← Back to CloudEndo

Privacy Policy

Last updated: April 8, 2026

Overview

CloudEndo ("we," "our," or "us") operates the cloud-based medical imaging platform at app.cloudendo.com. This policy describes how we collect, use, and protect information when you use our services.

Information We Collect

• Account Information: Name, email address, organization name, and billing information when you create an account.
• Clinical Data: Medical images, videos, DICOM files, and clinical reports uploaded to or created within the platform. This data is owned by you and your organization.
• Usage Data: Log data including IP addresses, browser type, pages visited, and feature usage for service improvement and security monitoring.
• Device Information: Information about devices used to access our services, including the CloudEndo Desktop App.

How We Use Your Information

• Provide, maintain, and improve our services
• Process billing and manage your subscription
• Send service-related communications (account alerts, security notices)
• Ensure security and prevent unauthorized access
• Comply with legal obligations including HIPAA requirements

HIPAA Compliance

For healthcare customers handling Protected Health Information (PHI), CloudEndo operates as a Business Associate under HIPAA. We execute Business Associate Agreements (BAAs) with covered entities. PHI is encrypted at rest (AES-256) and in transit (TLS 1.2+), and access is controlled through role-based permissions with comprehensive audit logging.

Data Storage and Security

• All data is stored in AWS (US regions) with encryption at rest and in transit
• Multi-tenant architecture with strict data isolation between organizations
• 6-year audit log retention per HIPAA requirements
• Regular security assessments and monitoring

Data Sharing

We do not sell your data. We share information only as necessary to:

• Provide services you have requested (e.g., EMR integrations you configure)
• Process payments through our billing provider (Stripe)
• Comply with legal requirements or valid legal processes

Your Rights

You may request access to, correction of, or deletion of your personal data by contacting us. Clinical data export is available through the platform at any time. Upon account termination, your data is retained per your organization's retention policy and applicable legal requirements, then securely deleted.

Veterinary Data

Animal health records are not considered Protected Health Information under HIPAA. Veterinary customers may use open (unauthenticated) sharing links. Data retention follows organization-defined policies rather than state medical record retention laws.

Contact

For privacy questions or data requests, contact us at info@cloudendo.com.

ESS, Inc.
3 Fallsview Lane
Brewster, NY 10509