Privacy Policy
This policy applies to all visitors of hyphaclinical.com regardless of location, including residents of the European Economic Area, Switzerland, United Kingdom, Canada, Australia, and the United States.
1. Who we are
Hypha Clinical LLC operates hyphaclinical.com, a marketing website for our clinical trial financial management software.
Hypha Clinical LLC
8 The Green, Suite A
Dover, DE 19901
United States
Privacy contact: support@hyphaclinical.com
Data controller contact: Todd Grantham, support@hyphaclinical.com
2. What this policy covers
This policy explains what personal data we collect through hyphaclinical.com, why we collect it, how long we keep it, and what rights you have over it.
This policy does not cover:
- Data collected through the Hypha Clinical application itself (covered separately)
- Third-party websites linked from this site
3. What data we collect and why
We collect personal data only for specific, legitimate purposes. The table below explains each purpose, the data involved, the legal basis, and how long we keep it.
| Purpose | Data collected | Legal basis | Retention |
|---|---|---|---|
| Responding to demo requests and contact form submissions | Name, business email, company name, job title, message content | Legitimate interest / pre-contractual | 2 years from last contact |
| Accessing gated white papers and resource downloads | Name, business email, company name, job title, requested resource | Legitimate interest / pre-contractual | 2 years from last contact |
| Scheduling demos via HubSpot | Name, business email, calendar availability | Legitimate interest / pre-contractual | 2 years from last contact |
| Website analytics and improvement | Anonymised IP address, pages visited, browser type, referral source | Consent | 14 months, then aggregated |
| Marketing effectiveness measurement | Anonymised visit data linked to outreach campaigns | Consent | 90 days |
| Cookie consent records | Anonymised IP, browser identifier, consent timestamp and version | Legal obligation | 3 years |
| Security and fraud prevention | IP address, request logs | Legitimate interest | 30 days |
What we do not collect
- Protected health information (PHI) of any kind
- Patient data or clinical trial data
- Financial account or payment details
- Sensitive personal data as defined under GDPR Article 9
- Data from children under 16
This is a marketing website. No clinical data passes through it.
4. Cookies
We use cookies to operate the site and, with your consent, to measure its performance. See our Cookie Policy for the full list of cookies, their purposes, and durations.
You can manage your cookie preferences at any time using the cookie settings link in the footer.
5. Who we share data with
We do not sell personal data. We do not share it for advertising purposes.
We work with the following processors who handle data on our behalf under binding agreements:
| Processor | Purpose | Location |
|---|---|---|
| HubSpot | Demo scheduling, resource downloads, and contact management | USA (EU SCCs in place) |
| Cloudflare | Security, DNS, performance | USA (EU SCCs in place) |
| Google Analytics | Anonymised site analytics | USA (EU SCCs in place) |
| Anonymised outreach measurement | USA (EU SCCs in place) |
We may also disclose personal data if required by law, court order, or law enforcement request. In the event of a merger, acquisition, or sale of the business, personal data may be transferred to the acquiring party.
6. International data transfers
Hypha Clinical LLC is based in the United States. If you are visiting from the EEA, UK, Switzerland, Canada, or Australia, your data may be transferred to and processed in the US.
Where this occurs, we ensure appropriate safeguards are in place. For EEA and UK transfers, this means Standard Contractual Clauses (SCCs) approved by the European Commission and UK ICO respectively. All processors listed above have SCCs or equivalent mechanisms in place.
7. Security
We take appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption on all pages
- Access controls limiting who can view collected data
- Data minimisation — we collect only what is necessary
- Regular review of security practices
No method of transmission over the internet is completely secure. We take all reasonable steps to protect your data but cannot guarantee absolute security.
8. Do Not Track
Our website does not respond to or support the Do Not Track (DNT) browser header. You can manage tracking preferences through our cookie consent panel instead.
9. Children
This website is directed at business professionals. We do not knowingly collect personal data from anyone under 16. If you believe a child has submitted data to us, contact us at support@hyphaclinical.com and we will delete it promptly.
10. Third-party websites
This policy does not apply to third-party websites linked from our site. We recommend reading the privacy policies of any third-party sites you visit.
11. Your rights
Depending on where you are located, you have some or all of the following rights. To exercise any of them, contact support@hyphaclinical.com. We will respond within 30 days. We may ask you to verify your identity before acting on a request.
| Right | What it means |
|---|---|
| Right to know | Why your data is collected, what happens to it, and how long it is kept |
| Right of access | Request a copy of personal data we hold about you |
| Right to rectification | Request correction of inaccurate or incomplete data |
| Right to erasure | Request deletion of your data where no legal obligation requires us to keep it |
| Right to restriction | Ask us to limit how we use your data while a dispute is resolved |
| Right to portability | Receive your data in a commonly used, machine-readable format |
| Right to object | Object to processing based on legitimate interest |
| Right to withdraw consent | Withdraw consent at any time without affecting prior processing |
| Right to appeal | If we decline a request, you may appeal and escalate to your supervisory authority |
Accessibility
If you need personal data provided in an alternative format due to a sensory disability, contact us and we will accommodate the request where reasonably possible.
Do not sell my personal information
We do not sell personal information. This applies to all visitors including California residents under CPRA and residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia.
12. Supervisory authorities
If you are not satisfied with how we handle your data or a complaint you raise with us, you have the right to contact your local supervisory authority.
EU and EEA: Your national data protection authority — edpb.europa.eu
UK: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF — ico.org.uk
Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
Australia: Office of the Australian Information Commissioner — oaic.gov.au
US state residents: If we decline a rights request, you may appeal by contacting support@hyphaclinical.com with the subject line "Appeal". If your appeal is denied, you may escalate to your state attorney general.
13. Changes to this policy
We may update this policy when our data practices change. The version number and date at the top of this page reflect the current version. For material changes, we will notify you by email if we hold your address, or via a prominent notice on the site.
14. Contact
For any questions, requests, or complaints regarding this policy:
Email: support@hyphaclinical.com
Post:
Hypha Clinical LLC
8 The Green, Suite A
Dover, DE 19901
United States