The ZODIAC platform is designed according to privacy-by-design and data minimization principles:

• All anonymization of patient identifiers occurs exclusively at the participating institute, using a fully client-side tool running in the uploader’s web browser.
• No original, partially anonymized, or identifiable patient data is ever transmitted to or processed by IAEA systems.
• Any local identity mapping or traceability files remain under sole control of the institute and are never uploaded.
• Clinical data (Excel/XLSX) is anonymized using the same deterministic rules as DICOM metadata.
• To further reduce re-identification risk while preserving analytical validity, exact dates of birth are removed, age values are generalized into 5-year ranges, and all other date fields are shifted by a small random offset applied consistently per patient.

As a result, the IAEA platform receives, stores, and processes only anonymized datasets. In accordance with GDPR Recital 26, such data is no longer considered personal data when re-identification is not reasonably possible by IAEA or any platform user, as the required mapping information is never transmitted and remains exclusively under the institute’s control.