Introduction
Panaceon AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical trial protocol platform.
We comply with the General Data Protection Regulation (GDPR), implement SOC 2 security controls, and maintain HIPAA-ready infrastructure for handling sensitive clinical data.
Data Controller
Panaceon AI is the data controller responsible for your personal data. For privacy inquiries, contact us at: privacy@panaceon.ai
Information We Collect
3.1 Information You Provide
- Account information (name, email, organization)
- Protocol content you create or upload
- Communications with us
- Billing information (processed by Stripe)
3.2 Automatically Collected Information
- Device and browser information
- IP address
- Usage data and feature interactions
- Cookies and similar technologies
How We Use Your Information
We use your information to:
- Provide and improve our services
- Process your protocol documents
- Communicate with you about your account
- Ensure platform security
- Comply with legal obligations
- Analyze usage to improve our platform
Legal Basis for Processing (GDPR)
We process your data based on:
- Contract: To provide services you've requested
- Consent: Where you've given explicit permission
- Legitimate Interest: To improve our services and ensure security
- Legal Obligation: To comply with applicable laws
Data Sharing
We share data with:
- Service Providers: Cloud hosting (with DPA agreements), authentication, AI processing, email delivery
- Your Organization: Data shared within your organization's team
- Legal Requirements: When required by law or to protect rights
We do not sell your personal data to third parties.
International Data Transfers
Your data may be transferred to and processed in the United States and other countries. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) and equivalent protection measures.
Data Retention
We retain your data for as long as your account is active or as needed to provide services. After account deletion, we may retain certain data for legal compliance (e.g., billing records for 7 years). Usage data is anonymized or deleted after 2 years.
Your Rights (GDPR)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your personal data
- Restrict Processing: Limit how we use your data
- Data Portability: Receive your data in a machine-readable format
- Object: Object to certain processing activities
- Withdraw Consent: Where processing is based on consent
To exercise these rights, contact us at privacy@panaceon.ai. We will respond within 30 days.
Security
We implement enterprise-grade security measures including:
- Encryption at rest and in transit (TLS 1.3)
- Role-based access controls
- Regular security assessments and penetration testing
- SOC 2 Type II security controls
- 24/7 security monitoring
- Incident response procedures
Cookies
We use essential cookies for authentication and security. For details, see our Cookie Policy.
Children's Privacy
Our services are not intended for individuals under 18. We do not knowingly collect personal data from children.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use after changes constitutes acceptance.
Contact Us
For privacy inquiries or to exercise your rights:
Email: privacy@panaceon.ai
General inquiries: contact@panaceon.ai
Supervisory Authority
If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.