered entities in maintaining HIPAA compliance. Because patient data is processed locally and not transmitted to or stored by RetGuard, the healthcare facility retains full control over Protected Health Information (PHI).
No PHI is transmitted to RetGuard servers, third-party cloud infrastructure, or any external endpoint during standard operation. We provide Business Associate Agreements (BAAs) where applicable and support healthcare organizations in meeting their HIPAA obligations.
Under CCPA (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to opt out: You may opt out of the sale of your personal information.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
RetGuard does not sell personal information. To exercise your rights under the CCPA, please contact us at privacy@retguard.com.
General Rights
- You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or by contacting us directly.
- You may request access to, correction of, or deletion of your personal information by contacting us at the address below.
8. Data Processing Addendum
Enterprise customers and healthcare organizations that require a Data Processing Addendum (DPA) to formalize data handling obligations may request one by contacting legal@retguard.com. Our DPA covers data processing scope, security measures, sub-processor disclosures, and cross-border transfer mechanisms.
9. Contact Information
For questions about this Privacy Policy, to exercise your data rights, or for any privacy-related concerns, please contact us:
- Email: privacy@retguard.com
- Website: retguard.com/contact
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. We encourage you to review this page periodically.