Privacy Policy
Effective July 6, 2026
Slicora is a DICOM viewer for iPhone and iPad. This policy explains what the app ("Slicora", "we", "us") does — and deliberately doesn't do — with your information. Questions are always welcome at support@slicora.app.
The short version
- Your scans stay on your device. Slicora never uploads your medical images. There is no Slicora cloud, no account to create, and we have no way to see your files.
- We collect a small amount of anonymous information: purchase receipts (to run your subscription) and optional usage statistics (to fix bugs). Neither includes your images, your name, or anything from inside your files.
- You can turn usage statistics off any time in Settings.
- We don't sell data, show ads, or track you across other apps.
Your medical images stay on your device
However a study reaches Slicora — the Files app, drag & drop, a ZIP from a patient portal, a download link, a hospital CD via Wi-Fi transfer, or a USB cable — the files are copied into the app's private storage on your iPhone or iPad and go no further.
- Never uploaded. Your studies, and the annotations, measurements, and reports you create from them, are never sent to us or to anyone else. We hold no copies and cannot access them.
- Encrypted at rest. Files live in the app's protected storage and are encrypted by iOS while your device is locked (iOS Data Protection).
- You control sharing. Exporting an image or PDF report happens only when you use the share button, through the standard iOS share sheet, to a destination you choose.
- You control deletion. Deleting a study in the app, clearing the library, or deleting the app removes the files completely — there is no server copy to chase.
Wi-Fi transfer stays on your network
The "From a Computer" feature turns your phone into a small receiver on your own Wi-Fi network. Files travel directly from the computer to the phone; they never touch the internet. The receiver runs only while that screen is open, and connections from outside your local network are refused.
To spare you typing an IP address, the app can also show a 6-digit code for send.slicora.app. When it does, the app registers one piece of information with our pairing service: your phone's private local-network address (something like http://192.168.1.23), stored under that temporary code. The computer enters the code and is redirected to your phone on your own network — your files never pass through the service. The code and address expire within 10 minutes of leaving the transfer screen. The service runs on Cloudflare, and the IP addresses of computers using it are held briefly (about two minutes) solely to limit abuse.
Importing from a link
When you paste a download link (for example from a patient portal), your device downloads directly from that address. We never receive the link or the files. The site you download from can see the request, as it would for any browser download, under its own privacy policy.
What we do collect
Purchases and subscriptions
Payments are processed by Apple; we never see your payment details. To activate your subscription and free trial across launches, we use RevenueCat, which receives the App Store receipt (product, price, trial and renewal status), a randomly generated anonymous app ID, and basic device information (model, iOS version, language and region). This is required for the app's purchases to function and is not tied to your name or email — Slicora has no accounts.
Anonymous usage statistics (optional)
To see which features are used and where errors happen, the app sends anonymous usage statistics to PostHog, our analytics provider. This is enabled by default and you can turn it off at any time in Settings → "Share Anonymous Usage Data" — the switch takes effect immediately. When enabled, we collect:
- Screens and events — for example "study imported (import method, succeeded or failed)", "study opened (scan type, number of images)", "3D view opened", onboarding progress, subscription events, and error categories (such as "ZIP was password-protected"). Event details are chosen from fixed, app-authored labels — never file names or values read from your files.
- App and device basics — app version, device model, iOS version, language, and timezone.
- A random identifier — the same anonymous ID used for subscriptions, so we can count users and diagnose problems. It is not your name, email, or any real-world identity.
- Approximate location — a country/city estimate our analytics provider derives from your IP address. Slicora never asks for or collects precise location.
- Masked screen recordings — to diagnose usability problems, sessions may be replayed as screenshots of the app's interface in which every image, every text field, and every view that shows study content or patient details is blacked out on your device before anything is sent. Replays show which buttons and menus are used — never your scans, never text you type, never personal details.
Usage statistics never include your images or pixel data, file names, or any patient information from inside your DICOM files.
Support emails
If you contact us from Settings → Contact Support, the email is pre-filled with a short debug block: app version and build, device model, iOS version, language, subscription status, the number of studies in your library, and your anonymous Support ID. It is visible and editable before you send, and it travels through your own mail app and provider. We use it only to help you.
What we never do
- No advertising, and no advertising SDKs in the app.
- No selling, renting, or trading of your information — to anyone, ever.
- No tracking across other companies' apps or websites.
- No accounts and no profiles tied to your identity — in most cases we could not tell which data is yours even if asked.
Service providers
The limited information described above is processed by these providers on our behalf:
- Apple — payment processing and the App Store. (privacy policy)
- RevenueCat, Inc. — subscription management. (privacy policy)
- PostHog, Inc. — usage analytics, hosted in the United States. (privacy policy)
- Cloudflare, Inc. — hosts this website and the send.slicora.app pairing service. (privacy policy)
This data is processed in the United States. Where required (for example for visitors from the EEA, UK, or Switzerland), transfers rely on safeguards such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.
How long we keep things
- Your studies and annotations — on your device, until you delete them.
- Pairing codes — at most 10 minutes after you leave the transfer screen.
- Purchase records and usage statistics — kept by the providers above for as long as needed to operate the app; deleted on request.
- Support emails — kept as long as needed to help you.
Your rights and choices
- Turn usage statistics off any time in Settings.
- Delete local data by deleting studies or the app.
- Depending on where you live (for example the EEA, UK, or California), you may have rights to access, correct, delete, or receive a copy of personal data, to object to or restrict its processing, and to complain to your local data-protection authority. We do not "sell" or "share" personal information as defined by the California Consumer Privacy Act.
- To exercise any of these rights, email support@slicora.app and include the Support ID shown in Settings → Contact Support — our records are keyed to anonymous IDs, so without it we usually cannot tell which data is yours.
Where GDPR applies: we process purchase data to perform our contract with you, usage statistics and abuse prevention under our legitimate interest in running and improving the app (with the opt-out above), and other data with your consent where required.
Children
Slicora is not directed at children, and we do not knowingly collect personal information from children under 13 (or the minimum age in your country). If you believe a child has provided us personal information, contact us and we will delete it.
Security
Your studies are protected by the iOS app sandbox and encrypted at rest by iOS Data Protection. All communication with the providers above uses TLS encryption. Wi-Fi transfers stay on your local network. No system is perfectly secure, but Slicora's strongest safeguard is architectural: your medical data simply never leaves your device.
Changes to this policy
If we change this policy, we will post the new version here and update the date at the top. For meaningful changes — for example, if a future feature ever sends new kinds of data — we will also call it out in the app or in App Store release notes.
Contact
The developer of Slicora can be reached at support@slicora.app.