Radiology Assistant Privacy Policy
Last updated: May 12, 2026
Radiology Assistant is a Chrome extension for clinician-supervised radiology workflows, including chat, report drafting, file and image review, local knowledge-base search, PubMed lookup, optional Google Drive sync, and image markup. This policy explains what data the extension handles, how it is used, and when it is shared.
Clinical-use notice:
Radiology Assistant is an aid for qualified clinical review. AI outputs may be inaccurate and should not be used as the sole basis for diagnosis, treatment, or patient management.
Data the extension handles
User-provided content and health information:
Chat messages, radiology findings, reports, notes, uploaded images, PDFs, screenshots, screen clips, annotations, and knowledge-base documents. This data is used to generate responses, draft reports, analyze attachments, search local knowledge, restore chat history, and display image overlays or markup.
Authentication and API data:
User-entered Gemini API key, Google OAuth access token, and token expiration time. This data is used to call Gemini APIs and, if enabled by the user, authenticate Google Drive appDataFolder sync.
Google account profile information:
Google profile and email returned during optional Google Drive sign-in. This data is used to show sync/account status and support Drive appDataFolder sync.
Local settings and app state:
Personas, prompts, model settings, UI preferences, chat titles, local memory, and knowledge-base metadata. This data is used to personalize and restore the extension experience.
External lookup queries:
PubMed search queries and Gemini grounding/search prompts when those features are enabled. This data is used only to retrieve literature or grounding context requested by the user.
Where data is stored
Most app data is stored locally in the browser using IndexedDB, localStorage, chrome.storage.local, and chrome.storage.session. Google OAuth tokens are stored in Chrome session storage. The Gemini API key is stored locally in Chrome storage on the user's device.
If the user enables Google Drive sync, selected chat and media data may be stored in the user's own Google Drive appDataFolder. appDataFolder files are private application data associated with the user's Google account.
When data is shared
Radiology Assistant does not sell user data and does not use user data for advertising, retargeting, creditworthiness, or unrelated analytics. The extension shares data only as needed for user-facing features:
- Google Gemini / Generative Language APIs: prompts, selected chat context, images, files, knowledge snippets, and settings may be transmitted when the user sends a message or requests AI processing.
- Google Drive APIs: account authentication and synced app data are transmitted only if the user enables Drive sync.
- NCBI E-utilities / PubMed: search terms are transmitted only when the PubMed feature is used.
- Web links selected by the user: if the user opens external citations or result links, the browser loads those third-party pages.
Limited Use disclosure
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
Radiology Assistant uses Google API data only to provide or improve the extension's clinician-supervised radiology assistance features. The extension does not transfer Google user data except as necessary to provide those features, comply with applicable law, protect against abuse or security threats, or with the user's explicit consent where required. The extension does not use or transfer Google user data for personalized advertising, data brokerage, or lending/creditworthiness purposes.
Security
Data transmitted to Google APIs and NCBI services is sent over HTTPS. Users should avoid entering unnecessary patient identifiers or protected health information unless they have the legal authority and institutional approval to do so.
Retention and deletion
Local chat history, media, settings, personas, and knowledge-base data remain in the user's browser until the user deletes them, clears browser/extension storage, or removes the extension.
Google Drive appDataFolder data remains in the user's Google account until deleted through the extension's sync/account controls or Google Drive/app data management.
Session OAuth tokens are cleared when the user signs out or when Chrome session storage expires.
Human access
The extension developer does not operate a separate backend service for this extension and does not routinely receive or review user chat, image, file, or Drive appDataFolder content.
Human review would occur only if the user voluntarily shares specific information for support, if required by law, or if necessary to investigate security abuse.
Children
Radiology Assistant is intended for professional clinical use and is not directed to children.
Changes to this policy
This policy may be updated when the extension's data practices change. The "Last updated" date will be revised when material changes are made.
Contact
For privacy requests or support, use the support contact provided on the Radiology Assistant Chrome Web Store listing.