Trust Center
Your Privacy Is Not an Afterthought
At OncoKind, every product decision starts with one question: what would a caregiver need to feel safe sharing something this personal? Here is exactly how we handle your data.
1. What We Collect
| Data Type | What It Is | Why We Collect It |
|---|---|---|
| Report content | The text of your uploaded pathology report | To generate your plain-English summary and prep sheet |
| Account information | Email address and first name | To save your reports and send account-related communications |
| Usage data | Pages visited and features used | To improve product performance, reliability, and usability |
| Appointment dates | Dates you optionally enter | To trigger your post-appointment check-in |
2. What We Do Not Do
- ✗ We do not sell your data to any third party — ever.
- ✗ We do not share your report content with advertisers.
- ✗ We do not store raw report text after your summary is generated.
- ✗ We do not use your personal health information to train AI models.
- ✗ OncoKind.com is ad-free. No advertiser has ever paid to influence what you see here.
3. How Your Data Is Protected
Encryption in transit
All data transmitted between your device and OncoKind is encrypted using TLS 1.2 or higher.
Encryption at rest
All stored data is encrypted at rest using AES-256.
Access controls
Only essential personnel have access to backend systems, with audit logging and role-based controls.
Data retention
Raw report content is processed to generate your summary and is not retained after processing. Your generated summaries and prep sheets are stored securely and can be deleted by you at any time from your account settings.
Breach notification
In the event of a data breach, affected users will be notified within 72 hours.
4. Our Subprocessors
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic | Report analysis and plain-English generation | De-identified report text during processing |
| Vercel | Application hosting and server runtime | Encrypted application and request data needed to operate the service |
| Supabase | Database, authentication, and secure storage | Encrypted user records, generated summaries, and account data |
| Resend | Transactional email delivery | Email address and account-related messaging content |
| Stripe | Subscription billing and payment processing | Payment information handled within Stripe checkout flows |
5. Your Rights
- Access: You can request a copy of all data OncoKind holds about you at any time.
- Deletion: You can request permanent deletion of your account and associated data.
- Portability: You can request your data in a portable format.
- Contact: For privacy or data requests, email support@oncokind.com.
6. HIPAA
Built with privacy at its core. No raw report data retained. Educational tool — not a covered entity.
HIPAA BAA available — contact us to discuss your organization's compliance requirements.
Using OncoKind does not create a Business Associate Agreement by default. If your organization needs a formal compliance review, contact us before onboarding.
7. Last Updated
This page was last reviewed on May 11, 2026.
Cookies and Consent
OncoKind uses essential cookies for authentication, session security, and language preferences. These cookies are required for the site to function properly.
If analytics is enabled in the future, those scripts will only run after you choose Accept All or explicitly allow analytics from the cookie preferences banner.
- Essential: session, authentication, language preference
- Analytics: optional site-usage measurement after consent only
- Opt out: choose Essential Only or update your preferences when the banner appears
Questions about your privacy? We'll answer them directly.
For educational support only. Not medical advice. Always consult your oncology team before making any treatment decisions.