1. Data Controller
The data controller for personal information collected through this website is:
MedX SpA (operating as TensorCare)
Santiago, Chile
Contact for data protection matters: javier@tensor.care
TensorCare is a Chilean medtech company developing TensorCare AVM, an AI-based Software as a Medical Device (SaMD) platform for quantitative knee cartilage diagnostics. This website serves as an institutional and commercial presence for the company.
2. Scope and Critical Exclusions
2.1 Scope
This policy applies to personal information collected when you visit www.tensor.care (the "Website"), submit a contact or registration form, or communicate with us by email or other means in connection with the Website.
2.2 No Patient Data — Explicit Exclusion
This website does not form part of the TensorCare AVM clinical workflow. No patient data, medical records, imaging data, diagnostic information, or any health data of any kind is collected, processed, transmitted, or stored through this Website under any circumstances. TensorCare AVM processes MRI sequences exclusively within institutional clinical environments under separate data processing agreements. If you have questions about data handling within a clinical deployment of TensorCare AVM, please contact us directly.
2.3 HIPAA Notice
TensorCare does not operate as a HIPAA Covered Entity or Business Associate through this Website. No protected health information (PHI) is handled through this Website. Nothing in this policy should be construed as creating any obligation under the Health Insurance Portability and Accountability Act (HIPAA).
3. Personal Data We Collect and Why
3.1 Information You Provide Voluntarily
When you submit a contact or registration form on this Website, we collect:
Full name
Email address
Professional institution or organization
Professional role or specialty
Any additional information you choose to include in a free-text field
We do not collect payment information, identification documents, or any special category of personal data through this Website.
3.2 Technical and Log Data
Our web hosting infrastructure may automatically record standard server log data when you visit the Website, including IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is collected at the infrastructure level for security and operational purposes and is not used for profiling or behavioral analytics.
3.3 Data We Do Not Collect
We do not collect:
Patient or health-related data of any kind
Behavioral analytics data (no tracking or analytics tools are deployed — see Cookie Policy)
Location data beyond what is implicit in an IP address
Social media profile information
Data from third-party advertising networks
4. Legal Basis for Processing
4.1 GDPR Lawful Basis (EU/EEA Visitors)
For each processing activity, the applicable GDPR lawful basis is:
| Processing Activity |
Purpose |
GDPR Lawful Basis |
| Processing contact form submissions |
Responding to professional inquiries; delivering requested materials |
Art. 6(1)(b) — necessary to take steps at your request; Art. 6(1)(f) — legitimate interest in professional communication |
| Clinician registration for study updates or product information |
Maintaining professional correspondence; providing access to clinical results |
Art. 6(1)(b) — performance of a pre-contractual or professional relationship; Art. 6(1)(f) — legitimate interest |
| Processing server log data |
Security monitoring; infrastructure management; fraud prevention |
Art. 6(1)(f) — legitimate interest in protecting the Website and its users |
| Compliance with legal obligations |
Responding to lawful regulatory or legal requests |
Art. 6(1)(c) — compliance with a legal obligation |
4.2 US Visitors
TensorCare does not sell or share personal information within the meaning of applicable US state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). No personal data collected through this Website is used for targeted advertising, sold to data brokers, or shared with third parties for commercial purposes. US visitors may exercise the rights described in Section 8 below by contacting javier@tensor.care.
6. Third-Party Disclosure
TensorCare does not sell, rent, trade, or otherwise share personal data collected through this Website with third parties for commercial, marketing, analytics, or advertising purposes.
Personal data may be disclosed to third parties only in the following limited circumstances:
- Service providers and infrastructure partners who process data strictly on our behalf and under appropriate data processing agreements (e.g., web hosting providers). Such processors are contractually required to protect data and use it only for the purposes we specify.
- Where required by applicable law, regulation, or a binding order from a competent authority (e.g., a court, regulator, or law enforcement agency), and only to the extent required.
- In the event of a corporate restructuring, merger, or acquisition, where personal data may be transferred to a successor entity, subject to appropriate notice to data subjects.
In all cases, disclosure is limited to what is strictly necessary and is subject to appropriate safeguards.
7. International Data Transfers
TensorCare is based in Chile. If you are located in the European Economic Area (EEA) or another jurisdiction with restrictions on cross-border data transfers, please be aware that your personal data may be transferred to and processed in Chile.
For transfers of EEA personal data, we rely on the European Commission's adequacy decisions where applicable, or on Standard Contractual Clauses (SCCs) approved under GDPR Article 46, or on other appropriate safeguards. If you would like further information about the safeguards in place for international transfers, please contact us at javier@tensor.care.
8. Your Rights as a Data Subject
8.1 GDPR Rights (EU/EEA Residents)
We retain personal data only for as long as necessary for the purposes described in this Policy, and in accordance with applicable law.
- Right of access (Art. 15): You may request a copy of the personal data we hold about you and information about how we process it
- Right to rectification (Art. 16): You may ask us to correct inaccurate data or complete incomplete data.
- Right to erasure / 'right to be forgotten' (Art. 17): You may request deletion of your personal data where it is no longer necessary, where you have withdrawn consent, or where processing is unlawful.
- Right to restriction of processing (Art. 18): You may ask us to restrict processing in certain circumstances, such as while accuracy is contested.
- Right to data portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you may receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
- Rights related to automated decision-making (Art. 22): We do not make decisions based solely on automated processing that produce legal or similarly significant effects. No such processing is conducted through this Website.
- Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at javier@tensor.care. We will respond within 30 days (extendable by two months for complex requests, with notice). We will not charge a fee for reasonable requests.
If you are located in the EU/EEA and believe we have not adequately addressed your request, you have the right to lodge a complaint with your local data protection supervisory authority.
8.2 US Visitors
US visitors, including California residents, may request to know what personal information we hold about them, request deletion of that information, and confirm that their information is not sold or shared. To exercise these rights, contact javier@tensor.care. We do not discriminate against individuals for exercising their privacy rights.
9. Security Measures
TensorCare implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption in transit (HTTPS/TLS) for all Website communications
- Access controls limiting internal access to personal data on a need-to-know basis
- Infrastructure hosted with reputable providers operating under industry-standard security certifications
- Regular review of security practices as part of our information security governance framework
No method of transmission over the Internet is completely secure. While we apply reasonable safeguards, we cannot guarantee absolute security. In the event of a personal data breach that poses a risk to data subjects' rights and freedoms, we will notify affected individuals and, where required, the relevant supervisory authorities within the timeframes prescribed by applicable law.
10. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or operational circumstances. When we make material changes, we will update the effective date at the top of this document and, where appropriate, provide notice on the Website or by email to contacts who have submitted their details through the Website. Your continued use of the Website after an update constitutes acceptance of the revised Policy.
