Last updated: January 1, 2025
DoseMind, Inc. ("DoseMind," "we," "our," or "us") is committed to protecting the privacy of individuals who interact with our website at dosemind.com and our pharmacokinetic dosing software platform (collectively, the "Services"). This Privacy Policy describes the types of information we collect, how we use and protect that information, the circumstances under which we share it, and the rights you have with respect to your personal data.
DoseMind provides an AI-powered pharmacokinetic modeling and precision dosing platform designed for use in oncology clinical trials by authorized research institutions, pharmaceutical sponsors, and contract research organizations. Our platform processes clinical trial data under controlled, regulated conditions pursuant to agreements with our institutional and sponsor clients. This Privacy Policy addresses both our general website visitors and our platform users, distinguishing between these categories where the privacy implications differ.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use our Services.
Our registered address is: DoseMind, Inc., 300 Longwood Ave, Boston, MA 02115, United States. For privacy-related inquiries, please contact us at hello@dosemind.com.
Account Registration: When you create an account or are provisioned access to the DoseMind platform by your institution or sponsor, we collect your name, professional email address, job title, institutional affiliation, and the credentials you create for your account. We also collect information about your professional role within the clinical trial context (e.g., investigator, clinical research coordinator, clinical pharmacologist, sponsor representative).
Demo and Contact Requests: When you submit a demo request, contact form, or inquiry through our website, we collect your name, email address, phone number, institutional affiliation, and the content of your message. We use this information to respond to your inquiry and to assess whether our platform is a fit for your trial needs.
Platform Data Entry: Platform users enter clinical trial data in connection with their authorized research activities. This includes patient PK sample data (drug concentration values, sample collection timestamps), drug administration records (infusion times, doses administered), laboratory values (creatinine clearance, CBC, hepatic function tests), and dose recommendation approvals. This data is entered under the control of and pursuant to agreements with the sponsoring institution or pharmaceutical sponsor. DoseMind processes this data as a data processor on behalf of our clients, not as a data controller for the trial subjects.
Website Analytics: When you visit dosemind.com, we automatically collect technical information including your IP address, browser type and version, operating system, referring URL, pages viewed, and time spent on each page. We collect this information using cookies and similar tracking technologies as described in Section 9 of this Policy and in our separate Cookie Policy.
Platform Usage Logs: When you use the DoseMind dosing platform, we collect audit trail records as required by FDA 21 CFR Part 11 and good clinical practice requirements. These records include the date and time of each user action, the user identifier associated with the action, and the nature of the action performed (e.g., data entry, record modification, dose recommendation approval, parameter change). These audit trail records are maintained as part of the platform's regulatory compliance obligations and are not used for marketing purposes.
Device and Network Information: We collect device identifiers, browser fingerprint information sufficient to support session security, and network access logs for security monitoring purposes.
Our platform may receive patient and laboratory data from electronic data capture (EDC) systems, electronic health records, and laboratory information systems pursuant to FHIR R4 integration agreements authorized by our institutional clients. This data transfer occurs under the control of the sponsoring institution and is governed by the applicable data use agreements between DoseMind and the institution.
Service Delivery: We use the information you provide to operate the DoseMind platform, provide dose recommendation calculations, maintain audit trail records, generate regulatory-formatted reports, and support your trial's data management activities. Platform data is processed in accordance with the applicable service agreement with your institution or sponsor.
Account Management: We use your account information to authenticate your access, maintain your role-based permissions within the platform, communicate service updates and maintenance notifications, and manage your subscription or institutional access arrangement.
Customer Support: We use contact information and platform usage data to investigate and resolve support tickets, diagnose technical issues, and respond to compliance or audit inquiries from institutional clients.
Platform Improvement: We use aggregated, de-identified usage data and technical logs to identify platform performance issues, prioritize feature development, and improve the reliability of our pharmacokinetic modeling engine. We do not use identifiable clinical trial data for product improvement without explicit consent from the controlling institution.
Legal Compliance: We use and retain data as required by applicable laws, including FDA regulations applicable to clinical trial software, data retention obligations under ICH E6 Good Clinical Practice guidelines, and applicable state and federal privacy laws.
Security Monitoring: We use access logs and network telemetry to detect, investigate, and respond to security incidents, unauthorized access attempts, and potential data breaches.
Institutional and Sponsor Clients: Clinical trial data processed through the DoseMind platform belongs to and is controlled by the sponsoring institution or pharmaceutical sponsor pursuant to the applicable service agreement. We provide our clients with access to their data in accordance with that agreement. We do not share one client's data with another client.
Service Providers: We engage third-party service providers who process personal data on our behalf under data processing agreements that prohibit them from using the data for any purpose other than providing services to DoseMind. These include: cloud infrastructure providers (AWS), customer relationship management software, email delivery services for transactional communications, and technical support tooling. A current list of our sub-processors is available upon request at hello@dosemind.com.
Legal Requirements: We may disclose personal data to government authorities, law enforcement, or other third parties when required by applicable law, court order, or other legal process. We will provide notice to affected individuals when legally permitted to do so.
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data held by DoseMind may be transferred to the acquiring entity. We will notify affected users via email and/or a prominent notice on our website before personal data is transferred and becomes subject to a different privacy policy.
No Sale of Personal Data: DoseMind does not sell, rent, or trade personal data to third parties for their own marketing or commercial purposes. This includes selling data to data brokers or advertising platforms.
Clinical Trial Data: Clinical trial data processed through the DoseMind platform is retained for the period specified in the applicable service agreement with the sponsoring institution, subject to minimum retention requirements under applicable regulations. FDA regulations for clinical trial records generally require retention for at least 2 years following the date of FDA approval of a new drug application or 2 years following the date of discontinuation of a clinical investigation. We will retain clinical trial audit trail records for no less than 15 years from the date of the last patient's last visit or the termination of the study, whichever is later, or as otherwise required by the applicable regulatory authority.
Account Data: We retain account information for the duration of your active account and for 3 years following account deactivation, to support audit trail completeness and to respond to regulatory inquiries related to studies in which the account was active.
Website Analytics Data: Analytics data collected from website visitors is retained for 24 months in identifiable form, after which it is aggregated and anonymized for statistical purposes.
Contact and Communication Records: Records of inquiries, demo requests, and communications with our sales or support teams are retained for 5 years from the date of the last substantive communication.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or equivalent national legislation grants you specific rights regarding your personal data where DoseMind acts as a data controller (generally applicable to website visitor data and contact/account data, but not to clinical trial data where your institution is the data controller).
Right of Access: You have the right to request confirmation of whether DoseMind processes personal data about you and, if so, to receive a copy of that data along with information about how it is processed.
Right to Rectification: You have the right to request correction of inaccurate personal data about you that DoseMind holds.
Right to Erasure: You have the right to request deletion of your personal data where the data is no longer necessary for the purposes for which it was collected, where you have withdrawn consent (for consent-based processing), or where you have objected to processing and there are no overriding legitimate grounds. This right does not apply where retention is required by applicable law, including clinical trial regulatory retention obligations.
Right to Restriction of Processing: You have the right to request that we restrict processing of your personal data in certain circumstances, including where you contest the accuracy of the data, or where you have objected to processing pending verification of whether our legitimate grounds override your interests.
Right to Data Portability: You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller, where processing is based on consent or contract and is carried out by automated means.
Right to Object: You have the right to object to processing of your personal data for direct marketing purposes, or to processing based on our legitimate interests where you believe your interests, rights, or freedoms override ours.
To exercise any of these rights, please contact us at hello@dosemind.com. We will respond to your request within 30 days. If we are unable to fulfill your request, we will provide a written explanation. You also have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of an alleged infringement of the GDPR.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding personal information that DoseMind collects. DoseMind does not sell or share personal information with third parties for cross-context behavioral advertising purposes. California residents have the right to know what personal information we collect and how it is used, the right to delete personal information we hold about them (subject to applicable exceptions), the right to correct inaccurate personal information, and the right to opt out of the sale or sharing of personal information. To exercise these rights, contact us at hello@dosemind.com.
DoseMind implements administrative, technical, and physical security measures designed to protect personal data and clinical trial data against unauthorized access, disclosure, alteration, and destruction. Specific measures include: data encryption at rest (AES-256) and in transit (TLS 1.3); role-based access controls limiting data access to authorized personnel with a documented need; multi-factor authentication required for all platform user accounts; network monitoring and intrusion detection systems; regular penetration testing by independent security firms; and formal incident response procedures with defined notification timelines.
Our platform is validated under 21 CFR Part 11 requirements, which include security controls for access limitation and tamper-evident audit trail maintenance. Our cloud infrastructure (AWS) holds SOC 2 Type II and ISO 27001 certifications relevant to the security controls underlying our service.
No security system is impenetrable. In the event of a data breach that affects your personal data, DoseMind will notify affected individuals and applicable regulators as required by applicable law, including within 72 hours for GDPR-covered breaches where feasible.
DoseMind's website uses cookies and similar tracking technologies to operate core website functions, analyze traffic, and improve user experience. We use essential cookies that are necessary for the website to function, analytics cookies to understand how visitors interact with our site, and functional cookies that remember your preferences. We do not use advertising or third-party marketing cookies on our platform or website. For full details about the cookies we use, their purposes, and how to manage your preferences, please review our Cookie Policy.
DoseMind is headquartered in the United States. If you are accessing our Services from the European Economic Area, United Kingdom, or other jurisdictions with data protection laws that differ from those of the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States. Where we transfer personal data from the EEA to the United States, we rely on the EU-US Data Privacy Framework (where applicable), Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. A copy of our Standard Contractual Clauses is available upon request.
The DoseMind platform is a professional clinical research tool intended for use by credentialed healthcare professionals and research personnel. Our website and platform are not directed at individuals under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age. If we learn that we have inadvertently collected personal information from a minor, we will promptly delete that information. If you believe we may have collected information from a minor, please contact us at hello@dosemind.com.
We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable legal requirements. When we make material changes, we will notify registered platform users by email and will post a prominent notice on our website with the effective date of the change. Your continued use of our Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically.
If you have questions, concerns, or requests regarding this Privacy Policy or DoseMind's data processing practices, please contact our privacy team at:
DoseMind, Inc.
Attn: Privacy Team
300 Longwood Ave, Boston, MA 02115
Email: hello@dosemind.com
Phone: +1 (617) 293-8174
We are committed to working with you to obtain a fair resolution of any privacy concern or complaint. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.