Privacy Policy

Overview

Kantrad is a desktop application that runs entirely on your computer. We are committed to protecting your privacy and the privacy of your patients. This policy explains what data Kantrad handles and how.

Data Storage

All data processed by Kantrad — including DICOM images, patient metadata, annotations, reports, and application settings — is stored locally on your device in a SQLite database. No data is stored on our servers or any third-party cloud service.

The database is located in your system's application data directory and is accessible only to your user account.

Network Connections

Kantrad makes no network connections by default. The application operates fully offline out of the box. Network connections are made only when you explicitly configure one of the following optional features:

• AI Analysis (Ollama) — If you configure a local Ollama server, image frames and report text are sent to that server for AI analysis. The Ollama server runs on your own hardware and no data leaves your network.
• Cloud AI Providers — If you configure a cloud AI provider (Google Gemini, OpenAI, or a custom endpoint), image data and text may be transmitted to third-party servers. These transmissions are subject to the respective provider's privacy policy. You are responsible for ensuring compliance with applicable regulations.
• PACS / DICOMweb — If you configure PACS servers, Kantrad communicates with those servers to query and retrieve studies. This traffic stays within your institutional network.

Analytics & Telemetry

Kantrad collects no usage analytics, crash reports, or telemetry of any kind. We do not track how you use the application, which features you access, or any other behavioral data. There are no tracking pixels, analytics SDKs, or phone-home mechanisms.

HIPAA Considerations

Kantrad is designed to support HIPAA-compliant workflows:

• All patient data remains on your local device
• Built-in audit logging tracks data access events
• Optional SQLCipher encryption for the database at rest
• No third-party data transmission unless explicitly configured

However, full HIPAA compliance is a property of your overall environment, not a single application. Compliance depends on device encryption, physical security, access controls, backup procedures, and your institution's policies. Kantrad is a tool that supports compliant workflows but cannot guarantee compliance on its own.

Medical Device Disclaimer

Kantrad is a productivity and workflow tool. It is not a certified medical device under FDA 510(k), EU MDR (CE marking), or any equivalent regulatory framework. It must not be used as the sole basis for clinical diagnosis or treatment decisions.

AI-generated analysis and suggestions are preliminary and provided for informational purposes only. All findings must be verified by a qualified, licensed radiologist or physician using certified diagnostic systems.

Third-Party Services

Kantrad does not integrate with any third-party analytics, advertising, or tracking services. The only third-party services involved are those you explicitly configure (AI providers, PACS servers).

Updates

Kantrad does not auto-update. You download updates manually from kantrad.app/download. No background connections are made to check for updates.

Contact

If you have questions about this privacy policy, contact us at hello@kantrad.app.