Privacy Policy

Effective Date: May 11, 2026 (interim)
Version: 0.1 (pre-launch interim)
Governs: cliproof.com, the CliProof marketing website and lead-capture experience.

CliProof LLC ("CliProof", "we", "us") provides software for clinical research sites. This Privacy Policy describes what we collect, how we use it, and your rights, for visitors to our website and people who contact us.

This document does not cover:

The CliProof platform itself (the application our customers and their authorized users log into) — that's covered by your customer's privacy practices and our Business Associate Agreement with them.
Protected Health Information (PHI) processed inside the platform — that's governed by HIPAA, the Business Associate Agreement, and our internal HIPAA Privacy and Security Policy.

If you're looking for how patient or research-subject data is handled, contact the research site you're a participant of — they are the responsible party under HIPAA.

Table of Contents

Who We Are
Information We Collect
How We Use Information
Legal Bases for Processing (EU/UK/EEA Visitors)
Cookies and Similar Technologies
Service Providers
How Long We Keep Information
Security
Your Rights
International Transfers
Changes to This Policy
Relationship to Other Documents
Contact

1. Who We Are

CliProof LLC is a Florida limited liability company providing clinical trial management software (CTMS), electronic Trial Master File (eTMF), and the CliProof IQ Score to clinical research sites.

Legal Name	CliProof LLC
Florida Document Number	L26000250809
Mailing Address	1200 Brickell Avenue, Suite 1950, Miami, FL 33131
Email	team@cliproof.com
Privacy Inquiries	team@cliproof.com

2. Information We Collect

2.1 Information You Provide Directly

When you contact us, request a demo, sign up for updates, or otherwise interact with us, you may provide:

Name
Work email address
Company or organization
Job title or role
Phone number (optional)
Message content
Any other information you choose to share

2.2 Information Collected Automatically

When you visit cliproof.com, we and our analytics provider may collect:

IP address (used for general geographic context and abuse prevention; not used to identify individuals)
Browser type and version, operating system, device type
Referring URL
Pages viewed and time on page
Date and time of visit

We use this information for understanding how the site is used and improving it. Our analytics provider is Google Analytics 4 (GA4), which uses cookies to measure site usage. We disclose this provider below in §6 (Service Providers). By using cliproof.com, you consent to analytics cookies as described in this Policy and in §5 (Cookies and Similar Technologies). If you do not consent, you can disable cookies through your browser settings or use a privacy-focused browser that blocks third-party tracking.

2.3 Information We Do Not Knowingly Collect on the Website

We do not collect Protected Health Information (PHI) through the marketing website. PHI flows only through the authenticated CliProof platform under separate agreements with our customers.
We do not collect information from children under 13. The CliProof website and platform are intended for business audiences.
We do not purchase personal information from data brokers.

3. How We Use Information

We use the information described above to:

Respond to your inquiries
Schedule and conduct demos
Send updates you've requested
Improve our website and product
Comply with our legal obligations
Protect the security and integrity of our website

We do not:

Sell your personal information
Share your personal information with third parties for their own marketing
Use your information to train AI models for purposes other than improving CliProof's own services to you

4. Legal Bases for Processing (for EU/UK/EEA Visitors)

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases:

Consent — when you submit a form or sign up for updates
Legitimate interests — for website analytics, security, and responding to inquiries you initiate; balanced against your rights and freedoms
Legal obligation — when retention or disclosure is required by law

CliProof primarily serves customers in the United States. If you are visiting from the EU, UK, or EEA, please be aware that your information will be processed in the United States.

5. Cookies and Similar Technologies

cliproof.com uses cookies for analytics. We disclose our use of cookies transparently here rather than displaying a consent banner. Our cookie use is limited to the following categories:

Strictly necessary cookies may be used for site functionality (e.g., remembering your form progress).
Analytics cookies are set by Google Analytics 4 (GA4) to measure site usage, including pages viewed, time on page, referring URL, and approximate geographic location based on IP address. These cookies do not personally identify you to CliProof.
We do not use advertising or retargeting cookies on cliproof.com.

We take a transparent disclosure approach rather than a consent banner because CliProof serves a US-based clinical research audience and our cookie use is limited to analytics necessary for operating the website. By using cliproof.com, you consent to the cookies described in this Policy.

You can control cookies through your browser settings, including blocking third-party cookies, using "Do Not Track" or "Global Privacy Control" signals, or browsing in incognito/private mode. You can also opt out of Google Analytics across all sites by installing the Google Analytics Opt-out Browser Add-on.

6. Service Providers (Subprocessors for the Website)

We share information with the following categories of service providers in support of operating the website. The specific vendors are listed in our internal vendor inventory and disclosed below; we update this list as vendors change.

Category	Provider	Purpose	Region
Hosting (current)	Namecheap (cPanel)	Static landing page hosting	US
Hosting (planned)	Microsoft Azure	Production website hosting	US
Analytics	Google Analytics 4 (GA4)	Website usage analytics	US
Email	Google Workspace	Receipt and processing of inbound email	US
Lead form	Formspree	Form submission processing	US
Domain registration	Namecheap	Domain management	US
Registered agent	Entity Protect RA Services	Florida business registered agent	US (Tampa, FL)

These providers process information only as needed to deliver their service to us and are bound by appropriate data protection terms. None of these website-facing providers receive PHI.

7. How Long We Keep Information

We retain information collected through the website for as long as needed to fulfill the purposes for which it was collected, and as required by law:

Inquiry / demo request data — up to 3 years from last contact, then deleted unless you become a customer
Email correspondence — per our internal retention practices, generally 7 years for business records
Analytics data — aggregated and retained per Google Analytics 4's retention settings; individual user/event data is retained for 2–14 months depending on our configured retention period in the Google Analytics admin panel
Records required by law — retained for the period required by applicable law

If you request deletion under §9, we will honor the request to the extent legally permissible.

8. Security

We use industry-standard administrative, physical, and technical safeguards to protect information described in this Policy. These include encryption in transit (TLS), access controls, audit logging, and vendor due diligence. No system is perfectly secure; if we discover a security incident affecting your information, we will respond per our incident management procedures and notify you when required by law.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access — request a copy of personal information we hold about you
Correction — request correction of inaccurate information
Deletion — request deletion of your information, subject to legal retention requirements
Objection or restriction — object to or restrict certain processing
Portability — receive your information in a structured format
Withdraw consent — withdraw consent where processing is based on consent
Complain — lodge a complaint with a supervisory authority (e.g., your state attorney general; for EU residents, your local Data Protection Authority)

To exercise any of these rights, email team@cliproof.com. We will respond within the timeframe required by applicable law (typically 30–45 days). We may need to verify your identity before fulfilling certain requests.

9.1 California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have additional rights, including the right to know what categories of personal information we collect, to delete personal information, to correct inaccurate information, and to opt out of the sale or sharing of personal information.

CliProof does not sell or share personal information for cross-context behavioral advertising.

To exercise CCPA/CPRA rights, contact team@cliproof.com.

9.2 Other US States

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, and others as enacted) have rights similar to those described above. Contact team@cliproof.com to exercise them.

10. International Transfers

We are based in the United States. If you are visiting from outside the United States, your information will be transferred to and processed in the United States. We rely on appropriate safeguards for international transfers as required by applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, provide additional notice (such as an email to subscribers or a notice on the website). Continued use of cliproof.com after the effective date of any update indicates your acceptance of the updated Policy.

12. Relationship to Other Documents

This Privacy Policy applies to the cliproof.com website and to our handling of inquiries from prospects and visitors.

It does not apply to:

The authenticated CliProof platform — covered by your customer agreement and (for healthcare data) the Business Associate Agreement between CliProof and the Covered Entity (research site)
Protected Health Information processed within the platform — governed by HIPAA, the BAA, and our internal HIPAA Privacy and Security Policy (POL-003)
Patient or research-subject privacy notices — issued by the research site you participate with, not by CliProof

13. Contact

For questions about this Privacy Policy or how we handle your information, contact:

CliProof LLC
1200 Brickell Avenue, Suite 1950
Miami, FL 33131
team@cliproof.com

This Privacy Policy is a pre-launch interim version (v0.1) pending review by qualified legal counsel before being designated v1.0. The version published at cliproof.com/privacy is the controlling version.