Privacy Policy
1. Introduction
The explanations and information provided on this page are only general and high-level explanations and information on how to write your own document of a Privacy Policy. You should not rely on this article as legal advice or as recommendations regarding what you should actually do, because we cannot know in advance what are the specific privacy policies you wish to establish between your business and your customers and visitors. We recommend that you seek legal advice to help you understand and to assist you in the creation of your own Privacy Policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your name, email address, company name, phone number, and password.
2.2 Customer Data
You upload pharmacovigilance documents and adverse event data to the Services ("Customer Data"). Customer Data may include personal information such as patient initials, age, gender, medical history, adverse events, reporter information, and healthcare provider details. You control what Customer Data you upload, and you retain all ownership rights.
2.3 Usage Information
We automatically collect information about how you use the Services, including IP addresses, browser types, device information, pages viewed, features used, time spent, and clickstream data.
2.4 Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to enhance functionality, analyze usage, and remember your preferences. You can control cookies through your browser settings, but disabling cookies may limit some features.
3. How We Use Your Information
3.1 To Provide Services
We use your information to operate the platform, process Customer Data per your instructions, generate E2B(R3) files, provide case management tools, and deliver customer support.
3.2 To Improve Services
We analyze aggregated, anonymized usage data to improve platform functionality, develop new features, and enhance user experience. We do not use Customer Data for these purposes.
3.3 To Communicate
We send service-related announcements, security alerts, product updates, and respond to your inquiries. You may opt out of marketing communications but cannot opt out of essential service notifications.
3.4 For Security and Compliance
We use information to detect fraud, prevent unauthorized access, enforce our Terms of Service, and comply with legal obligations including regulatory audits and law enforcement requests.
4. How We Protect Your Information
4.1 Security Measures
We implement industry-standard security controls including AES-256 encryption at rest, TLS 1.3 encryption in transit, multi-factor authentication, role-based access control, regular security audits, and 24/7 monitoring. We maintain ISO 27001:2022 and SOC 2 Type II certifications.
4.2 Data Isolation
Each customer receives a dedicated, isolated environment. Customer Data is never shared across tenants or used for cross-customer purposes.
4.3 Data Location
All data is hosted exclusively in European Union data centers (Ireland and Frankfurt). We do not transfer data outside the EU unless you explicitly request it and we implement appropriate safeguards.
4.4 Employee Access
Access to Customer Data is restricted to authorized personnel who require it to provide Services and who are bound by confidentiality obligations.
5. Data Retention and Deletion
5.1 Sandbox Data
Free trial sandbox data is automatically deleted after 10 days. You can delete sandbox data at any time through the user interface.
5.2 Production Data
We retain production Customer Data for the duration of your subscription plus any applicable regulatory retention period (typically 10 years for pharmacovigilance data). You may request deletion at any time.
5.3 Account Data
We retain your account information for the duration of your subscription. After termination, we retain account data for legal and audit purposes for up to 7 years.
5.4 Deletion Process
To request data deletion, contact support at theralyze.ai or use the deletion function in your account settings. We will complete deletion within 30 days and provide written confirmation upon request.
6. How We Share Your Information
6.1 No Selling
We do not sell, rent, or trade your personal information or Customer Data to third parties for marketing purposes.
6.2 Service Providers
We share information with trusted service providers who assist in operating our platform, including Amazon Web Services (cloud hosting) and AI service providers (model inference only - no training on Customer Data). All service providers are contractually obligated to protect your information and use it only for authorized purposes.
6.3 Legal Requirements
We may disclose information when required by law, court order, subpoena, or government authority, or when necessary to protect our rights, prevent fraud, or ensure safety. Where legally permitted, we will notify you before disclosure.
6.4 Business Transfers
If TheraLyze is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice and ensure the acquiring entity honors this Privacy Policy.
6.5 With Your Consent
We may share information with third parties when you explicitly consent or direct us to do so.
7. Your Rights and Choices
7.1 Access and Correction
You may access, review, and update your account information at any time through your account settings or by contacting support at theralyze.ai.
7.2 Data Portability
You may export Customer Data in E2B(R3) XML format at any time through the platform.
7.3 Deletion
You may request deletion of your account and Customer Data at any time. We will complete deletion within 30 days, subject to legal retention requirements.
7.4 Objection and Restriction
You may object to or request restriction of certain data processing activities by contacting dpo at theralyze.ai.
7.5 GDPR Rights (EU Users)
If you are in the European Union, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.
7.6 CCPA Rights (California Users)
If you are a California resident, you have rights under the California Consumer Privacy Act including the right to know what personal information we collect and to request deletion. We do not sell personal information.
8. Children's Privacy
The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately at privacy at theralyze.ai.
9. International Data Transfers
Our Services are hosted in the European Union. If you access the Services from outside the EU, your information will be transferred to and processed in the EU. We implement appropriate safeguards including Standard Contractual Clauses where required.
10. AI and Automated Decision-Making
We use AI to extract and process pharmacovigilance data from documents. All AI outputs include confidence scores and are subject to human review before use. You maintain control over all final decisions. We do not use Customer Data to train AI models. Customer Data is processed by pre-trained models solely to provide Services to you.
11. Third-Party Links
The Services may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last Updated" date. For significant changes, we will provide notice via email or prominent notice in the Services at least 30 days before the changes take effect. Your continued use after changes constitutes acceptance.
13. Contact Us
For questions about this Privacy Policy or to exercise your rights, contact us at:
Email: privacy at theralyze.ai
Data Protection Officer: dpo at theralyze.ai
Security Issues: security at theralyze.ai
Mailing Address:
TheraLyze Inc.
4695 Chabot Dr Suite 200
Pleasanton, CA 94588
United States
EU Representative: Stefan.