SpinoLens
HomeStart 7-Day Free Trial
Privacy

Privacy Policy

How SpinoLens handles clinic account data, billing data, branding, local workspace data, and patient viewer links.

Last updated June 1, 2026

Overview

SpinoLens is a 3D anatomy education and visualization product for clinics. This Privacy Policy explains how SpinoLens collects, uses, stores, and shares information when clinics and their authorized users access the website, doctor workspace, billing flows, branding tools, reports, and patient viewer links.

SpinoLens is not intended to be the clinic's system of record. Clinics remain responsible for deciding what information may be entered, exported, downloaded, shared, or stored under their own privacy, consent, and records policies.

Information we collect

  • Account and clinic organization information, such as names, email addresses, organization membership, and sign-in details managed through Clerk.
  • Billing and subscription information managed through Stripe, such as Stripe customer IDs, subscription status, price IDs, and billing portal access. SpinoLens does not store full payment card numbers.
  • Clinic branding information, such as clinic name, theme, colors, logo images, logo scale, and related visual settings.
  • Workspace preferences stored in the user's browser, such as panel layout, saved workspace views, and visual preferences.
  • Patient viewer link payloads when a clinic creates a patient link. These payloads currently include normalized atlas values, clinic branding, allowed patient views, creation and expiration timestamps, and clinic organization ID.
  • Technical and security information, such as request metadata, rate-limit counters, application logs, browser and performance information, and error diagnostics.

Patient reports and patient viewer links

Standard reports and visual outputs are generated in the workspace for clinic use. SpinoLens is designed so clinics can use the workspace without making SpinoLens the long-term storage location for patient records.

Patient viewer links are different. When a clinic creates a patient viewer link, SpinoLens stores a temporary server-side payload so the link can be resolved later. The link uses a bearer token and does not place atlas values in the URL. Clinics should send patient links only through their approved patient communication channels.

Patient links can be revoked by the clinic and expire automatically based on the configured retention period. The default application behavior is designed around temporary sharing, not permanent patient record storage.

How we use information

  • Provide and operate the SpinoLens website, doctor workspace, patient viewer, reports, billing, and clinic branding features.
  • Authenticate users, manage clinic organization access, and support team management.
  • Create, resolve, rate-limit, and revoke patient viewer links.
  • Process subscriptions and provide billing portal access through Stripe.
  • Maintain security, prevent abuse, debug errors, monitor performance, and improve reliability.
  • Respond to support, privacy, security, billing, and account requests.

Service providers and subprocessors

SpinoLens uses service providers to operate the product. Current core providers include Clerk for authentication and organization management, Stripe for billing and payments, Vercel for hosting, deployment, logs, and performance infrastructure, Upstash Redis for application storage, and Vercel Speed Insights for performance measurement.

These providers process information only as needed to provide their services to SpinoLens. Clinics should not send patient information through support, billing, or account channels unless they have determined that doing so is permitted by their own policies.

Data retention

  • Account, clinic organization, subscription, and billing-related records are retained while needed to operate the account, meet legal obligations, resolve disputes, and enforce agreements.
  • Clinic branding settings are retained until changed or deleted by authorized clinic users or until the clinic account is closed and deletion is completed.
  • Patient viewer link payloads are temporary and expire automatically according to the configured patient-share retention period. Links may also be revoked by the clinic.
  • Browser-local workspace preferences remain in the user's browser until cleared by the user or browser.
  • Logs and security records are retained for operational, security, fraud-prevention, and debugging purposes for a limited period based on provider and system configuration.

Security

SpinoLens uses administrative, technical, and organizational safeguards intended to protect information handled by the product. These include HTTPS, authenticated clinic access, subscription checks for sensitive clinic actions, no-store headers on patient-share API responses, tokenized patient viewer links, hashed token storage, rate limiting, and limited patient-share payload retention.

No internet service can guarantee absolute security. Clinics should use SpinoLens together with their own privacy, security, access-control, and patient communication policies.

Your choices

  • Authorized clinic users may manage clinic team access through the organization management experience.
  • Authorized clinic users may update branding settings and revoke patient viewer links.
  • Clinics may request deletion of account, clinic, branding, or other applicable data by contacting SpinoLens.
  • Users may clear local browser storage to remove workspace preferences stored on their own device.

Contact

For privacy, security, or data requests, contact privacy@spinolens.com. Include the clinic organization name and a clear description of the request.