Skip to content
Pandocs

Privacy policy

Last updated: 2026-06-04

Protecting the privacy and security of personal medical information is an integral part of our commitment at Pandocs.

1. Introduction

This document explains how Pandocs Ltd collects, uses, retains, and deletes personal medical information submitted for the processing and analysis of medical documents for bodies such as National Insurance, the tax authorities, and insurance companies. The Company operates in line with the principles of international standards (GDPR and HIPAA), but is not directly subject to the regulation of any specific regulator.

2. Types of information collected

  • Medical documents and medical files
  • Diagnoses and visit summaries
  • Test results
  • Additional information supporting the analysis of the medical data

3. Processing purposes

  • Analyzing and organizing the documents to prepare a client file
  • Creating a medical summary according to the client's needs
  • Sending to the client, their representative, or a relevant body upon request

4. Retention period

Medical information is retained for up to 90 days from the date of its processing, for the purpose of delivering the service and making product corrections. A shorter retention period or immediate deletion may be requested. At the end of the period, the information is securely deleted.

5. Information sharing

The Company does not share medical information with third parties unless explicit authorization has been given or under a legal requirement. Technical service providers may access the information for storage and security purposes only, subject to confidentiality agreements and a data processing agreement (DPA).

6. Data security

Information is stored on Microsoft Azure servers under secure conditions, with encryption, access controls, and backups. Access is limited to authorized employees only. The Company operates in accordance with international data-security standards.

7. Client rights

The client has the following rights regarding their information:

  • Right of access to the information
  • Right to correct information
  • Right to delete information
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Protection against a decision based solely on automated processing

Requests can be sent to info@pandocs.ai. We will endeavor to respond within 30 days; we may need to verify your identity before handling the request.

8. Client declaration

The client declares that they have read the privacy policy, agree to its terms, and authorize Pandocs to process the submitted medical information accordingly.