Privacy Policy - PharmaLens

PharmaLens ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our biotech intelligence platform (the "Service").

We serve users in both Canada and the United States. This Privacy Policy complies with:

PIPEDA (Personal Information Protection and Electronic Documents Act) for users in Canada
CCPA (California Consumer Privacy Act) and other applicable U.S. state privacy laws for users in the United States
GDPR (General Data Protection Regulation) for users in the European Union, if applicable

1. Information We Collect

Account Information

When you create an account, we collect:

Name and email address: Provided during registration
Authentication data: Managed by Clerk (our authentication provider)
Profile information: Any additional information you choose to provide

Payment Information

When you subscribe to a paid plan:

Payment card details: Processed securely by Stripe (our payment processor)
Billing address: Required for payment processing
Transaction history: Records of your subscription and payments

Note: We do not directly store your full payment card numbers. Stripe handles all payment processing.

Usage Data

We automatically collect information about how you use the Service:

Report requests: Companies and drug candidates you search for
Feature usage: Which features you use and how often
Device information: Browser type, operating system, IP address
Log data: Access times, pages viewed, errors encountered

Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your login session
Remember your preferences
Analyze usage patterns and improve the Service
Detect and prevent fraud or abuse

2. How We Use Your Information

We use your personal information for the following purposes:

Providing the Service

Creating and managing your account
Processing your subscription and payments
Generating biotech intelligence reports based on your requests
Delivering reports and notifications
Providing customer support

Improving the Service

Analyzing usage patterns to improve features
Conducting research and development
Testing new features and functionality

Communications

Sending service-related notifications (report completion, billing updates)
Responding to your inquiries and support requests
Sending marketing communications (with your consent, where required)

Legal and Security

Detecting, preventing, and addressing fraud or abuse
Monitoring and analyzing security threats
Complying with legal obligations
Enforcing our Terms of Service

3. Third-Party Services We Use

We use trusted third-party services to operate the Service. These providers may access your personal information only to perform specific tasks on our behalf and are obligated to protect your information:

Clerk (Authentication)

Clerk provides authentication and user management services. They process your account credentials and authentication data.

Stripe (Payment Processing)

Stripe processes all payments and stores your payment card information securely.

Sentry (Error Tracking and Monitoring)

Sentry helps us monitor application errors and performance. Error reports may include limited user information to help us diagnose issues.

4. Data Retention

We retain your personal information for as long as necessary to:

Provide the Service to you
Comply with legal obligations (e.g., tax and financial records may be retained for up to 7 years as required by law)
Resolve disputes and enforce agreements
Maintain security and prevent fraud

When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where retention is required by law or necessary to resolve disputes or enforce our agreements.

5. Your Privacy Rights

Under PIPEDA (Canada)

You have the right to:

Access: Request access to your personal information we hold
Correction: Request correction of inaccurate or incomplete information
Withdraw consent: Withdraw consent for certain uses (subject to legal restrictions)
Complaint: File a complaint with the Privacy Commissioner of Canada

Under GDPR (European Union)

If you are in the EU, you have additional rights:

Right to erasure ("right to be forgotten"): Request deletion of your data
Right to data portability: Receive your data in a structured, machine-readable format
Right to object: Object to processing based on legitimate interests
Right to restrict processing: Request we limit how we use your data

Under U.S. State Privacy Laws (CCPA and Others)

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other U.S. states with privacy laws, you have the right to:

Know what personal information we collect, use, and disclose about you
Request access to your personal information
Request deletion of your personal information
Request correction of inaccurate personal information
Opt-out of the sale of your personal information (Note: We do not sell personal information)
Opt-out of targeted advertising (Note: We do not use personal information for targeted advertising)
Non-discrimination for exercising your privacy rights

The specific rights available to you may vary depending on your state of residence and the applicable state privacy law.

How to Exercise Your Rights

To exercise any of these rights, please contact us at legal@pharmalens.com. We will respond to your request within 30 days (or as required by applicable law).

6. International Data Transfers

We serve users in both Canada and the United States. Your personal information may be transferred to and processed in Canada, the United States, or other countries where our third-party service providers (Clerk, Stripe, Sentry) operate their infrastructure.

For Canadian users: Your information may be transferred to the United States or other countries with different data protection laws than Canada.

For U.S. users: Your information may be transferred to Canada or other countries where our service providers operate.

We ensure that appropriate safeguards are in place for all international transfers, such as:

Standard contractual clauses approved by regulatory authorities
Service providers certified under recognized privacy frameworks (e.g., Privacy Shield successors, EU-U.S. Data Privacy Framework)
Ensuring third parties comply with applicable data protection laws including PIPEDA, GDPR, and U.S. privacy laws

7. Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including:

Encryption of data in transit (HTTPS/TLS)
Encryption of sensitive data at rest
Access controls and authentication mechanisms
Regular security assessments and monitoring
Secure payment processing through PCI-DSS compliant providers

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

If you believe we have inadvertently collected information from a child, please contact us at legal@pharmalens.com.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the updated Privacy Policy on this page
Updating the "Last Updated" date at the top
Sending you an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: legal@pharmalens.com

Privacy Complaints:

If you believe we have not complied with our privacy obligations, you have the right to file a complaint with the appropriate regulatory authority:

For Canadian users:

Privacy Commissioner of Canada: www.priv.gc.ca/en/report-a-concern
Information and Privacy Commissioner of Ontario: www.ipc.on.ca

For U.S. users:

Federal Trade Commission (FTC): www.ftc.gov (Consumer Complaints)
Your State Attorney General: Many U.S. states have consumer protection divisions that handle privacy complaints. Contact your state's Attorney General office.
California residents: California Attorney General's Office at oag.ca.gov