Ruqelo is designed for de-identified clinical use by licensed healthcare professionals. This page describes how we handle data, infrastructure, and security.
What data Ruqelo processes
Ruqelo processes three categories of data:
Account and billing data — your name, email address, and payment information, used to manage your account and subscription.
Usage data — anonymised records of feature usage, session counts, and performance metrics, used to improve the product.
Clinical inputs — the de-identified clinical text you enter to generate outputs. These are processed transiently by AI inference providers to generate your output and are not stored as identifiable clinical records.
What Ruqelo does not store
Ruqelo does not store:
Patient-identifiable information (users are prohibited from entering this — see our Terms of Service)
Confirmed diagnoses linked to real patients
Any data that would constitute a medical record
AI inference
Ruqelo uses third-party AI inference providers to generate outputs. Clinical inputs are transmitted to these providers transiently to generate your output. Inputs are not used to train AI models.
Ruqelo uses industry-standard providers operating under data processing agreements.
Authentication
User authentication is handled by Clerk, a dedicated authentication provider. Ruqelo does not store passwords.
Payments
Payment processing is handled by a third-party payment provider. Ruqelo does not store card numbers or payment credentials.
Data transmission
All data transmitted between your browser and Ruqelo is encrypted in transit using TLS (HTTPS).
Data retention
Account data is retained while your account is active and for a reasonable period after account closure in accordance with our Privacy Policy.
Clinical inputs processed to generate outputs are not retained as identifiable records.
Saved account history
Users may choose to save de-identified conversation history, generated outputs, and preferences to their Ruqelo account for continuity across devices. Ruqelo prohibits patient-identifiable information, and saved history must not contain names, record numbers, dates of birth, contact details, or other identifying details.
HIPAA and GDPR
Ruqelo is not HIPAA-compliant and does not maintain Business Associate Agreements. Ruqelo is not suitable for use with Protected Health Information as defined under HIPAA.
Ruqelo is designed for de-identified clinical inputs only. For institutional deployments with specific compliance requirements, contact support@ruqelo.com.
Reporting a security concern
To report a security vulnerability or data concern, contact security@ruqelo.com. We aim to acknowledge all reports within 48 hours.
Related documents: Privacy Policy · Terms of Service · Clinical Governance & Safety