Sign inTry for free

Compliance · Law 13.709/2018

LGPD, without asterisks.

We are controller for operational data and processor for clinical data. The two layers have distinct legal bases, and we document each one.

Data Protection Officer

Natan Paraíso Ribeiro

Designated Data Protection Officer · LGPD contact

natan@laudos.aiData subject form

Applied legal bases

Four bases, each documented in a specific impact record.

Art. 7, V

Contract performance

Platform operation, authentication, payment processing and report structuring for physician review and signature in their own official system (PACS/RIS).

Art. 11, II, “f”

Health protection

Sensitive data processing by a professional bound by CRM confidentiality, in a medical-radiology procedure under their technical responsibility.

Art. 7, II

Legal & regulatory obligation

Compliance with CFM Res. 2,454/2026 (AI in medicine), CFM 1,821/2007 (minimum 20-year retention), CFM 2,299/2021 (electronic signature) and applicable tax obligations.

Art. 7, IX

Legitimate interest

Aggregate/anonymized telemetry for quality, security and fraud prevention, with a documented Legitimate Interest Assessment (LIA) available to the controller's DPO.

Art. 7, IV / Art. 11, II, “c”

Protection of life or physical integrity

Applicable to the critical-findings communication flow (CRIT) under Enterprise scope, with traceable notification, acknowledgement and contractual SLA.

Art. 7, I / Art. 11, II, “a”

Consent

For optional features (newsletter, additional third-party integrations, voluntary anonymous benchmarks) — granular, informed, free and revocable at any time (art. 8, § 5).

Data lifecycle.

  1. 01

    Collection

    Data arrives through PACS/RIS, API integration or direct upload by the radiologist, linked to a report in progress under the controller's instructions (institution or practice).

  2. 02

    Processing

    Transcription and structuring in Brazilian cloud region (contractual data residency), with multi-tenant isolation via Row-Level Security and organization-level enclaves.

  3. 03

    Hand-off and retention

    Structured text delivered to the radiologist's official system for review and signature. Minimum 20-year retention for reports and related clinical data (CFM Res. 1,821/2007, art. 8, sole §).

  4. 04

    Erasure

    At contract end or upon the subject's request (LGPD art. 18, VI), erasure follows the art. 16 exceptions (legal obligation, research, transfer with legal basis, anonymization). Portability available in structured format (HL7/CDA when applicable).

Your rights

Eight rights. One entry point.

We respond within 15 calendar days and ask only for the minimum documentation needed to authenticate the data subject.

  • 01I — Confirm whether processing exists
  • 02II — Access the data
  • 03III — Correct incomplete, inaccurate or outdated data
  • 04IV — Anonymize, block or delete unnecessary data
  • 05V — Portability to another provider
  • 06VI — Erase data processed based on consent
  • 07VII — Information about entities with whom data was shared
  • 08VIII — Information about the possibility of not consenting
  • 09IX — Revoke consent (art. 8, § 5)
  • 10Direct complaint to ANPD at any time (art. 18, § 1 c/c art. 55-J, IV)

Privacy

Essential cookies keep the site working; analytics only loads with consent.