Privacy Policy

Last updated: 16 May 2026

1. Who we are

VRASS (Virtual Radiologist Assistant) is a clinical reporting workspace developed by Dr. Sumit Kumar and the Paper Library team. It is accessible at vrass.in and is designed for qualified radiologists. VRASS is not a medical device and does not provide clinical advice.

2. Patient data — our core commitment

VRASS is built around one principle: no patient data is stored on VRASS servers.

✓Patient metadata you enter during a reporting session (name, age/sex, MRN, study date, referring physician, study type) is held only in your active draft on your own Supabase account and in your browser session. It is never transmitted to VRASS or any third party.
✓When you print or export a report to DOCX, patient metadata is embedded in that locally generated file only — it goes directly to your device and is never uploaded anywhere.
✓Patient data entered in the print or export modal is used once, for that action, and is not retained on any server beyond your own Supabase draft.
✓No patient images are uploaded to VRASS at any stage.
✓You can clear patient data from your print history at any time from within the app.

3. What VRASS does store

The following data is stored in your personal Supabase account with row-level security (RLS). Only you can access your own data — no other user, including VRASS administrators, can read it.

AccountYour email address, managed by Supabase Auth.

Report draftsThe active report you are working on, auto-saved so you can resume across sessions.

Report historyReports you explicitly save. Contains report content and any metadata you choose to include.

TemplatesReport templates you create or import.

ShortcutsText expansion shortcuts you define.

Usage countsAnonymous daily and monthly generation counts, used for rate limiting. No report content is stored.

Radiologist profileName, qualifications, designation, institution — only if you choose to complete your profile.

Personal headerInstitution name, department, address, contact, logo, footer — stored only if you configure a personal report header.

4. Third-party integrations

If you connect a third-party API key to VRASS, the following applies:

✓Your API key is stored encrypted in your own Supabase account and is never shared with VRASS servers.
✓Only your clinical findings text is sent to the third-party provider — never patient name, MRN, age, or any identifying metadata.
✓VRASS does not log, inspect, or retain any data sent to or received from third-party providers.
✓The third-party provider's own privacy policy governs how they handle any data you send.

5. Data storage and security

All user data is stored in Supabase with row-level security policies that prevent any cross-user access. All connections are encrypted via HTTPS/TLS. VRASS is deployed on Cloudflare Pages and does not operate its own database servers.

6. Cookies

VRASS uses session cookies only to keep you signed in via Supabase Auth. No advertising cookies, no third-party tracking cookies, and no analytics cookies are used.

7. Your rights

You may request deletion of your account and all associated data at any time by contacting us at info@paperlibrary.org. Deletion requests are processed within 30 days. You may also delete individual reports, templates, and shortcuts directly within the app.

8. Changes to this policy

This policy may be updated from time to time. Significant changes will be communicated via in-app notice. Continued use after changes constitutes acceptance.

9. Contact

For any privacy-related questions, contact us at info@paperlibrary.org.