Privacy Policy

1. Introduction

SiteOperations.io ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical site management platform.

By accessing or using SiteOperations.io, you agree to the terms of this Privacy Policy. If you do not agree with the terms, please do not access the platform.

2. Information We Collect

2.1 Account Information

When you create an account or sign in, we collect:

• Full name
• Email address
• Authentication credentials (password hash or OAuth tokens)
• Role and access permissions

2.2 Clinical Operations Data

To provide our services, we process:

• Patient initials and subject IDs (no full patient names or PHI)
• Appointment schedules and status information
• Study names and visit types
• Staff assignments (CRC names, investigator assignments)
• Room assignments and facility information
• Operational notes related to appointments

2.3 Usage Information

We automatically collect:

• Log data (IP address, browser type, access times)
• Device information
• Feature usage patterns

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Authenticate users and manage access permissions
• Enable real-time status tracking and notifications
• Facilitate communication between clinical site staff
• Generate operational reports and analytics
• Send service-related communications (invitations, alerts)
• Ensure security and prevent unauthorized access
• Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

4.1 Service Providers

We use third-party services to operate our platform:

• Supabase: Database hosting and authentication
• Google: OAuth authentication (if you choose to sign in with Google)
• Resend: Transactional email delivery
• OneSignal: Push notification services
• Render: Application hosting

4.2 Within Your Organization

Information is shared with other authorized users within your clinical site or network as necessary for operational purposes.

4.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Role-based access controls
• Regular security assessments
• Secure authentication practices

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Appointment and operational data may be retained for compliance and reporting purposes as required by applicable regulations.

Upon account deletion or request, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Object to or restrict certain processing
• Data portability
• Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided below.

8. HIPAA Compliance

SiteOperations.io is designed to support clinical research operations. The platform is configured to minimize the collection of Protected Health Information (PHI). We use patient initials and subject IDs rather than full patient identifiers.

If your organization requires a Business Associate Agreement (BAA), please contact us to discuss your compliance requirements.

9. Cookies and Tracking

We use essential cookies and local storage to maintain your session and preferences. We do not use third-party advertising or tracking cookies.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@siteoperations.io
Website: https://siteoperations.io