Privacy Policy

Last updated: January 2025

Introduction

At ClinicalCompass ("we," "our," or "us"), operated by Kuma Bio, we are committed to protecting your privacy and ensuring the security of your personal health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical trial matching platform.

Information We Collect

We collect several types of information to provide and improve our services:

  • Personal Information: Name, email address, date of birth, and contact details
  • Health Information: Medical records, pathology reports, genomic data, diagnosis information, and treatment history
  • Account Information: Login credentials and account preferences
  • Usage Data: How you interact with our platform, including pages visited and features used

Google User Data Practices

Data Accessed:

When you sign in with Google, we access only the following information: your email address and basic profile information (name and profile picture). We request the minimum scopes necessary: 'openid', 'email', and 'profile'. We do not access your Google Drive, Gmail, Calendar, Contacts, or any other Google services.

Data Usage:

We use your Google data solely to: (1) create and authenticate your ClinicalCompass account, (2) display your name within the application, and (3) send you important notifications about your clinical trial matches and account. Your Google account credentials are never stored on our servers—authentication is handled securely through Google's OAuth 2.0 protocol.

Data Sharing:

We do not sell, rent, or share your Google user data with any third parties. Your Google account information is never shared with clinical trial sponsors, research institutions, or any external parties. Google data is used exclusively for account authentication and in-app identification.

Data Storage & Protection:

Your Google email and profile name are stored in our encrypted database using 256-bit AES encryption. Google OAuth tokens are stored securely and are never exposed to client applications. We do not store your Google password.

Data Retention & Deletion:

Your Google user data is retained only while your account is active. You can delete your account and all associated Google data at any time through Settings > Delete My Account, or by emailing privacy@clinicalcompass.io. Upon account deletion, your Google user data is permanently removed from our systems within 30 days.

How We Use Your Information

We use the information we collect for the following purposes:

  • To match you with relevant clinical trials based on your medical profile
  • To process and analyze your medical documents using AI technology
  • To communicate with you about potential trial matches and platform updates
  • To improve our matching algorithms and platform functionality

HIPAA Compliance

ClinicalCompass is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). We implement administrative, physical, and technical safeguards to protect your Protected Health Information (PHI).

We will never sell your health information to third parties. Any sharing of your data for research purposes requires your explicit consent and is done only with de-identified information.

Data Security

We implement industry-leading security measures to protect your data:

  • 256-bit AES encryption for data at rest and in transit
  • SOC 2 Type II certified infrastructure
  • Regular security audits and penetration testing

Data Retention

We retain your personal and health information for as long as your account is active or as needed to provide services. You may request deletion of your data at any time through your account settings or by contacting us directly.

Your Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access your health information and request copies
  • Request corrections to inaccurate information
  • Request deletion of your data
  • Receive a record of how your information has been shared

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Kuma Bio

Email: privacy@clinicalcompass.io

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.