Privacy Policy

• Account and identity information — first name, last name, username, email address, phone number, and hashed password.
• Health and medical information (sensitive) — self-reported medical conditions (name, diagnosis date, additional notes), current medications, age, sex, height, weight, and body mass index (BMI). This information is equivalent to Protected Health Information (PHI) and is treated with the highest level of protection.
• Eligibility assessment responses — your answers to AI-generated eligibility questionnaires for specific clinical trials, the resulting qualification outcome (e.g., "Likely to Qualify", "Might Qualify", "Will Not Qualify"), and the LLM-generated explanation. These responses are among the most sensitive data we store.
• Location information — your city/region, geographic coordinates (latitude and longitude), and preferred search radius, used to find trials near you. When you search for trials, your location may be transmitted to a third-party geocoding service to convert addresses to coordinates.
• Search and activity history — the conditions and trials you search for, trials you save, and trial detail pages you view.
• Contact request records — when you submit a "Contact Trial Site" request, we store your name, email, phone number, the message you sent, the trial identifier, the recipient site, and a timestamp recording your consent to share this information.
• Notification preferences — whether you have opted in to receive alerts when new trials matching your profile become available, and records of when those notifications were sent.
• Referral and preference data — how you heard about TrialFinder, your information-release preferences regarding sponsors, and your contact preferences for our email communications.

• Clinical trial sites and sponsors (with your explicit consent only) — When you complete the "Contact Trial Site" flow and confirm the consent modal, the following information is forwarded to the relevant trial site contact or, if no site contact is available, to TrialFinder's relay address for routing: your name, email address, phone number (if you provided one), the trial you are interested in, the nearest trial site to your location (facility name, city, state, and distance), and the message you wrote. This disclosure is recorded with a consent timestamp. We do not share your stored health profile, eligibility assessment results, medication list, or demographic details with sites unless you include that information in your message.
• AI language model provider (OpenAI) — To generate trial-specific eligibility questions, we transmit only de-identified information to OpenAI's API: your age, sex, and the names of your medical conditions, together with the trial's eligibility criteria text. We do not transmit your name, email address, date of birth, street address, geographic coordinates, account identifiers, or any other directly identifying information. Because the data we send is de-identified under the HIPAA Safe Harbor standard (45 CFR §164.514(b)(2)), no Business Associate Agreement with OpenAI is required for this use. You can review OpenAI's privacy policy for details on how they handle API data.
• Geocoding service — Your city, region, or address string may be transmitted to a third-party geocoding service to convert it to geographic coordinates for proximity-based trial search. We do not transmit your name, email, or health data in this request.
• Email delivery provider — Your email address and the content of confirmation and notification emails are processed by our transactional email provider to deliver messages to you and to trial sites. This provider acts as a data processor on our behalf.
• Legal and regulatory disclosures — We may disclose your information if required by applicable law, court order, or to protect the rights, safety, or property of TrialFinder or others.

• Right to access — You may view and download the personal and health information stored in your profile at any time through your account settings. For a full export of all data we hold about you (including eligibility assessments and contact records), email mail@thetrialfinder.com and we will respond within 30 days.
• Right to correction — You may update your profile information, conditions, and medications at any time through your account settings. Correcting eligibility-relevant data will automatically trigger regeneration of any saved eligibility assessments.
• Right to deletion — You may delete your account at any time through your profile settings, or by emailing mail@thetrialfinder.com. When you delete your account, the following personal data is permanently removed: your name, phone number, date of birth, height, weight, location, search radius, medical conditions, medications, eligibility assessment responses, and saved trials. We retain: (a) your email address, used as a stable identifier so we can recognize you if you choose to re-register and to support aggregate analytics; (b) records of prior "Contact Trial Site" submissions, including the consent timestamp, for at least 3 years for audit and legal-compliance purposes. If you wish your email address to also be removed, email us with that explicit request and we will process it within 30 days (note that backups may take additional time to age out).
• Right to opt out of notifications — You may opt out of trial-matching notification emails at any time by updating your notification preferences in your account settings or by clicking the unsubscribe link in any notification email.
• Right to withdraw consent — Consent to share your information with a trial site is given at the time of each "Contact Trial Site" submission. Once a contact request has been sent, we cannot recall the email already delivered to the site, but you may contact us at mail@thetrialfinder.com to request that we note your withdrawal and suppress further routing of your data to that site.
• Right to data portability — You may request a machine-readable copy of your profile data by emailing mail@thetrialfinder.com. We will provide this in a structured format (JSON or CSV) within 30 days.
• Right to complain — If you believe your privacy rights have been violated, you may file a complaint with us at mail@thetrialfinder.com. If you are a resident of the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

• Encryption in transit — All data transmitted between your browser and TrialFinder is encrypted using TLS (HTTPS).
• Encryption at rest — Your data is stored in a PostgreSQL database with encryption at rest enabled at the infrastructure level.
• Password protection — Passwords are never stored in plaintext. We use PBKDF2-SHA256 hashing with salting to protect your credentials.
• Account lockout — Accounts are temporarily locked after repeated failed login attempts to protect against brute-force attacks.
• Rate limiting — API endpoints, including eligibility assessments and contact submissions, are rate-limited to prevent abuse and unauthorized data harvesting.
• Access controls — Access to production data is restricted to authorized personnel only. Application credentials are managed via environment variables and are never hardcoded.
• Audit logging — The platform logs eligibility assessment events and contact request submissions, including user identifiers and timestamps, to support accountability and incident response.

In the event of a security breach that compromises your personal health information, TrialFinder commits to notifying affected users without unreasonable delay and, where feasible, within 60 days of discovering the breach. Notification will be sent to the email address associated with your account and will include:

• A description of what information was involved
• The date of the breach and the date it was discovered (if known)
• Steps you can take to protect yourself
• What TrialFinder is doing to investigate and remediate the incident
• Contact information for questions

This commitment is modeled on the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D). If a breach involves information you shared with a clinical trial site that is itself a HIPAA Covered Entity, that site is independently responsible for its own breach notification obligations.

• Account and profile data — Retained for as long as your account is active. You may request deletion at any time (see Section 5).
• Eligibility assessment responses — Retained until you delete your account, or until you retake an assessment (which replaces the prior record for that trial).
• Contact request records — Retained for a minimum of 3 years to support audit and compliance purposes. The consent timestamp is a legally significant record and is retained even if you request broader data deletion. We will inform you of any such retention at the time of your deletion request.
• Search history — Records of the conditions you have searched for, along with your user identifier, are retained for up to 2 years for product analytics and to improve trial-matching quality. After 2 years they are aggregated and individual-level records are deleted.
• Other analytics and event logs — Aggregated and anonymized analytics data (such as totals, trends, and counts) may be retained indefinitely. Individual-level event logs (such as eligibility-assessment start events) are retained for up to 2 years.