Privacy Policy

Last updated: May 2025

1.Introduction

TrialClinIQ, Inc. ("we," "our," or "us") is committed to protecting your privacy and ensuring the secure handling of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical research platform and related services.

This policy applies to all users of our platform, including researchers, healthcare professionals, and institutional partners. By using TrialClinIQ, you consent to the data practices described in this policy.

2.Information We Collect

2.1 Personal Information

  • Account Information: Name, email address, phone number, professional title, institutional affiliation
  • Professional Details: Medical license number, research credentials, areas of expertise
  • Contact Information: Billing address, correspondence preferences
  • Authentication Data: Login credentials, security questions, two-factor authentication details

2.2 Clinical and Research Data

  • Trial Information: Protocol details, study parameters, recruitment criteria
  • Patient Data: De-identified participant information, eligibility assessments
  • Research Analytics: Study progress metrics, enrollment statistics, outcome data

2.3 Technical Information

  • Usage Data: Platform interactions, feature utilization, session duration
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access logs, error reports, performance metrics
  • Cookies and Tracking: Session cookies, preference settings, analytics data

3.How We Use Your Information

3.1 Service Provision

  • Operate and maintain the TrialClinIQ platform
  • Process clinical trial registrations and manage study protocols
  • Facilitate patient matching and recruitment
  • Generate analytics and reporting for research optimization

3.2 Communication and Support

  • Respond to inquiries and provide customer support
  • Send service updates, security alerts, and platform notifications
  • Deliver educational content and industry insights (with consent)
  • Process demo requests and facilitate sales communications

3.3 Legal and Security

  • Comply with applicable healthcare and data protection regulations
  • Prevent fraud, abuse, and security breaches
  • Maintain audit trails for regulatory compliance
  • Respond to legal requests and protect our rights

4.Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

  • Contractual Necessity: To perform our services under your agreement
  • Legitimate Interest: To improve our platform and ensure security
  • Legal Obligation: To comply with healthcare and research regulations
  • Consent: For marketing communications and optional features
  • Vital Interests: To protect health and safety in emergency situations

5.Data Sharing and Disclosure

5.1 We May Share Information With:

  • Authorized Research Partners: Participating institutions and investigators (with consent)
  • Service Providers: Third-party vendors who assist in platform operations
  • Regulatory Authorities: FDA, IRBs, and other oversight bodies as required
  • Legal Compliance: Law enforcement or courts when legally required

5.2 We Do Not:

  • Sell personal information to third parties
  • Share patient data without proper authorization
  • Use data for purposes unrelated to clinical research
  • Transfer data to countries without adequate protection

6.Data Security and Protection

6.1 Technical Safeguards

  • Encryption: Industry-standard encryption for data at rest and in transit
  • Access Controls: Role-based permissions and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Data Backup: Regular backups with geographic redundancy

6.2 Administrative Safeguards

  • Annual security training for all employees
  • Background checks for personnel with data access
  • Incident response procedures and breach notification protocols
  • Regular security audits and penetration testing

6.3 Compliance

  • Healthcare privacy compliance and Business Associate Agreements
  • Regular third-party security assessments
  • Alignment with applicable regulatory frameworks for electronic records

7.Data Retention and Deletion

7.1 Retention Periods

  • Account Data: Retained for the duration of your account plus applicable regulatory periods
  • Clinical Trial Data: Retained according to applicable regulatory requirements
  • Financial Records: Retained as required for tax and audit purposes
  • Marketing Data: Retained until consent is withdrawn

7.2 Deletion Process

Upon retention period expiry or valid deletion request, data is securely deleted using industry-standard methods within a reasonable timeframe.

8.Your Privacy Rights

8.1 Universal Rights

  • Access: Request copies of your personal information
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request removal of your data (subject to legal requirements)
  • Portability: Receive your data in a machine-readable format

8.2 Additional GDPR Rights (EU Residents)

  • Restriction: Limit processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdrawal: Withdraw consent for specific processing activities
  • Complaint: Lodge complaints with your local data protection authority

8.3 CCPA Rights (California Residents)

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information (with exceptions)
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights

9.Cookies and Tracking Technologies

9.1 Types of Cookies We Use

  • Essential Cookies: Required for platform functionality and security
  • Performance Cookies: Analytics to improve user experience
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Deliver relevant content (with consent)

You can manage cookie preferences through your browser settings or our cookie consent banner.

10.International Data Transfers

TrialClinIQ operates globally and may transfer data across borders. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to approved countries
  • Binding Corporate Rules for intra-group transfers
  • Explicit consent for transfers where required

11.Children's Privacy

TrialClinIQ is designed for professional use by healthcare providers and researchers. We do not knowingly collect personal information from children under 16 without appropriate consent mechanisms. Pediatric research data is handled according to additional safeguards and parental consent requirements.

12.Third-Party Integrations

Our platform may integrate with third-party services including:

  • Electronic Health Record (EHR) systems
  • Clinical data management platforms
  • Analytics and reporting tools
  • Communication and collaboration services

These integrations are governed by separate privacy policies and data processing agreements.

13.Data Breach Notification

In the event of a data breach that may adversely affect your privacy or security, we will:

  • Notify affected users within 72 hours of discovery
  • Report to relevant supervisory authorities as required
  • Provide details about the breach and remediation steps
  • Offer credit monitoring or other protection services if appropriate

14.Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our platform
  • 30-day advance notice for significant changes

Your continued use of TrialClinIQ after changes become effective constitutes acceptance of the updated policy.

15.Contact Information

For questions, concerns, or to exercise your privacy rights, contact us:

Email: privacy@trialcliniq.com

Response Time: We respond to privacy requests within 30 days