Privacy Policy

1. Introduction

Galen Health (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our products and services.

2. Information We Collect

Account information: When you create an account, we collect your email address and authentication credentials. If you sign in with a third-party provider (e.g., Google), we receive basic profile information from that provider.

Usage data: We collect information about how you interact with our Services, including queries submitted, features used, and session duration. This helps us improve the product.

Health information: If you choose to share health-related information (such as cancer type, mutations, or treatment history) to receive personalized insights, we treat this data with the highest level of care and encryption. This includes medical documents you upload, health details provided during onboarding, chat and voice messages, and clinical data extracted from your records.

3. How We Use Your Information

• To provide and personalize the Services
• To improve and develop new features
• To communicate with you about your account
• To ensure security and prevent fraud
• To comply with legal obligations

4. Data Protection

We use industry-standard security measures including TLS encryption in transit and encryption at rest. We are actively strengthening our data protection practices and will update this policy as additional safeguards are implemented.

5. Data Sharing

We do not sell your personal information. We may share limited account information with service providers (e.g., payment processing) strictly as necessary to operate the Services.

We share health information you provide with OpenAI via their API to power Galen's AI features. This includes your uploaded medical documents, health details, chat and voice messages, and clinical data extracted from your records. OpenAI processes this data on our behalf as a data processor and does not use your data for model training.

6. AI and Your Data

Galen's intelligence is built from public biomedical databases and published research. Your personal data is processed by OpenAI's API solely to generate personalized responses to your queries.

OpenAI acts as a data processor under strict contractual protections. Your data is encrypted in transit to OpenAI's servers and is not used to train, improve, or develop OpenAI's models. We continuously strengthen these safeguards and will update this policy as protections evolve.

7. Data Retention

We retain your personal data only as long as necessary to provide the Services and fulfill the purposes described in this policy.

• Account and health data: Retained for as long as your account is active.
• Deletion: If you request account or data deletion, all personal data — including account credentials, uploaded documents, extracted clinical data, and conversation history — is permanently deleted within 30 days. This action is irreversible.
• Usage data: Retained in aggregate form for up to 24 months to improve our Services, after which it is anonymized.
• Third-party processing (OpenAI): Data sent to OpenAI for AI processing is not retained by OpenAI after the API response is generated, per our data processing agreement.

To request deletion, visit our Data Deletion page or email us at contact@usegalen.com.

8. Your Rights

You have the right to access, correct, or delete your personal data at any time. You may also request a copy of your data or ask us to restrict its processing. Contact us to exercise these rights.

9. Cookies

We use essential cookies to maintain your session and preferences. We do not use third-party advertising or tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised date.

11. Contact

Questions about this Privacy Policy? Contact us at contact@usegalen.com.