jst/medics
Back to blog

Privacy and Health Data: How PonD3 Protects Patient Information

PonD3 Team
privacyGDPRsecurity

A responsibility, not just an obligation

In medical imaging, data protection is not simply a regulatory requirement - it is a responsibility toward the patients whose exams are processed. PonD3 was designed from the beginning with privacy as an architectural principle, not as an add-on feature.

Automatic anonymization

The first and most important protection level is automatic anonymization of DICOM data. As soon as CT images are uploaded to the platform, a dedicated script removes all identifying information:

  • Patient first and last name
  • Date of birth
  • Patient ID
  • Accession number
  • Any other identifying metadata in the DICOM header

This happens before files are processed by our algorithms. In practice, JST 3D S.r.l. and PonD3 never access patients' personal data.

Regulatory compliance

Our platform is designed to comply with:

GDPR (General Data Protection Regulation)

  • Processing limited to the specific purpose of 3D reconstruction
  • No profiling or retention for secondary purposes
  • Right to erasure automatically guaranteed through scheduled deletion

AI Act (European Regulation on Artificial Intelligence)

  • Transparency on how segmentation algorithms work
  • Mandatory human supervision in the clinical review process
  • Documentation of the model validation lifecycle

ISO standards for healthcare security

  • Encryption of data in transit and at rest
  • Role-based access control
  • Traceability of data operations

Data lifecycle

Every piece of data entering the PonD3 platform follows a defined and transparent path:

  1. Upload: DICOM images are uploaded through an encrypted connection
  2. Anonymization: immediate removal of all identifying metadata
  3. Processing: AI segmentation and 3D model generation
  4. Review: clinical validation of the model
  5. Delivery: the model is made available in the user's private dashboard
  6. Temporary access: the user can view the model for 30 days
  7. Deletion: after 30 days, all data is permanently deleted from our systems

No software to install

A frequently overlooked aspect of security is the attack surface. Requiring local software installation introduces potential vulnerabilities on user devices. PonD3 runs entirely in the browser - no downloads, no installation, no local data storage.

Frequently asked privacy questions

Is data used to train AI? No. Uploaded data is used only for the requested reconstruction and is then deleted.

Who can view my 3D model? Only the user who submitted the request can access the model through their authenticated private dashboard.

What happens after 30 days? All data - anonymized DICOM images, segmentation masks, and 3D models - is permanently deleted from our servers.

Privacy as a competitive advantage

In a field where trust is essential, transparency in data management is not only a duty: it is a value. PonD3 proves that it is possible to deliver advanced technology without compromising health data security.