Legal • Privacy

Privacy Policy

Kayalogy is built with privacy-first principles and security-by-design. This page provides a high-level overview of how we approach data protection.

Privacy and Security at Kayalogy

Kayalogy is based in Switzerland. We treat privacy and security as core product requirements and apply appropriate technical and organizational measures to protect personal and sensitive data.

Controller

Kayalogy (Switzerland) is responsible for processing personal data in connection with the website and platform, unless otherwise agreed in a written contract for institutional use.

Applicable Standards and Legal Basis
  • We aim to comply with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).
  • We apply principles such as data minimization, purpose limitation, confidentiality, integrity, and availability.
  • Our controls evolve as the platform, risk profile, and regulatory requirements develop.
What Data We Process
  • Contact data: information you provide when contacting us (e.g., name, email, message).
  • Server and security logs: technical logs (e.g., IP address, timestamps, user agent) required to operate, secure, and troubleshoot the website.
  • Uploaded content: only if you submit data for evaluation (e.g., imaging data), subject to your authorization and de-identification obligations.
Purposes of Processing
  • To operate, secure, and maintain the website and platform.
  • To respond to inquiries and provide support.
  • To improve reliability and security and prevent abuse.
  • To comply with legal obligations and enforce our Terms.
Data Minimization and De-identification
  • We collect and process only the data necessary for the intended purpose.
  • Where applicable, identifiers are removed and data is handled in anonymized or pseudonymized form.
  • Clinical uploads should be de-identified by the data provider before submission unless explicitly agreed otherwise in writing.
Security Controls
  • Encryption is used for data in transit and, where applicable, at rest.
  • Access is restricted based on least privilege, with role-based permissions and audit-friendly controls where applicable.
  • We continuously improve safeguards as the platform evolves.
Sharing and Third Parties
  • We do not sell personal data.
  • We do not use advertising trackers.
  • We share data only when required to deliver the service, comply with legal obligations, or with explicit authorization.
International Transfers
  • Depending on infrastructure and service providers, data may be processed in Switzerland and/or other jurisdictions.
  • Where required, we apply appropriate safeguards for cross-border transfers.
Retention and Deletion
  • Data is retained only as long as needed for the stated purpose or legal requirements.
  • Where feasible, data can be deleted upon request, subject to legal and security constraints.
Your Rights
  • Depending on applicable law, you may request access, correction, deletion, or restriction of processing.
  • We may request verification of identity before fulfilling requests.
Cookies
  • We do not use analytics or marketing cookies.
  • If cookies are used, they are limited to essential functionality (e.g., security and basic site operation).
Contact

Important: Kayalogy is currently in development. Any previews or demonstrations are provided for evaluation purposes only and are not intended for clinical use.