Legal

Privacy policy

This document describes which data lightnet multimedia gmbh („we") processes when you use the website darkfield.ch and the desktop software of the same name.

1. Controller

lightnet multimedia gmbh, [address, see imprint].
Privacy e-mail: info@darkfield.ch.

2. Legal bases

Processing is based on the Swiss Federal Act on Data Protection (FADP) and, for users resident in the EU/EEA, the EU General Data Protection Regulation (GDPR).

3. Website data

The host ([Metanet AG]) captures technically necessary access logs (IP address, timestamp, URL, user agent, referer). These are deleted after [30/90] days and used solely for operational security. We do not set tracking or marketing cookies.

4. Desktop-application data

All patient and session data — base data, recordings, notes, reports — stays exclusively on the user's device. Neither we nor third parties have access.

From the licence key the app locally derives a 12-character pseudonymous operator ID (SHA-256 with domain separator). This ID carries no personal reference and cannot be reversed to the key.

5. Community exchange (voluntary)

If you opt into the practitioner community, the following data are transmitted exclusively:

anonymous pattern descriptors (not reversible to images),
class labels, confidence, pseudo-ID, role, reliability weight and annotation timestamp.

Not transmitted: original images, patient names, birth dates, practice addresses, reports or licence keys. Uploads may optionally be AES-256-GCM encrypted with a user-chosen password; transport is over authenticated SFTP or FTPS.

The weekly aggregation produces a fully anonymised community bundle, signed with an Ed25519 key and distributed publicly via https://darkfield.ch/federation/. Individual contributions are no longer traceable.

Retention: incoming uploads up to 90 days; reliability scores as long as the pseudo-ID stays active; review queue until resolved by the expert panel.

6. Your rights

You have the right to information, correction, deletion, restriction of processing and data portability at any time. Deletion requests are executed technically: your pseudo-ID is placed on the exclusion list, your reliability record is deleted, and the next aggregation excludes your uploads. Requests to info@darkfield.ch including your licence key or its derived pseudo-ID.

The right to lodge a complaint with the Swiss FDPIC or the competent EU supervisory authority remains unaffected.

7. Security

HTTPS / TLS 1.2+ for all web access.
AES-256-GCM for optional upload encryption.
Ed25519 signatures on all files we deliver.
Key-based SFTP authentication between our host and the shared hosting.
No clear-name data leaves the end device.

8. Processors

With [Metanet AG] (Switzerland), the hosting provider for darkfield.ch, we have a written DPA. No data transfer to third countries takes place.

9. Changes

The current version of this policy is available at https://darkfield.ch/en/privacy.html. Substantial changes are announced inside the app.

Last update: [date to be inserted at publication].