Terms of Service
EFFECTIVE DATE: 5th December 2024
Welcome to RETIMERGE, a product of ERA Ophthalmica!
By accessing or using RETIMERGE, you agree to comply with these Terms of Service. Please read them carefully before using the software.
Retimerge is a service of ERA Ophthalmica Srl, an Italian limited company, incorporation number 04292960244, having its registered offices at Strada Pelosa 183, Vicenza, 36100, Italy.
ERA Ophthalmica disclaims all liability for any misuse of the software or the data it produces. By accepting these Terms of Service, you agree to release ERA Ophthalmica from any claims related to such misuse.
ACCESSING AND USING RETIMERGE
Retimerge is designed for Eye Care professionals and affiliates, including Ophthalmologists, Optometrists, Opticians, Eye Care students, nurses, and related fields. We may delete accounts that do not meet these criteria.
Uploaded data must be Retina images, such as Fundus Images or OCT scans. Retimerge cannot be used for storing or processing other types of data. While we respect your privacy and do not access your uploads, if we discover non-retina images, we may remove them without notice and, if necessary, delete your account.
You need an account to use Retimerge. Your account must have accurate information, and you should update it if anything changes. It’s for your personal use only — don’t share your login or let others use it. You’re responsible for all activity on your account, including any linked End User Accounts. Selling, leasing, or sharing access is not allowed. If you suspect unauthorized use, please contact us immediately at info@eraophthalmica.com.
WHAT IS RETIMERGE
Retimerge provides technology and services to enable Eye Care Providers to enhance the presentation of Retina Images. Using a combination of different algorithm and optimization technologies, RETIMERGE aligns, transforms, and merges fundus and OCT images to achieve optimal overlap, enabling seamless comparison and dynamic presentations.
Examples of use of Retimerge:
- Automatic alignment of fundus images of the same eye taken with different fundus cameras or technologies, for example aligning a Wide Field image with a traditional image, aligning a color photo with an autofluorescence.
- Automatic alignment of fundus images of the same eye taken at different times, to follow the evolution of a pathology.
- Create a video composed of OCT images of the same eye taken at different times, to follow the evolution of a pathology.
Retimerge provides a platform to access public and open-source image processing algorithms, including Scale Invariant Feature Transform (SIFT), Semi-Supervised Keypoint Detector and Descriptor for Retinal Image Matching (SUPERETINA), and the OpenCV computer vision library. Retimerge is not affiliated with or endorsed by the developers of these algorithms and has no direct interest in their development or distribution.
RETIMERGE IS NOT A MEDICAL DEVICE
Retimerge is not a medical device and must not be used for diagnosis, treatment, or any medical application. The images and videos generated by Retimerge are for illustrative and presentation purposes only and are not intended for clinical decision-making.
Retimerge uses computational algorithms that may introduce artifacts or result in the loss of medical information. ERA Ophthalmica is not responsible for any inaccuracies, alterations, or misinterpretations arising from the use of the software.
RETIMERGE IS A BETA SOFTWARE
Retimerge by ERA is currently in beta testing. By using this software, you acknowledge that it may contain bugs, errors, or other issues. These may include data loss, unintended data exposure, or catastrophic events such as total service failure. You agree to use the software at your own risk.
As part of the beta phase, you agree to receive essential maintenance emails regarding service status, critical updates, and necessary operational notices, regardless of your privacy preferences. These emails are strictly limited to technical and service-related communications.
IMAGE STORAGE OPTIONS
Retimerge offers you control over how your uploaded retinal images are stored:
- Save My Images for Future Access: Your original uploaded images will be securely stored on our servers, enabling quick and convenient access during future sessions. This facilitates seamless viewing and retrieval whenever you use the application.
- Don’t Save My Images for Enhanced Privacy: If you prefer not to store your medical images, you can choose this option. All features remain fully accessible, but your images will be deleted upon logout and permanently removed from our systems within 24 hours to ensure your privacy.
Please note that merged images or videos are never saved and are automatically and permanently destroyed within 24 hours, regardless of your storage choice.
You can change your storage preference at any time in your account settings, including deleting all stored images permanently on the spot.
We continuously monitor and enhance our security practices to safeguard your data.
DATA STORAGE AND SECURITY
We utilize reputable third-party services to manage and store your data securely:
Fly.io: Our application is hosted on Fly.io, which provides a secure and compliant platform for deploying applications. Fly.io is SOC2 Type 2 attested and offers HIPAA Business Associate Agreements (BAAs) for customers with HIPAA compliance needs.
Fly.io has robust and compliant security features to ensure your information remains protected:
- Encrypted Storage: All data stored on Fly.io's NVMe user volumes is secured with block-level encryption using AES-XTS, safeguarding your information against unauthorized access.
- Private Networking: Fly.io employs a WireGuard mesh network, providing end-to-end encryption for data in transit. This ensures that communication between services remains confidential and tamper-proof.
- Hardware Isolation: Applications run inside Firecracker, a memory-safe KVM hypervisor, offering full hardware virtualization. This design provides strong isolation between workloads, enhancing overall security.
- Default-Deny Public Networking: With Fly.io's default-deny approach, applications are not exposed to the public internet unless explicitly configured. This minimizes potential attack surfaces and unauthorized access.
- Access Controls: Fly.io provides features such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to manage and restrict access to applications and data, ensuring only authorized personnel can interact with sensitive information.
Tigris Object Storage: Your images are stored using Tigris, a globally distributed S3-compatible object storage service. Tigris allows for region-specific data storage, ensuring that your data is stored close to you for optimal performance.
We prioritize the security and privacy of your uploaded images. Retimerge uses Tigris object storage to store images, and the file names are anonymized before being saved. The association between your account, the uploaded file, and its storage location is maintained in a separate PostgreSQL database hosted on Fly.io.
All images stored on Tigris are encrypted at rest and encrypted in transit, ensuring protection against unauthorized access.
By utilizing these advanced security measures, Retimerge ensures that your data is handled with the utmost care and protection.
USER RESPONSIBILITY
While we facilitate secure storage and processing of retinal images, the data you upload may pertain to your patients. As such, you are responsible for ensuring that any patient data handled through Retimerge complies with applicable laws and regulations, including obtaining necessary consents and anonymizing data where appropriate.
MONITORING AND LOGGING
Retimerge may collect activity logs related to user actions, such as logins, image uploads, and merge actions. These logs are stored for the purpose of system performance, security, and service improvement.
DISCLAIMER OF WARRANTIES
Retimerge is provided "as is," without any guarantees. We do not make any warranties — express or implied — about its reliability, accuracy, or suitability for a specific purpose. We cannot guarantee uninterrupted, error-free, or secure service, nor can we promise that defects will be fixed. By using Retimerge, you accept these conditions and acknowledge that we are not responsible for any issues that arise.
LIABILITY
Limitation of Liability. NEITHER WE NOR ANY OF OUR AFFILIATES, EMPLOYEES, SHAREHOLDERS, LICENSORS, AGENTS, SUPPLIERS, OR SERVICE PROVIDERS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA, OR OTHER LOSSES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OUR AGGREGATE LIABILITY UNDER THESE TERMS AND ANY APPLICABLE ADDITIONAL TERMS WILL NOT EXCEED THE GREATER OF THE AMOUNT YOU PAID FOR THE SERVICE THAT GAVE RISE TO THE CLAIM DURING THE 12 MONTHS BEFORE THE LIABILITY AROSE OR 100 EUROS. THE LIMITATIONS IN THIS SECTION (LIABILITY) APPLY ONLY TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
TERMS, SUSPENSION, AND TERMINATION
Term. These Terms will commence on the earlier of (i) the date you first use the Services or (ii) the date you accept these Terms, and will continue until terminated.
Termination or Suspension. We reserve the right to suspend or terminate your account and/or your access to all or part of the Services if:
- you breach these Terms (including any applicable Additional Terms) or our policies,
- you fail to pay any fees when due,
- we need to do so in order to comply with applicable law, or
- your continued use of the Services could cause risk or harm to Retimerge, our users, or anyone else.
If you believe we have suspended or terminated your account in error, you can file an appeal by contacting us via support@retimerge.com.
Requests to terminate. You can delete your account at any time by using the feature available in your account settings or, if unavailable, via our Help Center.
Effects of termination. Termination or expiration will not affect any rights or obligations, including the payment of amounts due, which have accrued under these Terms (or any applicable Additional Terms) up to the date of termination or expiration. Upon termination or expiration of these Terms, the provisions of these Terms (or any applicable Additional Terms) that are intended by their nature to survive termination will survive and continue in full force and effect in accordance with their terms, including confidentiality obligations, payment obligations, limitations of liability, and disclaimers.
PRIVACY
Privacy Policy. We process your personal data as a data controller for the purposes of (a) providing the Services (unless you are using our Services on behalf of your business) and (b) managing your relationship with us in accordance with these Terms, including any billing, payment, or marketing activities. Our Privacy Policy explains how we collect and use personal information.
Processing Personal Data. If you use the Services to process personal data on behalf of your business, you must:
- provide legally adequate privacy notices and obtain necessary consents for the processing of personal data by the Services
- process personal data in accordance with applicable law, and
- execute our Data Processing Agreement.
CHANGES OF THESE TERMS OF SERVICE
Updates to these Terms. We may update these Terms, the Additional Terms, our Usage Policy, or our Services (including our models) from time to time. Some reasons why we might make changes to these Terms or the Services include:
- Changes to the Services, including new features or improving quality,
- Changes to the law or regulatory requirements that apply to us or the Services, or
- Security or safety reasons.
Notice. We will give you at least 30 days advance notice of changes to these Terms (including any applicable Additional Terms) that materially adversely impact you either via email or an in-product notification. All other changes will be effective as soon as we post them. If you do not agree to the changes, you must stop using our Services.
GENERAL
Assignment. Assignment. You may not assign or transfer any rights or obligations under these Terms, and any attempt to do so will be void. We may assign our rights or obligations under these Terms to any affiliate, subsidiary, or successor in interest of any business associated with our Services.
Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under these Terms (except for a failure to pay fees) if such delay or failure is due to unforeseen events beyond the reasonable control of such party.
Independent Contractors. There is no relationship of partnership, joint venture, employment, franchise, or agency created between the parties under these Terms. Neither party will have the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.
No Third-Party Rights. There are no third-party beneficiaries to these Terms.
Waivers. No waiver of any term of these Terms will be deemed a further or continuing waiver of such term or of any other term, and our failure to assert any right or provision under these Terms will not constitute a waiver of such right or provision.
Entire Agreement; Severability. Unless otherwise agreed in writing between you and Retimerge, these Terms, including our Usage Policy and any applicable Additional Terms, constitute the entire agreement between you and us concerning the Services. Any statements or comments made between you and any of our employees or representatives are expressly excluded from these Terms and will not apply to you or us, or to your access to or use of the Services. If any provision of these Terms is deemed invalid by a court of competent jurisdiction, the invalidity of such provision will not affect the validity of the remaining provisions of these Terms, which will remain in full force and effect.
Governing Law and Venue.
- (a) The laws of Italy will govern all disputes arising out of or relating to these Terms (including any applicable Additional Terms), or related Services, regardless of conflict of laws rules. These disputes will be resolved exclusively in the courts located in [City], Italy, and you and Retimerge consent to personal jurisdiction in those courts.
- (b) If you are located in another jurisdiction, you consent to the laws of Italy and the jurisdiction of its courts.
Conflicts with Additional Terms. If there is a conflict, the Additional Terms will govern for the applicable Service.
Support. Support for the Services is provided through the Help Center.
Privacy Policy
Introduction
ERA Ophthalmica (“we”, “us”, or “our”) values your privacy and is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This Privacy Policy explains how we collect, use, store, and share your information when you use Retimerge, our web platform.
By using Retimerge, you agree to the data practices described in this policy.
Information We Collect
1. Account Information
- Email address: Collected during account registration or user correspondence.
- Name: Collected when you sign in using Google OAuth (if granted).
2. Activity Data
- Login data: Time and frequency of logins.
- Image uploads: Quantity and type of uploaded images.
- Session usage: General interactions within the platform.
3. Analytics & Tracking Data
We use tools that automatically collect certain data:
- Google Analytics 4: Used only on the landing page at
https://retimerge.netto collect session statistics and usage data. - Google reCAPTCHA: Protects forms by analyzing behavioral data (e.g., mouse movements, clicks, and keypresses).
4. Cookies & Similar Technologies
Retimerge does not use its own cookies. However, third-party services such as Google Analytics (on the landing page only) and Google reCAPTCHA may place cookies or use similar technologies as part of their functionality.
How We Use Your Data
| Data Type | Purpose |
|---|---|
| Email address | To manage your account, send service updates, and (if opted in) newsletters |
| Name (from Google) | To personalize your experience (if collected via Google OAuth) |
| Activity logs | To monitor system performance, enhance security, and improve features |
| Analytics data | To improve the marketing and usability of the landing page |
Google Sign-In and OAuth
If you sign in to Retimerge using Google OAuth, we may access your name and email address from your Google account. This data is used solely for account identification and service access. We do not access or request any additional Google account data.
Google may process your data as a separate data controller; please review their policy here: https://policies.google.com/privacy.
Email Marketing & Communications
We use Brevo (formerly Sendinblue) to manage and deliver email communications. If you subscribe to updates or newsletters:
- Your email will be processed and stored securely via Brevo.
- You can unsubscribe at any time via the link in our emails.
See Brevo’s privacy policy: https://www.brevo.com/legal/privacypolicy/
Third-Party Services
We share data with the following service providers:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Fly.io | Cloud hosting infrastructure | Link |
| Tigris | Encrypted object storage | Link |
| Auth0 | Authentication | Link |
| Sentry.io | Error monitoring | Link |
| OAuth, reCAPTCHA, Analytics (landing page only) | Link | |
| Brevo | Email marketing | Link |
What We Don't Do
- We do not sell or rent your personal data.
- We do not use your data for third-party marketing.
- We do not set our own cookies; only third-party services may do so, and only on the landing page.
Data Security & Storage
- Encryption: All user data is encrypted at rest (via Tigris) and in transit.
- Hosting: Services are hosted securely using Fly.io infrastructure.
- Retention: Logs are retained for monitoring and auditing, linked only to your email address.
Your Rights Under GDPR
As a data subject, you have the right to:
- Access your personal data
- Rectify inaccuracies
- Request deletion ("right to be forgotten")
- Restrict how we process your data
- Receive a portable copy of your data
To exercise any of these rights, contact us at info@eraophthalmica.com.
Data Processing Agreement (DPA)
ERA Ophthalmica acts as both a data controller and data processor. We enter into Data Processing Agreements with each third-party service provider to ensure data protection and GDPR compliance.
Updates to This Privacy Policy
This policy may be updated from time to time. Any changes will be reflected on this page and, if substantial, communicated via email.
Contact Information
ERA Ophthalmica
Strada Pelosa 183, Vicenza, 36100, Italy
Email: info@eraophthalmica.com
Notice at Collection
This notice explains what personal information we collect, why we collect it, and how we use it, in accordance with the California Consumer Privacy Act (CCPA) and its amendment (CPRA).
Categories of Personal Information We Collect
- Email addresses (for authentication and communications)
- Usage data (e.g., visits, page views, interaction logs)
- Form submission data (from newsletter or contact forms)
Purposes of Collection
- To provide access to our platform and services
- To send product updates and important service communications
- To monitor and improve our platform performance
- To comply with legal obligations
Do We Sell or Share Your Data?
No. We do not sell or share your personal data with third parties for advertising or commercial purposes.
Learn More
For full details about how we handle your data, including your rights and choices, please refer to our Privacy Policy.
Data Processing Agreement (DPA)
INTRODUCTION
This Data Processing Agreement (DPA) is entered into between ERA Ophthalmica ("Processor") and the user ("Controller"), in compliance with GDPR.
ROLES & RESPONSIBILITIES
- Ophthalmica is both the Data Controller and Data Processor.
- Sub-processors: We engage third-party providers (Fly.io, Tigris, PostgreSQL, etc.), ensuring they comply with GDPR.
PURPOSE OF PROCESSING
Retimerge processes user-uploaded images and associated metadata for illustrative and presentation purposes only. The service is not a medical device and must not be used for diagnosis or treatment.
SECURITY MEASURES
We implement:
- Encryption at rest and in transit
- Access controls & authentication
- Data minimization principles
DATA SUBJECT RIGHTS
We provide users with tools to:
- Access, correct, or delete their data
- Choose storage preferences
- Withdraw consent at any time
DATA TRANSFERS
Data is processed within EU or GDPR-compliant jurisdictions. Transfers outside the EU comply with Standard Contractual Clauses (SCCs).
RETENTION & DELETION
- Non-saved images are deleted within 24 hours
- Users can delete their data at any time
DATA BREACH NOTIFICATION
In case of a data breach, ERA Ophthalmica will notify affected users and authorities within 72 hours, as required by GDPR.
SUB-PROCESSORS
We use the following GDPR-compliant sub-processors:
- Fly.io (Infrastructure & database)
- Tigrisdata (Object storage)
- Auth0 (Authentication)
- Sentry.io (Error monitoring)
- Brevo (Marketing emails, if opted-in)
- Make.com (Feedback email, when submitted)
GOVERNING LAW
This agreement is governed by Italian law, and any disputes shall be resolved by the courts of Italy.