CANCERDAO Privacy Policy

Publication Date: 17 June 2026
Effective Date: 17 June 2026

Welcome to CANCERDAO. This Privacy Policy explains how EuShan Intelligence Limited (“EuShan”, “Company”, “we”, “us” or “our”) collects, uses, stores, shares and protects personal information when you access or use the CANCERDAO website, web applications, mobile applications, AI-assisted functions, health database, clinical-trial matching reports, notifications, community functions and related services (collectively, the “Service”).

CANCERDAO is a health information and personal health management assistant. The Service may process sensitive health information. Please read this Privacy Policy carefully. By using the Service, registering an account, uploading information, submitting prompts or otherwise providing information to us, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy covers:

Information We Collect
How We Use Information
How We Store and Protect Information
Technical Architecture and Service Providers
Sharing, Transfers and Disclosure
Your Rights and Choices
Retention and Deletion
Children and Minors
Changes to This Policy
Contact Us

1. Information We Collect

When you register, sign in, reset your password or manage your account, we may collect your email address, password hash, verification codes, session identifiers, account settings, selected language, nickname, avatar and related account metadata.

1.2 Health Records and Uploaded Materials

When you use the health database or upload files, we may collect the content and metadata of materials that you choose to submit, including medical records, pathology reports, genetic testing reports, imaging reports, laboratory results, discharge summaries, prescriptions, treatment histories, symptoms, patient summaries, filenames, file sizes, file types and upload timestamps.

These materials may contain sensitive health information and other sensitive personal information. You should only upload information that you have the right and authority to provide. If you upload information about another person, you are responsible for ensuring that you have that person’s authorization or another lawful basis.

1.3 AI Chat, Prompts and Outputs

When you use AI-assisted Q&A, record organization, summary generation, clinical-trial matching or related functions, we may collect your prompts, questions, messages, uploaded attachments, selected settings, generated answers, generated reports, verification results, task metadata, model usage metadata and system logs needed to operate, debug and improve the Service.

1.4 Clinical-Trial Matching Information

When you use clinical-trial matching, we may process cancer type, disease stage, molecular markers, prior therapies, treatment line, ECOG performance status, biomarkers, age, sex, location, travel preferences and other fields that you confirm or that are extracted from your health database. The generated report is saved to your health database and may be emailed to your registered email address if the email function is enabled.

1.5 Device, Usage and Security Information

We may collect device type, browser type, operating system, user agent, IP-derived request information, page views, interaction events, timestamps, error logs, task duration, feature usage, service health signals and security-related logs. We use this information to maintain the Service, prevent abuse, troubleshoot issues and understand service usage.

1.6 Cookies and Similar Technologies

We use cookies, local storage and similar technologies to keep you signed in, remember preferences such as language, support progressive web app functionality, measure usage and maintain security. You can control cookies through your browser settings, but disabling them may make some features unavailable.

1.7 Information You Voluntarily Provide

If you contact us, submit feedback, request support, join a community feature or communicate with us by email or other channels, we may collect the content of your communication and contact details needed to respond.

2. How We Use Information

We use personal information for the following purposes:

To create, authenticate and manage your account.
To provide AI-assisted Q&A, health record organization, summaries, file preview, clinical-trial matching, notifications and related Service features.
To store and display your health database and generated reports.
To send verification codes, service emails, task-completion notices and administrative messages.
To maintain, monitor, secure, debug and improve the Service.
To prevent fraud, abuse, unauthorized access and security incidents.
To comply with applicable laws, regulations, legal processes and enforceable governmental requests.
To enforce our Terms of Service and other service rules.

Unless permitted by applicable law, disclosed in this Privacy Policy or authorized by you, we do not use identifiable health information to train general-purpose AI models. We may use anonymized, de-identified or aggregated information for analytics, security, product evaluation, model evaluation and service improvement where the information cannot reasonably identify a specific individual.

3. How We Store and Protect Information

We use administrative, technical and organizational measures designed to protect personal information from unauthorized access, disclosure, alteration, loss or misuse. These measures may include encrypted transport, access controls, logging, least-privilege operational practices, password hashing, file isolation, storage separation, envelope encryption for raw originals, and operational monitoring.

No internet service, cloud system, AI system or electronic storage method can be guaranteed to be completely secure. You should protect your account credentials, email account, devices and browser sessions.

4. Technical Architecture and Service Providers

CANCERDAO currently uses a cloud-based architecture to provide the Service. The specific providers and regions may change as the Service evolves, but the following describes the current architecture at the effective date of this policy.

4.1 Application Hosting

The primary test application environment runs on Amazon Web Services in Tokyo, Japan, behind Caddy and Cloudflare DNS. The application server processes web requests, WebSocket sessions, account actions, AI task orchestration, health database actions and administrative monitoring. A standby environment may be maintained on Google Cloud for resilience, migration or rollback purposes.

4.2 Database

Structured application data is stored in PostgreSQL. This may include users, sessions, verification codes, conversations, messages, health database metadata, task logs, upload records, page views, web push subscriptions and clinical-trial matching task metadata.

4.3 File Storage

Health database files and generated reports may be stored in Cloudflare R2 object storage. Raw original files may be stored in a separate raw storage bucket with envelope encryption using AWS Key Management Service. AI workflows are designed to read organized health database content and not the encrypted raw originals unless a specific user-facing workflow requires otherwise.

4.4 AI Processing

CANCERDAO uses AI systems to organize records, answer questions, verify medical statements, generate summaries and produce clinical-trial matching reports. The current architecture may use OpenAI/Codex-based tooling for primary generation and OpenRouter-hosted Anthropic Claude models for optional verification. AI subprocesses are executed through sandboxing and network egress restrictions intended to limit unnecessary access and data exposure.

When you use AI features, relevant prompts, health database context, attachments, model outputs and task metadata may be transmitted to AI service providers or processed through AI tooling as needed to provide the requested feature. AI outputs may be inaccurate, incomplete or outdated and do not replace professional medical advice.

4.5 Email and Notifications

We may use Resend or another email provider to send verification codes, service notices and generated clinical-trial reports to your registered email address. We may use browser Web Push infrastructure to provide task-completion notifications when you enable notifications.

4.6 Clinical-Trial Data Sources

Clinical-trial matching may query public trial registries such as ClinicalTrials.gov and, where enabled, ChiCTR or other trial registry bridges. Registry results are used to generate informational reports and do not determine final trial eligibility.

4.7 Operational Logs

We keep operational logs for security, debugging, usage monitoring and reliability. For medical privacy, task logs are designed to record metadata, classifications, status, duration and short diagnostic snippets rather than full medical records or complete AI answers where possible.

We do not sell your personal information. We may share or make information available in the following circumstances:

With service providers that process information for us, such as cloud hosting, object storage, database, email, AI processing, monitoring and security providers.
With third-party AI, infrastructure or registry services when necessary to provide a feature you request.
With your consent or at your direction, such as when you share a health summary or send a report.
With affiliates, successors or business transferees in connection with a merger, acquisition, financing, reorganization, asset transfer or similar transaction, subject to appropriate protection.
When required by law, regulation, legal process, governmental request or to protect rights, safety, security and compliance.

Your information may be processed or stored in Hong Kong, Japan, the United States or other countries or regions where we or our service providers operate. Where applicable law requires, we will take appropriate measures for cross-border transfers.

6. Your Rights and Choices

Depending on your location and applicable law, you may have rights to access, correct, delete, copy, export, restrict processing of, object to processing of, or withdraw consent for certain personal information.

Within the Service, you may be able to:

View and manage account information.
Delete conversations.
Upload, preview, download, rename or delete health database files.
Delete generated reports or summaries.
Change language and account preferences.
Withdraw browser notification permissions through your browser or device settings.

If you cannot exercise a right through the product, contact us using the contact information below. We may need to verify your identity before processing a request.

7. Retention and Deletion

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, dispute resolution, security, backup, audit or compliance needs.

When you delete content or close your account, we will delete or anonymize related information within a reasonable period, subject to legal, security, backup and operational retention requirements. Deleted information may remain in backups for a limited period before being overwritten or removed according to backup cycles.

8. Children and Minors

The Service is intended primarily for adults. If you are under 18, you should use the Service only with the consent and supervision of a parent or legal guardian. We do not knowingly collect personal information from children where parental consent is required by applicable law without the required consent.

If you believe that a minor has provided information without appropriate consent, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If changes materially affect your rights or how we process sensitive personal information, we will provide notice through the Service, website, email or other reasonable means as required by applicable law. Your continued use of the Service after the effective date of an updated policy means that you acknowledge the updated policy.

10. Contact Us

If you have questions, requests, complaints or suggestions about this Privacy Policy or our handling of personal information, please contact us at:

Email: cancerdaoxyz@gmail.com

We will review your request and respond within a reasonable period, or within the period required by applicable law.

End of Privacy Policy
EuShan Intelligence Limited