LEGAL · PRIVACY
Last updated: April 2026
Scan Instant is a browser-based file viewer for DICOM and NIfTI formats, available at scaninstant.com and app.scaninstant.com.
Vladimir Golubovic — Serbia
For the purposes of applicable data protection law — including the EU General Data Protection Regulation (GDPR) and the Serbian Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti) — the data controller is Vladimir Golubovic, contactable at the email address above.
Your DICOM and NIfTI files
All parsing, decoding, and rendering of your files happens entirely within your browser using JavaScript. Your file data is never transmitted to any server. It never leaves your device. We have no technical ability to access it.
Browser storage
The app stores two small items in your browser's local storage: your custom viewing presets, and a one-time flag that prevents a welcome message from appearing more than once. Neither contains imaging data or patient identifiers. You can clear both at any time by clearing your browser's local storage.
Exported reports and session files
The app provides an optional Export Report feature that generates a local HTML file on your device. This file may contain patient identifiers extracted from the source DICOM file, such as Patient Name and Study Date. These exports are generated locally, are unencrypted, and are not transmitted to any server. Users are responsible for the secure storage, handling, and deletion of exported files in compliance with applicable healthcare and data protection regulations.
Usage data
We do not operate any analytics service. We do not set cookies, track page views, or collect behavioural data through the Scan Instant application.
Infrastructure logs
Our hosting provider may retain standard server access logs — IP address, user agent string, request path, timestamp, and response code — for operational and security purposes. These logs are not linked to any imaging data and are governed by our hosting provider's own privacy policy.
No cookies
Scan Instant does not set any cookies. No cookie consent banner is required or shown.
Scan Instant is a client-side file viewer. While the software processes data locally on your device to render files, the operator of Scan Instant never receives, accesses, or stores this data. We therefore do not act as a data controller or processor with respect to your file data under the Regulation.
To the extent that infrastructure logs constitute personal data (e.g. IP addresses), our legal basis is legitimate interests (Article 6(1)(f) GDPR) — specifically, the operational necessity of maintaining a functioning and secure service.
Because we have no access to imaging data, we do not maintain a Record of Processing Activities (RoPA) for imaging data. A RoPA is maintained only with respect to infrastructure log data, which is processed by our hosting provider under their own terms.
DICOM files may contain personal data including patient names, dates of birth, and other identifiers embedded in DICOM tags. Because this data is processed exclusively on your device and is never transmitted to or stored by Scan Instant, we do not receive or access special category data within the meaning of Article 9 GDPR.
You remain in full control of your imaging data at all times. Closing your browser tab permanently discards all loaded data.
Note on exported reports: If you use the Export Report feature, the resulting file will contain patient identifiers from the source file. Once downloaded, this data is in your custody and you are responsible for its secure handling in accordance with applicable data protection and healthcare regulations. See the User Responsibilities section of the FAQ for details.
We do not sell, share, or transfer your data to any third party. The following third-party services are involved in operating Scan Instant:
We retain no imaging data — it is never received. Browser local storage data (custom presets and the hint flag) persists on your device until you clear it. Infrastructure logs are retained according to our hosting provider's standard retention policy.
If you are located in the EU/EEA or Serbia, you have the following rights regarding any personal data we hold:
In practice, because we hold no imaging data and only minimal infrastructure logs, most of these rights will not be applicable in the typical use of Scan Instant. To exercise any right, contact us at the email address listed in Section 11.
The most significant security property of Scan Instant is architectural: because your imaging data never leaves your browser, there is no server-side attack surface for that data. HTTPS is enforced on all connections.
The application is served with strict security headers that prevent clickjacking, content-type sniffing, cross-origin data leakage, and unauthorised access to device hardware such as camera, microphone, and location.
Scan Instant is a general-purpose file viewer intended for anyone who needs to open DICOM or NIfTI files, including patients, researchers, and healthcare professionals. It is not directed at children. We do not knowingly collect data from minors. The applicable age threshold varies by jurisdiction (16 in most EU member states; lower in some countries by national law).
If we make material changes to this policy — for example, if we add analytics or server-side data processing — we will update the date at the top of this page and add an entry to the changelog below. For significant changes involving new data collection, we will implement an in-app notice rather than relying on passive date updates.
For any privacy-related questions or to exercise your data protection rights, contact the operator directly:
Vladimir Golubovic
[Email address to be added]
Serbia