Privacy Policy
EyeScan Pro
Sightic Analytics AB (“Sightic”, “we”, “our”, “us”) is committed to protecting the privacy of all individuals participating in impairment-screening sessions performed with the EyeScan Pro application. This policy explains how personal data is processed within EyeScan Pro, what information is handled, and the safeguards in place to ensure privacy and data protection.
1. Purpose of Processing
EyeScan Pro is designed to assist an operator in conducting short screening sessions to detect potential signs of impairment. The application analyzes eye and head responses in real time to generate an immediate, on-screen result. EyeScan Pro does not perform any personal identification or authentication, and no data leaves the device.
2. Information Processed
During a test session, EyeScan Pro temporarily processes:
- Facial imagery from the phone’s main camera (eyes and face region)
- Derived biometric features (pupil diameter, eyelid movement, gaze direction, head orientation)
- Device parameters such as camera ISO value (used as a proxy for lighting conditions)
- Temporary GPS coordinates displayed with the result for contextual reference
No user accounts, names, or contact information are collected. The data processed cannot be used to identify any individual once the session ends.
3. Processing Method and Retention
All processing takes place locally on the iPhone within Apple’s iOS sandbox. Data is stored only in volatile memory (RAM) while the session is running and is automatically deleted immediately after the result is displayed. No information is saved, logged, or transmitted to external servers.
4. Legal Basis
Processing is carried out under explicit consent (Articles 6 (1)(a) and 9 (2)(a) GDPR). In institutional programs (for example, employers or fleet operators), the participating organization obtains this consent before testing and provides the required privacy information to each subject. The processing is limited to what is necessary for providing the screening result and does not involve any automated decision-making with legal or similar effects.
5. How Results Are Used
The displayed result is a screening indicator only and must not be interpreted as a medical diagnosis. In institutional contexts, the organization conducting the screening is responsible for how results are used (for example, referring a person for a formal test).
6. Data Sharing and Third Parties
EyeScan Pro does not share, transmit, or upload any data. There are no third-party processors involved. All computations and temporary data remain confined to the device during the session.
7. Security Measures
- iOS sandboxing and access-control mechanisms
- RAM-only, transient processing (no persistent storage)
- Code-signing and integrity verification
- Device-management policy prohibiting the use of jail-broken devices
- Regular internal security and privacy-by-design reviews under Sightic’s ISMS
8. Data-Subject Rights
As no personal data is retained, the rights of access, rectification, and erasure are inherently fulfilled. Subjects can withdraw consent at any time by informing the operator or contacting the organization conducting the screening. For general privacy questions, individuals may also contact Sightic directly (see below).
9. Changes to This Policy
We may update this privacy policy periodically. Material changes will be communicated through the institutional program and, where required, new consent will be obtained.
10. Contact Us
Controller: Sightic Analytics AB
Address: Östra Hamngatan 26, 411 09 Gothenburg, Sweden
Email: d[email protected]