Dysplasia Diagnostics Clinicians

DYSPLAI Oncology Intelligence API: Privacy Policy

Version: 1.0 · Last reviewed: 2026-07-02 · Applicable law: UK GDPR & Data Protection Act 2018


1. Who we are

Dysplasia Diagnostics Limited (company number 14361617, registered office 85 Great Portland Street, London, England, W1W 7LT), trading as DysplasiaDx, is the data controller for personal data processed in the operation of the DYSPLAI Oncology Intelligence API (the "Service"), except where we act as a processor on your behalf (see Section 4). We are registered with the UK Information Commissioner's Office (ICO) under data-protection registration reference ZB404788. Data-protection contact: contact@dysplasiadx.com.

This policy explains what data we process, why, on what legal basis, who we share it with, where it is stored, and your rights.

2. Scope and the Research Use Only model

The Service processes de-identified research molecular data. It is not an EHR, LIMS, or clinical records system, and customers are contractually required to de-identify data and remove direct patient identifiers before submission (see the EULA §7 and the Acceptable Use Policy). This policy covers:

  • Account and billing data: for which we are the controller.
  • Customer Data (submitted molecular data, metadata, and derived results): for which we act as a processor on the customer's behalf.

3. Account and billing data (we are controller)

Category Examples Purpose Legal basis (UK GDPR)
Account identifiers name, work email, organisation, role provision and manage the tenant Contract (Art. 6(1)(b))
Marketplace entitlement Google consumer project number, plan, status activate and bill the subscription Contract
Authentication API key prefixes, key metadata (never the secret in logs) authenticate and secure access Legitimate interests (Art. 6(1)(f)): security
Usage and metering operations, credits consumed, request metadata billing, quotas, fraud prevention Contract; Legitimate interests
Support records correspondence with our support team provide support Contract; Legitimate interests
Audit events provisioning, key lifecycle, cross-tenant access attempts, offboarding security, compliance, dispute resolution Legal obligation; Legitimate interests

We do not sell personal data and do not use it for advertising.

4. Customer Data (we are processor)

When you submit molecular data and metadata, we process it only to provide and support the Service and on your documented instructions, as set out in the EULA, the Data Retention guide, and any data processing agreement (DPA) between us. You are the controller of Customer Data and are responsible for the lawful basis, de-identification, and any ethics/IRB/data-sharing approvals for it.

We expect Customer Data to be de-identified. If you submit personal data in breach of the EULA, you remain the controller and are responsible for that processing; we will process it under the same processor terms until it is purged.

5. What we deliberately do not collect or log

By design, the Service never logs personal/patient identifiers, raw genomic data, molecular feature arrays, API key secrets, access tokens, or signed storage URLs. Webhook payloads carry operational signals and authenticated links only: never molecular results.

6. How we use data

  • Provide, operate, secure, and support the Service.
  • Authenticate requests and enforce tenant isolation and limits.
  • Meter usage and bill through the Google Cloud Marketplace.
  • Detect, prevent, and investigate misuse, security incidents, and breaches of the Acceptable Use Policy.
  • Comply with legal obligations and enforce our agreements.
  • Produce aggregated, de-identified operational statistics to run and improve the Service (these do not identify you or any individual).

We do not use Customer Data to train models except where expressly agreed in writing with you.

7. Sharing and sub-processors

We share data with service providers ("sub-processors") who process it on our behalf under contract, including:

Sub-processor Role Location of processing
Google Cloud (Google Cloud EMEA Ltd / Google LLC) hosting, compute, storage, Marketplace billing (Service Control), and a managed large-language model used by the interpretation service (de-identified research text only) tenant home region: the model runs on a regional Vertex AI endpoint in the home region (e.g. UK europe-west2); see Section 8

The interpretation service's fallback and clinical-context model runs on DDXL-operated, self-hosted inference infrastructure and is not a third-party LLM sub-processor; the de-identified research text it processes is not sent to any third-party model provider.

We maintain a current sub-processor list and will provide it and reasonable prior notice of changes on request via the DPA. We may also disclose data where required by law, to enforce our agreements, or to protect rights, safety, and the integrity of the Service. We do not sell personal data.

The interpretation service is configured to call this model through a regional Vertex AI endpoint in the tenant's home region, so the model's processing of de-identified research text stays within that region and does not, by itself, move data to another region or outside the UK/EEA.

8. International transfers and data residency

Each tenant is assigned a home region at provisioning, and molecular data does not leave the home region by default. Available regions include the UK (London, europe-west2), the EU (Frankfurt, Netherlands), and the US (Iowa). Cross-region replication is opt-in per tenant, limited to approved artefact classes, and recorded as an auditable event.

The managed model runs on a regional Vertex AI endpoint in the tenant's home region and so does not itself move data out of region. Where personal data is nonetheless transferred outside the UK/EEA (for example, certain control-plane operations), we rely on an adequacy decision or appropriate safeguards such as the UK International Data Transfer Agreement / Addendum or EU Standard Contractual Clauses. The self-hosted inference infrastructure is operated in DDXL-controlled environments and does not introduce an additional third-party transfer.

9. Retention

We retain data per the Data Retention guide: raw inputs for a default of 30 days (configurable per tenant), results and reports for 180 days (Research) or as contracted, and immutable audit logs. On offboarding, API keys and storage access are revoked, and for Enterprise/Enterprise Plus, CMEK scheduled key deletion cryptographically destroys the data it protected. We retain account and audit data as needed for legal, accounting, and security purposes.

10. Security

The Service uses tenant isolation (row-level or dedicated schema/bucket), short-lived internal authentication tokens, encryption in transit and at rest, Confidential Compute (AMD SEV) for genomic workloads, optional customer-managed encryption keys (CMEK) for Enterprise, and immutable audit logging of sensitive operations. No system is perfectly secure; we will notify affected customers and regulators of a personal-data breach as required by law.

11. Your rights

Subject to applicable law, individuals have rights to access, rectify, erase, and restrict processing of their personal data, to data portability, and to object to processing. Because most Customer Data is de-identified and we act as processor for it, requests relating to Customer Data should normally be directed to the customer (controller); we will assist as required by the DPA. For account data, contact contact@dysplasiadx.com. You may also complain to the UK Information Commissioner's Office (ICO).

12. Changes and contact

We may update this policy and will post the revised version with a new date; material changes will be notified. Questions, requests, or complaints: contact@dysplasiadx.com or Dysplasia Diagnostics Limited, 85 Great Portland Street, London, England, W1W 7LT.


Dysplasia Diagnostics Limited (trading as DysplasiaDx) · Research Use Only · Not for use in diagnostic procedures.

EULA·Privacy Policy·Support & SLA·← Back to site
Dysplasia Diagnostics Limited (trading as DysplasiaDx) · Research Use Only · Not for use in diagnostic procedures.