\\

MENU
CONTACT / DEMO REQUEST + PARTNERSHIP INQUIRY
Interested in solving your problems with Rayscape AI?
First Name

*

This field is required.
Last Name

*

This field is required.
Job Title

*

This field is required.
Company/Institution

*

This field is required.
Country

*

This field is required.
Please see our

Privacy Policy

regarding how we will handle this information.
Globe Icon

Languages

EnglishEspañolFrançaisPolskiDeutsch

Privacy Policy // Rayscape



Last Updated: November 4, 2025



The website located at www.rayscape.ai (the “Website”) is operated by Mindfully Technologies SRL (“Rayscape”, “we”, “us”). By accessing or using the Website, you (“User”) acknowledge and agree to this Privacy Policy (the “Policy”). We are committed to safeguarding personal data and to processing it lawfully, fairly, and transparently in accordance with the EU General Data Protection Regulation (GDPR) and applicable national laws. This Policy explains what personal data we collect via the Website, how we use it, with whom we may share it, and the rights you can exercise. We will post updates on this page whenever we modify our practices or when legal requirements change, and the “Last Updated” date will be revised accordingly.

This Policy applies only to personal data collected through the Website (e.g., contact forms, newsletter sign-ups, support requests). It does not govern processing performed through Rayscape’s software deployed in healthcare institutions. Processing of patient data within Rayscape’s CXR and Lung CT products is performed under the healthcare provider’s instructions and is addressed in the product-specific privacy documentation and data processing arrangements.

If you have questions about this Policy or your data protection rights, please contact our Data Protection Officer at [email protected]. We encourage you to read this entire Privacy Policy carefully to understand what data we collect and why. If you are in a hurry, here are the key takeaways:


  • This Policy applies only to personal data collected via the Rayscape website (www.rayscape.ai), including data submitted through contact/demo forms, newsletter sign-ups, partner inquiries, account creation, and sign-up and order flows for Rayscape Web.
  • We do not sell your personal data and we do not use it for unrelated commercial purposes. We process it solely to provide and improve our services and to operate the Website.
  • We collect only the minimum personal data necessary to achieve the purposes described in the Policy.
  • You can exercise all GDPR rights (access, rectification, erasure, restriction, portability, objection) and withdraw consent at any time without affecting prior processing. We will respond within statutory timelines and do our best to facilitate your requests.
  • Your personal data may be shared with trusted service providers (e.g., hosting, CRM, analytics, payment/ordering tools) strictly under contract and only for the purposes described in the Policy.
  • If you have questions about your rights, this Policy, or how we handle your data, please contact our Data Protection Officer at [email protected].



1. Categories of Personal Data



Through our Website (www.rayscape.ai), we collect and process only the personal data necessary to enable communication, provide requested services, and manage demo or web access requests. The types of personal data collected fall under the following categories:
  • (A) Personal Data you provide to us
  • (B) Personal Data we may automatically collect
  • (C) Cookies & similar technologies
  • (D) Personal Data collected via Third-Party Services (HubSpot)
  • (E) Personal Data we may receive from Third Parties
  • (F) Special categories of Personal Data (Sensitive Data)


(A) Personal Data you provide to us


When interacting with the Website, you may provide us with the following personal data:
  • Contact information. When filling in our contact, demo request, or partnership forms, you may provide: your first and last name, email address, job title, company or institution, country, and your message or inquiry details.
  • Contact information. When completing a web order or entering into a contract, you may provide: your first and last name, institution name, country, and any other relevant business information required to process your request or order.
    • Payment-related informaiton
  • Card Payments (via Stripe): we receive limited transaction metadata from Stripe (e.g., payer name, billing country, last four digits of the card, transaction ID, method, status, amount, currency, timestamps). Rayscape does not receive or store full card numbers, CVCs, or complete payment instrument data.
  • Bank transfers: to reconcile payments, we process information contained in the bank transfer record (e.g., payer name, account identifier as presented in our bank statement, transaction reference, amount, currency, timestamps, and invoice number).
  • Professional information. When you contact Rayscape for collaboration or partnership opportunities, you may also provide your role, organization, and area of professional interest.


Please do not submit patient or clinical data through these forms. All data submitted through our online forms is used exclusively for communication and service-related purposes.

(B) Personal Data we may automatically collect


When you visit our Website, certain information is collected automatically to help us understand website performance and user experience (“Navigation Data”). This may include:
  • IP address and general location (city/country level);
  • Date, time, and duration of your visit;
  • Browser type and version, operating system, and device type;
  • Referring and exit pages, and interaction data (e.g., clicks, time spent on pages).


We collect this data to analyze traffic, maintain the Website’s functionality and security, and improve our services. Collecting such data is standard practice and does not identify you directly unless combined with other information you provide.


(C) Cookies & similar technologies



We use cookies and similar technologies to operate and improve our Website.
  • Strictly necessary cookies are always active and essential for website functionality
  • Analytics and marketing cookies (e.g., Google Analytics, retargeting pixels) are used only with your consent, collected through our cookie banner. You can withdraw or modify your consent at any time through the “Cookie Preferences” link on our site.


For full details about the types of cookies used, their duration, and providers, please refer to our Cookies Policy.
Examples of technologies we may use include:

  • Web beacons/pixels: to measure website engagement and marketing performance.
  • Session and preference cookies: to enhance navigation and remember your settings.
  • Analytics tools: such as Google Analytics, to help us understand how visitors interact with our Website.


(D) Personal Data collected via Third-Party Services (HubSpot)


  • Hubspot: We use HubSpot, a trusted third-party Customer Relationship Management (CRM) and marketing automation provider, to collect and manage website submissions and communications.


    • HubSpot collects and processes personal data submitted through our forms (e.g., contact, demo, or order requests) on our behalf and under our instructions.
    • The information collected through HubSpot may include your name, email address, job title, company/institution, country, and message content.
    • HubSpot helps us manage contact records, send relevant communications, and analyze website engagement.


For more details on how HubSpot processes personal data, please refer to HubSpot's Privacy Policy.

HubSpot acts as our data processor under a Data Processing Agreement (DPA) that includes appropriate safeguards under the EU General Data Protection Regulation (GDPR).
  • Stripe (independent controller for card data): processes card payments securely. Stripe may collect personal data and payment instrument data directly from you to complete the transaction. Rayscape receives only limited transaction metadata as noted above and does not store full card details.

ePrivacy/PECR notice: Electronic marketing is conducted in accordance with applicable ePrivacy rules (e.g., the EU ePrivacy Directive and, where relevant, the UK PECR). You can opt out of marketing at any time via the unsubscribe link in our messages or by contacting [email protected]; opting out will not affect service-related communications.

(E) Personal Data we may receive from Third Parties



We generally do not receive personal data about you from third parties. If this changes (for example, through business partners or integrations), this Policy will be updated accordingly to describe the data source and purpose of processing.

(F) Special categories of Personal Data



This Website is not intended for the submission or processing of any sensitive or special categories of personal data as defined under Article 9(1) of the General Data Protection Regulation (GDPR), including data revealing: health status or medical history, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, or data concerning sexual orientation or life.

We explicitly request that you do not submit such data via our contact or order forms. The Website is not designed to receive or securely process medical images, diagnostic reports, or patient-related data.

If you believe you have inadvertently submitted such information, please contact us immediately at [email protected]. We will review the submission in accordance with our data minimization and deletion protocols and ensure secure removal if no lawful basis applies.
Note on Rayscape Clinical Products: Processing of medical imaging or patient data within Rayscape’s clinical software (e.g., Rayscape CXR and Rayscape Lung CT) is covered by separate documentation and performed under the healthcare provider’s control, not through this Website.

For details on patient data processing within Rayscape products, please refer to the relevant Product Privacy Documentation or contact your healthcare institution.


2. Purpose of data processing



We collect and process personal data through our Website only for specific and lawful purposes. Each processing activity is based on a valid legal basis under the General Data Protection Regulation (GDPR).
To respond to your inquiries and provide requested information

We process the information you provide through our contact or demo request forms to communicate with you, understand your needs, and provide information about our products, services, or partnership opportunities. This may include follow-up messages related to your inquiry.
Legal basis:
  • Legitimate interest (Article 6(1)(f) GDPR) – to respond to your requests and maintain business communication.
  • Pre-contractual measures (Article 6(1)(b) GDPR) – if your inquiry relates to a potential order or agreement.


To process web orders and conclude contracts
When you submit a web order for Rayscape products or services, we use your personal data to process your request, issue order confirmations, and finalize the contractual agreement between you and Rayscape. This includes verifying details, communicating about the order, and maintaining a record of the transaction.

Legal basis:
  • Contract and pre-contractual steps (Article 6(1)(b) GDPR) – to take the necessary steps to enter into and perform the contract.


To process payments
When you place a web order, payments are processed securely through third-party payment providers such as Stripe or via bank transfer. We process your payment-related data only to the extent necessary to verify, record, and confirm your transaction.
Legal basis:
  • Contract performance (Article 6(1)(b) GDPR).
  • Legal obligation (Article 6(1)(c) GDPR) – to comply with accounting, tax, and record-keeping requirements.


To manage partnerships and collaborations
If you contact us to discuss collaboration or partnership opportunities, we use your contact and professional details to evaluate the proposal and maintain communication with you.

Legal basis:
  • Legitimate interest (Article 6(1)(f) GDPR) – to evaluate potential partnerships and ensure effective cooperation.
  • Pre-contractual measures (Article 6(1)(b) GDPR) – where the discussion leads to a cooperation agreement.


To improve and secure our website
We process technical and navigation data to ensure the proper functioning, security, and optimization of our Website. This helps us maintain performance, diagnose issues, and analyze general usage trends.
Legal basis:
  • Legitimate interest (Article 6(1)(f) GDPR) – to ensure a secure and reliable online experience.
  • Consent (Article 6(1)(a) GDPR) – for the use of non-essential cookies or analytics tools.


To send you updates or marketing communications If you have provided explicit consent to receive communications from us (for example, by checking the consent box on our forms), we may use your contact information to send updates, newsletters, or information about Rayscape’s solutions and activities. You can withdraw your consent at any time by following the unsubscribe instructions or contacting us directly.

Legal basis:
  • Consent (Article 6(1)(a) GDPR).


To comply with legal and regulatory obligations
We process certain information to comply with legal requirements, including financial record retention, accounting documentation, and regulatory reporting obligations.

Legal basis:
  • Legal obligation (Article 6(1)(c) GDPR).


To protect our rights and prevent misuse
We may use and retain personal data as necessary to prevent fraud, ensure network and information security, and establish, exercise, or defend legal claims.

Legal basis:
  • Legitimate interest (Article 6(1)(f) GDPR) – to protect the integrity of our systems and business operations.
  • Legal obligation (Article 6(1)(c) GDPR) – when cooperation with authorities or record-keeping is required.



3. Sharing your personal data


We share personal data only when necessary, under confidentiality and data processing agreements, and with appropriate safeguards. We do not sell your personal data.

Third-party service providers (processors). We engage vetted providers to operate the Website and deliver requested services. They may process personal data strictly under our instructions and only for the agreed purposes.

  • CRM/form management: HubSpot (collection and management of contact, demo, partnership, and web order submissions)
  • Payments: Stripe (card payments for web orders); bank transfers are processed via our banking partners and accounting systems
  • Hosting/IT/security: website hosting, maintenance, monitoring, and security tooling
  • Communications: email delivery and ticketing/support tools
  • Where possible, we minimize directly identifiable data and may use pseudonymized or aggregated information for analytics and reporting.


Disclosures required by law. We may disclose personal data when required to comply with applicable laws, court orders, or lawful requests by public authorities; to investigate or respond to suspected fraud, security incidents, or other wrongdoing; to protect the rights, property, or safety of Rayscape, our users, or the public; or to enforce our terms and policies.

Business transfers. If Rayscape undergoes a corporate transaction (e.g., merger, acquisition, reorganization, insolvency), personal data may be transferred to the relevant successor or acquirer subject to this Policy and applicable law.

Subsidiaries and affiliates. We may share personal data with Rayscape group entities that support Website operations and service delivery, subject to equivalent safeguards. You may raise questions or objections by contacting [email protected].

With your consent. Where required, or where we wish to use data for a purpose materially different from the one collected, we will seek your explicit consent or provide an opt-out, as applicable.

International transfers. If personal data is transferred outside the EEA/UK, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs) and supplementary measures where necessary.

4. Duration of retention of personal data



We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and to meet legal, regulatory, or contractual requirements. Where multiple periods apply, we keep the data for the longest period necessary to satisfy those obligations.
  • Contact and demo/partner inquiries: data submitted via website forms is used strictly to respond to your request and will be retained for 1 year from receipt of the request, or at least until your request is resolved, whichever is later.
  • Web orders, contracts, and related records: identification and order details, contract documentation, invoicing and payment evidence (including Stripe/bank transfer confirmations) are retained for the duration of the contractual relationship and thereafter in accordance with mandatory retention rules. Where local regulations require, core contract records may be retained for up to 50 years.
  • Dispute and claims management: by way of exception, we may retain relevant data for up to 3 years (or longer if a legal limitation period so requires) where we have a legitimate interest in preserving evidence in connection with potential or ongoing disputes, audits, investigations, or claims.
  • General reference period: in the absence of specific legal, regulatory, or contractual requirements, our reference retention period for website-related personal data is 3 years from the date of the last contact between you and Rayscape.
  • Recruitment (if applicable): personal data provided through any careers form is retained for the duration of the recruitment process. If hired, data may be incorporated into the personnel file and retained in line with employment law. If not hired, we retain your data only with your consent for up to 2 years to consider you for future opportunities.


In all cases, and except where the law requires continued retention, we will delete or irreversibly anonymize your data upon expiry of the applicable retention period or upon your valid erasure request. For questions about specific retention rules that apply to your records, contact [email protected].

5. Protecting your personal data


We implement appropriate technical and organizational measures to help ensure a level of security appropriate to the risk, aiming to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include, as applicable: access control and least-privilege management; authentication and role-based permissions; encryption in transit (HTTPS/TLS) and, where relevant, at rest; network and perimeter safeguards; logging and monitoring; vulnerability management and patching; secure development and change control; data minimization and retention limits; incident response procedures; staff confidentiality and training; and supplier due-diligence with data processing agreements and (where relevant) transfer safeguards (e.g., SCCs).

Please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we take steps to reduce risk to an appropriate level, we cannot guarantee absolute security. If you believe your personal data has been accessed or obtained by an unauthorized person, contact us promptly at [email protected].

In accordance with Article 37 GDPR, Rayscape has appointed a Data Protection Officer (DPO). You may contact the DPO at [email protected] for any questions regarding personal data processing or to exercise your rights.

6. Use by minors



The Website is not directed to individuals under 18 years of age, and we do not knowingly collect personal data from minors via the Website. If you believe a minor has provided personal data to us, please contact [email protected] so we can take appropriate steps to delete such information.

7. Accessing, correcting, or deleting your personal data



Subject to applicable law and certain limitations, you may request confirmation whether we process your personal data and obtain access to, rectification of, or erasure of your personal data. You may also request restriction of processing, object to processing, and (where applicable) exercise data portability.

How to submit a request
Email [email protected] and indicate the country you reside in and the nature of your request. We may request limited additional information to verify your identity (and, if acting on someone else’s behalf, proof of authorization). We respond within 30 days; if your request is complex or if you have made multiple requests, we may extend this period by up to 60 days and will inform you accordingly.

Limitations may apply where we must retain certain records to comply with legal obligations (e.g., tax/accounting), to establish, exercise or defend legal claims, or to perform a contract you have entered into with us (e.g., a web order).

Marketing and cookies

If you have consented to receive communications, you can withdraw consent at any time via the unsubscribe link or by contacting [email protected]. You can manage non-essential cookies through our banner’s “Preferences” link.

Account access

Rayscape does not provide a website user account portal. If you need to correct information submitted in a web order or invoice details, please contact us at [email protected] (or the contact provided on your order documentation) for assistance.

8. International transfer of personal data

For the Website, we seek to host and process personal data within the European Union (EU) or European Economic Area (EEA) whenever feasible. This includes data submitted via contact/demo/partner forms, web orders, and related support records. Some service providers (e.g., CRM, email, payments) may use infrastructure outside the EU/EEA or rely on sub-processors in multiple regions.

If personal data is transferred to countries outside the EU/EEA (or the UK), we implement appropriate safeguards as required by GDPR:
  • European Commission Standard Contractual Clauses (SCCs) with our processors and sub-processors
  • Supplementary measures where necessary (e.g., encryption in transit and at rest, access controls, data minimization)
  • Transfer assessments to evaluate local laws and the effectiveness of safeguards


Where a recipient participates in an approved adequacy framework (e.g., EU-US Data Privacy Framework, if and when applicable to that recipient), we may rely on that mechanism for eligible transfers. Otherwise, SCCs and supplementary measures apply.

We require our processors to apply equivalent protections to any onward transfers they perform and to process personal data strictly under our documented instructions. Note on clinical products: processing of patient or clinical data within Rayscape’s software (e.g., Rayscape CXR, Rayscape Lung CT) is governed by product-specific terms and the healthcare provider’s instructions and may involve deployment options ensuring data remains in region; this falls outside the scope of this Website Policy.

You may request a copy of the relevant transfer safeguards (subject to redactions for confidentiality) or additional information by contacting [email protected].

9. Your rights



Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have several rights regarding the personal data we process about you. You may exercise these rights at any time by contacting [email protected]. We respond to valid requests within 30 days; if your request is complex or if you have made multiple requests, we may extend this period by up to 60 days and will notify you of the reason for any delay.

Access


You may request confirmation of whether we process your personal data and, if so, obtain access to that data. You may also request information about the purposes of processing, categories of data, recipients, transfer safeguards, retention periods, and the source of the data (if not collected directly from you).

Rectification


You may request that we correct or complete any inaccurate or incomplete personal data about you.

Erasure (“right to be forgotten”)


You may request that we delete your personal data in certain cases, such as when:
  • the data is no longer needed for the purpose for which it was collected,
  • you withdraw consent (where processing is based on consent),
  • the data has been processed unlawfully, or
  • you object to processing and there are no overriding legitimate grounds.

Please note that deletion may not always be possible where we must retain data to comply with a legal obligation (for example, accounting or tax records, or contract documentation), or to establish, exercise, or defend legal claims.

Restriction of processing


You may request that we restrict processing in the following situations:
  • you contest the accuracy of the data (while we verify it),
  • processing is unlawful and you prefer restriction over deletion,
  • we no longer need the data but you require it for legal claims, or
  • you have objected to processing pending verification of our legitimate grounds.


If processing is restricted, we will store your data but will not process it further without your consent, except for legal claims or to protect the rights of another person.

Data portability


Where processing is based on consent or a contract and carried out by automated means, you can request that we provide your data in a structured, commonly used, and machine-readable format, or that we transfer it directly to another controller where technically feasible.

Objection to processing


You may object at any time to the processing of your personal data where it is based on legitimate interest (Article 6(1)(f) GDPR). We will stop processing unless we demonstrate compelling legitimate grounds that override your rights or if the data is needed for legal claims. You can also object to processing for marketing purposes at any time.

Automated decision-making


Rayscape does not perform automated decision-making or profiling that produces legal effects or similarly significant impacts on you.

Your choices for certain disclosures


If we ever intend to disclose your personal data for a purpose materially different from the one for which it was collected, we will inform you in advance and provide an easy way to opt out.

For any sensitive personal data inadvertently submitted, we will seek explicit opt-in consent where required or promptly delete the information.

Complaints


We encourage you to contact us first with any questions or concerns regarding our processing of your personal data. You can reach our Data Protection Officer at [email protected].
If you are located in the European Union, you also have the right to lodge a complaint with your local data protection authority under Article 77 GDPR if you believe that our processing infringes applicable data protection law.
A list of EU data protection authorities and their contact details is available on the European Data Protection Board (EDPB) website: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

How to submit a request


To exercise any of the above rights, please email [email protected] and include the country you reside in and the nature of your request. We may need to request limited additional information to verify your identity before processing the request. If we are unable to comply fully, we will explain why and outline your available options.
Alternatively, you can also submit your request to exercise your rights by post, at the following address:

Mindfully Technologies SRL
Calea Torontalului 69 Bl. VOX Et. 6 Cod 300668
Timișoara, Timiș
Romania

We are committed to addressing all privacy-related concerns promptly, transparently, and in good faith.

10. Links to other websites



The Website may include links to external websites, platforms, or resources that are not owned or controlled by Rayscape, for example, links to social media pages (LinkedIn, YouTube) or third-party documentation and resources.
These external sites may collect data independently, use cookies, or apply their own privacy policies. Rayscape is not responsible for the privacy practices, content, or security of those websites or any data they may collect. We encourage you to review the privacy policies of any third-party site you visit.
This Privacy Policy applies only to data collected through www.rayscape.ai and not to any other website or platform linked from it.

11. Changes to this Privacy Policy


We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we do, we will post the revised version on this page and update the “Last Updated” date at the top. Changes take effect upon posting, unless a later effective date is indicated. Where required by law (for example, if changes materially affect processing based on your consent), we will seek your renewed consent or provide additional notice.

12. Contact


If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact our Data Protection Officer at [email protected]. If you require this Policy in another language or an accessible format, please write to [email protected].
solutions
chest x-raylung ctPRICING & PLANS
about us
companyfaq
evidence
researchclinical evidenceindustryresources
terms
privacy policyterms & conditionscookie policy
© 2024 Rayscape All rights reserved.