Privacy Policy

Effective Date: 2025-05-14

Viska AI AB ("Viska", "we", "us", or "our") is committed to protecting your privacy and handling personal data in a transparent, secure, and lawful manner. This Privacy Policy describes how we collect, use, store, and protect personal data in connection with your use of our services at viska.ai (“Platform”).This policy applies to all users of the Platform, including medical professionals, clinical institutions, and research organizations.

1. Data Controller
Viska AI AB is the data controller responsible for processing personal data collected through the Platform.In jurisdictions such as the United States, Viska AI may act as a “business associate” under HIPAA when processing de-identified data on behalf of covered entities, subject to applicable agreements.

Contact Information:
Viska AI AB
℅ Epicenter, Malmskillnadsgatan 44a, 11157 Stockholm, Sweden
Email: privacy@viska.ai
Phone: +46 8 410 214 242.

2. Purpose and Legal Basis of Processing
Viska AI processes data for the following purposes:To provide access to our AI-driven research and clinical insight tools.

To support transplant-related research and development.
To improve the performance, reliability, and safety of the Platform.
To comply with applicable legal and regulatory obligations.

Legal bases under GDPR may include:
Article 6(1)(b): Processing necessary for the performance of a contract.
Article 6(1)(f): Processing based on legitimate interest (e.g., system improvement).
Article 6(1)(c): Compliance with legal obligations.
Article 9(2)(j): Processing of health-related data for scientific research purposes.

For users in the United States, Viska AI ensures compliance with HIPAA where applicable, and only processes protected health information (PHI) in accordance with business associate agreements (BAAs) or where data is fully de-identified.

3. Types of Data Processed
Depending on your use of the Platform, we may process:

User Identification Data: Name, email address, institution, user credentials.
Usage Data: Log files, access patterns, support requests.
Clinical Research Data: Pseudonymized or anonymized patient-related data, strictly for analytical purposes.
Feedback Data: Input from users to support platform improvements.

Note: Viska AI does not process directly identifiable patient data unless it has been de-identified in compliance with GDPR and HIPAA standards. Clinical or patient-related data may only be uploaded by authorized clinical or institutional users in accordance with their own legal responsibilities and institutional policies.4. Data Anonymization and PseudonymizationViska AI is designed to work primarily with anonymized or pseudonymized health data. Users are responsible for ensuring that data uploaded complies with applicable de-identification standards.

5. Data Sharing
We do not sell or rent personal data. We may share limited data with:Contracted service providers (e.g., IT hosting, analytics) under strict confidentiality.
Research partners for collaborative projects, under data processing agreements.
Regulatory authorities when required by law or applicable compliance frameworks.
All data sharing is governed by appropriate data processing agreements.

6. Data Security
Viska AI implements state-of-the-art security practices, including:End-to-end encryption (in transit and at rest)

Fine-grained access controls and role-based permissions
Secure server infrastructure
Regular audits and penetration testing
Privacy-by-design architecture

7. Data Retention
We retain personal data only as long as necessary for the purposes stated in this policy, or as required by law. De-identified research data may be stored for scientific or statistical purposes in accordance with Article 89 of GDPR.

8. International Transfers
If data is processed outside the EU/EEA, such transfers are secured using appropriate safeguards under Chapter V of the GDPR, such as Standard Contractual Clauses or adequacy decisions. For transfers from the United States to the European Union or other jurisdictions, appropriate data protection measures will also be implemented to ensure equivalent levels of privacy protection.

9. Your Rights
Under GDPR, you have the right to:Access your personal data

Rectify inaccurate data
Erase your data (“right to be forgotten”)
Restrict or object to processing
Data portability (where applicable)
Lodge a complaint with a supervisory authority

U.S.-based users may have additional rights under HIPAA, including the right to access and request correction of health information held by covered entities. Please consult your institution’s privacy office for further details.To exercise your rights, contact privacy@viska.ai.

10. Use of Cookies
Viska AI may use strictly necessary cookies to ensure basic functionality of the Platform. Additionally, with your consent, we may use cookies and local storage to remember your user-selected discipline or role (e.g., clinical specialty or research focus). This enables us to adapt the interface, content, and project environment to better align with your professional background and usage preferences.We do not use cookies for advertising or behavioral profiling. You will be informed upon access and asked for consent where applicable. You may withdraw your cookie consent at any time via your browser settings or by contacting us at privacy@viska.ai.

11. Changes to this Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any updates will be posted on this page and, where appropriate, communicated to users.

©Copyright 2025
+46 8 41021424

© Viska AI AB
c/o Epicenter Stockholm
Malmskillnadsgatan 44a
111 57 Stockholm
Sweden

Terms of Service
Privacy Policy

Visit us on