Privacy Policy for EvidenceSync

Last Updated: April 1, 2025

This Privacy Policy describes how EvidenceSync ("we," "our," or "us") collects, uses, protects, and processes your information when you use our enterprise integrated evidence planning platform ("Service"). This policy is designed for pharmaceutical, biotechnology, and life sciences organizations ("Clients") and their authorized users. By accessing or using the Service, you acknowledge that you have read and understand this Privacy Policy.

1. Information We Process

1.1. Enterprise Account Information: We collect and process organizational information including company name, business address, billing information, and contact details of authorized representatives and administrators.

1.2. Authorized User Information: We collect and process business contact information of authorized users, including name, corporate email address, job title, department, and authentication credentials.

1.3. Evidence Planning Data: Our platform processes information related to pharmaceutical evidence planning, including but not limited to asset data, clinical endpoints, study designs, regulatory planning documents, and other proprietary information required for evidence strategy development.

1.4. Platform Usage Data: We collect technical information about how authorized users interact with our platform, including log data, access times, features used, and system performance metrics.

2. Data Processing Purposes

2.1. We process your information to provision, maintain, and improve the Service in accordance with our contractual obligations.

2.2. We analyze platform usage patterns to optimize system performance, enhance user experience, and develop new capabilities aligned with industry requirements.

2.3. Evidence planning data is processed to deliver our core analytical services, including AI-powered insights, gap analysis, and strategic recommendations.

2.4. We use enterprise account information for administrative purposes, including billing, service notifications, and critical security alerts.

3. Data Sharing and Third-Party Processors

3.1. We do not sell, rent, or otherwise commercialize Client data under any circumstances.

3.2. We may engage enterprise-grade third-party service providers to perform functions on our behalf (e.g., cloud infrastructure, security services, analytics). All such providers are bound by strict confidentiality and data protection agreements.

3.3. We may process anonymized and aggregated data for industry benchmarking purposes, subject to contractual restrictions and with appropriate statistical controls to prevent re-identification.

3.4. Where required by law, we may disclose information to regulatory authorities, law enforcement agencies, or in connection with legal proceedings.

4. Data Security and Compliance

4.1. We implement enterprise-grade technical, administrative, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information, including encryption at rest and in transit, access controls, and security monitoring.

4.2. Our security program incorporates industry best practices and undergoes regular third-party assessments and penetration testing.

4.3. While we maintain robust security measures, no electronic transmission or storage system can guarantee absolute security. We continuously evaluate and enhance our controls to address emerging threats.

4.4. We maintain a comprehensive Information Security Management System aligned with industry standards such as ISO 27001 and SOC 2.

5. Cross-Border Data Transfers

5.1. EvidenceSync primarily processes data in secure facilities located in the United States and the European Union.

5.2. Any cross-border transfers of personal data are conducted in compliance with applicable data protection laws, including the use of approved transfer mechanisms such as Standard Contractual Clauses when transferring data from the European Economic Area.

5.3. Enterprise clients may specify geographic restrictions on data processing in their Master Service Agreement.

6. Data Retention and Disposal

6.1. We retain Client data for the duration of the service agreement and for a defined period thereafter as specified in the applicable Master Service Agreement.

6.2. Upon contract termination, Clients may request the return or secure deletion of their data in accordance with the terms of their service agreement.

6.3. We maintain documented procedures for secure data disposal that align with industry standards (e.g., NIST 800-88).

7. Your Rights and Choices

7.1. Client administrators may access, correct, or update enterprise account information and user authorizations through the administrative interface.

7.2. Clients maintain control over their evidence planning data and may export, modify, or delete such information subject to the capabilities of the platform.

7.3. Individual authorized users may manage their notification preferences through their account settings.

8. Changes to this Privacy Policy

8.1. We may modify this Privacy Policy from time to time, with notice provided to Client administrators prior to material changes taking effect.

8.2. Historical versions of this Privacy Policy are available upon request.

9. Contact Information

9.1. For questions regarding this Privacy Policy or our data practices, please contact:

Privacy Office
EvidenceSync
Email: privacy@evidencesync.ai
Phone: +1 (800) 555-0123

9.2. For urgent data security matters, please contact security@evidencesync.ai.