Skip to content

Privacy & Legal

The VitalLens platform is built on a stateless architecture designed to minimize data exposure. We process video data in volatile memory and discard it immediately after inference.

Data Handling Policy

We adhere to a strict "Process and Delete" policy regarding personal data.

What We Do NOT Store

  • Input Video: We do not store the video usage data you send to the API. It is held in volatile memory only for the duration of the inference and is purged immediately upon completion of the request.
  • Resulting Data: We do not store the estimated waveforms (e.g., PPG waveform) or vitals (e.g., heart rate) returned to you. Once the API response is sent, these values are deleted from our server memory.

What We DO Store

Per our Privacy Policy, we retain specific metadata for billing, security, and service optimization:

  • Usage Logs: Frame counts, API Key usage, and timestamps for billing and rate-limiting.
  • Quality Metrics: Technical confidence scores and signal quality indicators. These are used to monitor model performance but contain no personally identifiable health or biometric data.

GDPR & International Compliance

VitalLens is designed to be GDPR-ready for users globally, including those in the EEA, UK, and Switzerland.

Data Roles

Under the GDPR, you (the customer) are the Data Controller and Rouast Labs is the Data Processor. You determine the purpose of the data collection, and we process it strictly according to your instructions as defined in our Data Processing Agreement (DPA).

International Data Transfers (SCCs)

The VitalLens API is hosted on AWS infrastructure in the United States (us-east-2). To ensure a legal basis for data transfers from the EU/UK to the US, our DPA incorporates the Standard Contractual Clauses (SCCs) adopted by the European Commission.

Data Minimization (Privacy by Design)

The VitalLens API strictly accepts only pre-processed, low-resolution video frames. This ensures that high-resolution, identifiable facial features never leave the end-user's device. Our VitalLens Clients and SDKs automatically handle this local pre-processing for you. If you connect directly to the API, you must perform this cropping and downscaling yourself before transmission.

By using the API, you agree to the Terms of Service. Please be aware of the following critical restrictions:

1. Not a Medical Device

VitalLens is NOT a medical device. The estimates provided are for general wellness and informational purposes only. They are not intended for:

  • Medical diagnosis or clinical patient monitoring.
  • Cure, mitigation, treatment, or prevention of any disease.

2. Prohibited Use: Model Training

You may not use the VitalLens API or the resulting data to develop, train, calibrate, or validate other machine learning models, algorithms, or similar technologies that process video to estimate vital signs.

You warrant that you have obtained explicit, legally valid consent from your end-users for the processing of biometric and health-related data before transmitting any data to the VitalLens API. You are responsible for maintaining records of this consent.