EdVueXRLabs
GalleryPricing
Log inSign up

EdVue is intended for research and educational purposes only. It is not a medical device and must not be used for clinical diagnosis, treatment planning, or patient care.

XR Labs© 2026 XR Labs Health. All rights reserved.
Terms of ServicePrivacy PolicyContactPricing

Privacy Policy

Last updated: April 7, 2026

1. Introduction

XR Labs Health ("we", "us", "our") operates EdVue. This policy describes how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account information: Email address, username, display name, and hashed password. We never store plaintext passwords.

Billing information: Payment processing is handled by Stripe. We store your Stripe customer ID but do not store credit card numbers, bank account details, or other payment credentials on our servers.

Uploaded data: De-identified medical imaging files (DICOM, NIfTI). Our client-side tools strip identifying tags before upload, and our server audits for remaining identifiers. We do not intentionally collect or store protected health information (PHI).

Usage data: Case view counts, upload counts, and storage usage for plan enforcement.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process payments and manage subscriptions
  • To send transactional emails (account verification, password resets, case processing notifications)
  • To enforce our Terms of Service and acceptable use policies
  • To respond to your inquiries and support requests

We do not sell your personal information. We do not use your uploaded imaging data for training machine learning models or any purpose other than providing the Service to you.

4. Data Storage and Security

Account data is stored in a PostgreSQL database hosted on Railway. Uploaded files are stored in Cloudflare R2 object storage. All data is transmitted over HTTPS. Passwords are hashed with bcrypt. Sessions use signed JWT tokens with an 8-hour expiry.

While we implement reasonable security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials.

5. Data Sharing

We share data only with the following third-party services necessary to operate the platform:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Cloudflare R2 — file storage
  • Railway — application and database hosting

We do not share your data with advertisers, data brokers, or any other third parties.

6. Your Rights

You have the right to:

  • Access your personal data through your account settings
  • Correct your profile information at any time
  • Delete your account and all associated data through the account settings page
  • Export your data by contacting us

Account deletion removes all your data from our database and cloud storage, including all uploaded cases, processed files, and account information.

7. Cookies

We use essential cookies only: a session cookie for authentication (JWT) and optional per-case password cookies. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Data Retention

We retain your account data for as long as your account is active. When you delete your account, all data is permanently removed. Password reset and email verification tokens expire automatically (1 hour and 24 hours respectively) and are cleaned up periodically.

9. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on the Service.

11. Contact

For privacy-related inquiries, contact us at contact@xrlabs.health.