SPINAL

Privacy Policy

Effective April 29, 2026

Spinal (the “Service”) is operated by SPINE DAO, an association (Verein) organized under Articles 60 et seq. of the Swiss Civil Code (ZGB), with registered office at c/o MJP Partners AG, Bahnhofstrasse 20, 6300 Zug, Switzerland (“SPINE DAO,” “we,” “our,” or “us”). SPINE DAO is a non-profit association whose stated purpose is to fund impactful spine-care research that benefits patients and drives industry innovation. The Service is a private professional network for spine surgeons and adjacent clinicians and researchers, available at spinal.science and through our iOS and Android applications. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

Spinal is not a medical device and is not intended to provide medical advice, diagnosis, or treatment. Do not post protected health information (PHI) or anything that could identify a patient. See Terms of Service for details.

1. Information we collect

Account information (from you and your identity provider)

When you sign up, we authenticate you through Auth0 (Okta, Inc.), which also supports Sign in with Apple and Google. We receive your name, email address, profile picture (if any), and a unique identifier from your identity provider. You may also provide your professional credentials (specialty, institution, position, license details, ORCID, PubMed link, short bio) to support manual verification.

Content you create

Vincent (AI assistant) queries

When you use Vincent, your question is sent to a third-party large language model provider (currently Groq, Inc.) along with limited context needed to answer it. We do not include your account identity in those requests. Do not include PHI or patient identifiers in Vincent queries.

Device and usage information

Wallet / $SPINE features (optional)

Some accounts may opt into a non-monetary wallet feature used for reputation badges and community recognition. If enabled, we store a public Solana wallet address you provide. We never custody funds, do not solicit payment, and make no representation that any token has investment value. These features are gated by feature flags and may be disabled or removed at any time.

2. How we use information

3. Sharing

We do not sell your personal information. We share information only with service providers needed to run the Service:

We may disclose information if required by law, to protect the safety of our users, or in connection with a merger, acquisition, or sale of assets (with notice to you where legally required).

4. Retention and deletion

5. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal information, to object to or restrict our processing, and to withdraw consent. To exercise these rights, contact our Data Protection Contact, Vincent Challier (President of SPINE DAO), at privacy@spinal.science. We will respond within the time frame required by applicable law.

If you live in Switzerland, the EEA, or the UK and believe we have not handled your personal information appropriately, you may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.

6. Children

The Service is intended for medical professionals and adult researchers. It is not directed to children under 18 and we do not knowingly collect personal information from them.

7. International transfers

SPINE DAO is established in Switzerland and the Service is operated from Switzerland. To deliver the Service we rely on processors based in the United States and other jurisdictions (see Section 3). By using the Service, you understand that your information may be processed in Switzerland, the United States, and other countries whose data protection laws may differ from those of your country of residence. Where required by Swiss law or the GDPR, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

8. Security

We use industry-standard encryption in transit (TLS) and at rest, scoped access controls, and audit logging. No service can guarantee absolute security; please choose a strong password and keep your device secure.

9. Changes to this policy

If we make material changes, we will notify you in-app or by email at least 7 days before they take effect. Continued use after the effective date constitutes acceptance.

10. Contact

Postal address: SPINE DAO, c/o MJP Partners AG, Bahnhofstrasse 20, 6300 Zug, Switzerland.