OncoKind

Security & Data Protection

OncoKind is built with privacy and security at its core. This page explains how we handle your pathology reports and personal data.

Zero Raw PHI Retention Pipeline

When you upload a pathology report, we extract text and immediately scrub all personally identifiable information (names, dates of birth, medical record numbers, phone numbers, emails, addresses). Only de-identified, structured data is sent to our AI. The raw extracted text is never stored — not in our database, logs, storage, or error reporting tools. We retain only the structured insights (biomarkers, stage, histology) that help you understand your report.

AES-256 Encrypted Storage

All structured data we store (biomarkers, trial matches, summaries) is encrypted at rest using AES-256-GCM. Encryption keys are managed in application-level environment variables and never logged. Data is stored in Supabase with Row-Level Security (RLS) ensuring each user can only access their own records.

Row-Level Security (RLS) Data Isolation

Every table in our database has RLS enabled. Users can only read, update, or delete their own records. Enterprise advocates with multi-patient access are restricted to explicitly assigned patients. The service role key is never exposed to the client; it is used only for server-side operations such as webhooks.

Secure AI Architecture

We use Anthropic's Claude API for processing. Only de-identified, scrubbed text is sent. We never log prompts or responses that could contain PHI. Our pipelines are designed so that even in error conditions, raw pathology content does not appear in logs or monitoring tools.

No Data Sold

We do not sell, rent, or share your data with third parties for marketing or advertising. Data is used only to provide OncoKind services to you. Payment processing is handled by Stripe; we do not store credit card numbers.

Zero raw retention

Raw pathology text is never stored.

AES-256 encryption

All sensitive data encrypted at rest.

RLS isolation

You only access your own data.

Secure AI

De-identified input only; no PHI to third parties.

No data sold

Never sold, shared, or used for advertising.

HIPAA-conscious

Built with healthcare privacy in mind.