Privacy Policy

We collect only the information necessary to operate the Services and support your clinical research activities. Categories of information include:

• Account & profile data — name, email, role, organization, contact details, and authentication credentials.
• Study data — eCRF entries, queries, source data, audit logs, electronic signatures, and study configuration metadata.
• Device & usage data — IP address, browser type, device identifiers, language, time zone, session duration, and feature interactions.
• Compliance & security data — login attempts, access trails, electronic signature events, and security incident records.
• Support communications — messages you send to support, feedback, and survey responses.

• Provide secure access to the EDC platform and authenticate users.
• Support clinical research activities, eCRF lifecycle, and regulatory submissions.
• Improve platform performance, reliability, and user experience through analytics.
• Send operational notices — maintenance windows, audit findings, compliance alerts.
• Detect and prevent unauthorized access, fraud, or platform misuse.
• Comply with legal obligations and regulatory inspections (FDA, EMA, ICH GCP).

Where applicable (for example under GDPR), we process personal data on the following grounds:

• Contract — to deliver the Services agreed in our Master Services Agreement and study Data Processing Addenda.
• Legal obligation — to meet 21 CFR Part 11, ICH GCP, HIPAA, and other applicable regulations.
• Legitimate interests — to secure the platform, prevent abuse, and improve product quality.
• Consent — where we ask for it explicitly (for example, optional analytics or marketing communications).

We implement layered, industry-standard safeguards aligned with ISO 27001 controls:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls, MFA, and least-privilege provisioning.
• Immutable audit trails covering data entry, modification, and deletion events.
• Encrypted backups, regional redundancy, and tested disaster-recovery procedures.
• Routine vulnerability scanning, penetration testing, and secure SDLC practices.

We do not sell, rent, or trade your personal or study data. Limited disclosures may occur with:

• Authorized study personnel — sponsors, CROs, investigators, and monitors as defined by your study protocol.
• Regulatory authorities — when required for inspections, audits, or legal proceedings.
• Trusted sub-processors — vetted hosting, monitoring, and infrastructure providers under strict contractual safeguards.
• Mergers or acquisitions — with notice and continuity of equivalent privacy protections.

Your data may be processed in jurisdictions other than your own to support global trial operations. Where required, we rely on Standard Contractual Clauses, adequacy decisions, or equivalent safeguards to protect cross-border transfers.

Customers can request information about specific data localization options for regulated regions through their account manager.

We retain data only as long as necessary to fulfill research, contractual, legal, and regulatory obligations — including retention periods mandated by 21 CFR Part 11 and ICH GCP for trial master files and source records.

Once retention requirements expire, data is securely archived, anonymized, or destroyed in accordance with documented procedures.

Depending on your jurisdiction, you may exercise the following rights, subject to study and regulatory constraints:

• Access — request a copy of your personal information held by QuantClinica.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion when retention obligations no longer apply.
• Restriction or objection — limit processing in specific circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Lodge a complaint — with your local data protection authority.

We use a minimal set of cookies and equivalent technologies to keep you signed in, remember your preferences, and measure basic platform health. We do not use advertising cookies on the EDC platform.

You can manage cookie preferences through your browser. Disabling essential cookies may affect login and session continuity.

We may update this Privacy Policy from time to time to reflect changes in regulations, services, or operational practices. The "Last updated" date at the top of this page indicates when the latest revision took effect.

Material changes will be communicated via in-product notifications or email to administrators.

For questions about this Privacy Policy, your data, or to exercise any of your rights, please reach out:

• Email — admin@quantclinica.com
• Security — security@quantclinica.com
• Address — Nawada, New Delhi, India