Patient Privacy Policy
How StrIQ protects your health data.
We understand your health data is deeply personal. This policy explains how we collect, use, and protect your information — with transparency and clinical accountability at every step.
What we collect
We practice data minimization — collecting only what is absolutely necessary to provide accurate clinical results and secure your account.
Personal identifiers
Your verified mobile number or email — used exclusively for passwordless login and critical health alerts. Your account is identified by a non-guessable 10-character alphanumeric Unique Patient ID (e.g. A3F9B1), not your name.
Clinical parameters
Biological sex and date of birth (required for AI accuracy — see Section 2). Digital captures of your test strips and the resulting clinical classifications.
Technical metadata
Device information and IP address, collected solely for security auditing and to prevent unauthorized access to your records.
Why we use your data — AI accuracy
StrIQ's AI models (YOLOv8 + CNN) use your biological sex and age to calibrate detection logic to your specific profile. Clinical thresholds for parameters like Protein, Specific Gravity, and Creatinine vary significantly by sex and age — without this data, results would be less accurate. This data is never used for marketing.
Technical data protection
Color-space abstraction
When you scan a strip, raw RGB pixels are converted to the CIE L*a*b* color space (normalized 0–1). This mathematical abstraction focuses on clinical classification, not visual reproduction — adding a technical privacy layer between your sample and the result.
Passwordless security
We do not store passwords. We use hashed One-Time Passwords. Even in the event of a database breach, your access codes are cryptographically protected and cannot be read as plain text.
Tamper-evident audit logs
Every time a laboratory technician views your records, an immutable SHA-256 signed audit log is created. These logs cannot be edited or deleted, ensuring total accountability for who has accessed your data.
Data sharing & multi-tenant isolation
Strict lab isolation
Your records are permanently bound to the specific laboratory where your test was performed. Our multi-tenant architecture physically prevents technicians from one lab from seeing data belonging to another lab.
No third-party sharing
We only share your data with the laboratory you have chosen. We do not sell or rent your health information to insurance companies, researchers, or any third parties without your explicit, separate consent.
Your rights & control
Access your records
You can view all your verified reports and health trends at any time through the Patient Portal.
Right to be forgotten
If you delete your account, automated signals immediately purge your personal identifiers from our authentication tables and anonymize your historical clinical metrics. Your data does not linger.