Summary: AVD Clinical collects only what's necessary to run the Service. The Medicine Reminder tool handles health-sensitive data — we describe exactly what, how, and why below. We do not sell your data. AVD Clinical is not a HIPAA Covered Entity and does not accept Protected Health Information (PHI) from covered entities or business associates. You can request deletion at any time by emailing [email protected].
1. Who We Are
AVD Clinical ("AVD Clinical," "we," "us," or "our") operates the website at avdclinical.com (the "Service"), which includes:
- SOP & Template Marketplace — clinical research document downloads
- Budget Calculator — sponsor and site-level clinical trial cost estimation
- Medicine Reminders — a personal medication tracking and notification tool
- Resource Library — curated regulatory and GCP reference documents
We are based in the United States. For privacy inquiries: [email protected] · +1 929-502-4973
2. Information We Collect
2.1 Account & Authentication Data
- Registration: First name, last name, email address, phone number, and professional role.
- OTP codes: Temporary 6-digit codes sent by email or SMS to verify your identity. Codes are not stored after verification.
- Session tokens: Encrypted tokens stored in your browser to keep you signed in (see Cookie Policy).
2.2 Medicine Reminder Data (Health-Sensitive)
The Medicine Reminder tool allows you to enter and store personal medication information. This may include:
- Medicine name, dosage, and strength
- Prescribing doctor's name
- Pharmacy name and contact
- Refill dates and reminder schedules
- Personal notes about your medications
This data is health-sensitive. It is stored in your account in our database (Supabase), encrypted at rest and in transit. It is associated with your account and protected by Row-Level Security — only you can access it when authenticated. We do not use this data for advertising, profiling, or sharing with third parties. You can delete all reminder data from within the tool or by contacting us.
Important: The Medicine Reminder is a personal convenience tool. It is not a clinical system, not monitored by healthcare professionals, and not a substitute for medical advice. Do not enter another person's health data or patient data into this tool.
2.3 Calculator Data
The Budget Calculator allows you to enter clinical trial parameters (countries, site counts, visit structures, cost estimates) and save named projects. This data is stored in your account. It relates to study budgets, not patient data. We do not use your calculation inputs for any purpose other than providing the tool to you.
2.4 Purchase & Payment Data
When you purchase an SOP, template, bundle, or subscription:
- Stripe processes your payment. AVD Clinical never sees, stores, or handles your card number, CVV, or full payment details.
- Stripe provides us with transaction metadata: order amount, product purchased, payment status, and a masked card descriptor (e.g., Visa ending 4242). This is used to fulfill your purchase and for accounting.
- Stripe's privacy policy applies to payment processing: stripe.com/privacy
2.5 Device & Browser Notification Permissions
The Medicine Reminder tool may request permission to send browser push notifications for medication reminders. If you grant permission:
- Your browser's push notification token is stored in your account to deliver reminders.
- You can revoke notification permission at any time through your browser settings. Revoking stops future notifications and we will delete the stored token.
2.6 Usage & Technical Data
- Usage data: Pages viewed, features used, and general interaction patterns.
- Device data: Browser type, operating system, IP address, and referral URL.
- Cookies: See our Cookie Policy.
2.7 Communications
Messages you send us via email or contact forms, including your email address and message content.
3. How We Use Your Information
- To create and manage your account and authenticate you securely via OTP.
- To store and display your medicine reminders and send scheduled notifications.
- To save and retrieve your budget calculator projects.
- To fulfill SOP, template, and subscription purchases and deliver downloadable files.
- To send you email OTP codes, transactional emails, and (if opted in) update newsletters.
- To notify you of resource updates you have chosen to watch.
- To improve and maintain the Service.
- To communicate material changes to our terms or policies.
- To comply with legal obligations and protect our rights.
4. HIPAA Position — PHI and BAA
AVD Clinical is not a HIPAA Covered Entity and does not function as a Business Associate. We do not accept, process, or store Protected Health Information (PHI) as defined under 45 CFR § 160.103. Do not enter patient identifiers, medical record numbers, diagnosis codes, or any other PHI into this Service.
The Medicine Reminder tool is a personal convenience tool for your own health management. Entering your own medication information as a private individual is not covered by HIPAA. However, we treat this data as health-sensitive and apply the same security standards described in Section 7.
No Business Associate Agreement (BAA) is currently available. Covered entities, healthcare providers, health plans, and their business associates must not use this Service to process PHI. If you are a covered entity and require a BAA, contact us at [email protected] — a BAA framework is planned for a future regulated platform version.
5. Legal Basis for Processing (EEA / UK Users)
If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:
- Contract: To provide the Service you signed up for.
- Legitimate interest: To operate and improve the Service, prevent fraud, and ensure security.
- Consent: For optional marketing communications and browser notification permissions (you may withdraw at any time).
- Legal obligation: To comply with applicable law.
6. How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:
- Supabase — authentication, database, and encrypted storage hosting (United States). Data is encrypted at rest and in transit. Row-Level Security restricts access to your own records only.
- Twilio — SMS OTP delivery. Receives your phone number to send verification codes only.
- Stripe — payment processing. Receives payment card data directly; AVD Clinical receives only transaction metadata.
- Resend — transactional email delivery (OTP codes, purchase receipts). Receives your email address for delivery only.
- Cloudflare — website hosting, CDN, and security (DDoS protection, TLS). Processes IP addresses and request metadata.
- Legal requirements: If required by law, court order, or regulatory authority.
- Business transfers: If AVD Clinical is acquired or merges, your data may transfer to the successor entity subject to equivalent protections. You will be notified in advance.
Medicine reminder data and calculator data are never shared with third parties for any commercial, advertising, or research purpose.
7. Security
We apply the following safeguards across the Service:
- Encryption in transit: All connections use TLS 1.2 or higher.
- Encryption at rest: All database content, including health-sensitive reminder data, is encrypted at rest via Supabase's AES-256 storage encryption.
- Authentication: OTP-based — no passwords are stored. Access requires a verified email or phone code.
- Access control: Row-Level Security (RLS) policies on all database tables — your data is only accessible when you are authenticated as the account holder.
- No PHI accepted: We do not build workflows for patient data and have not provisioned HIPAA-specific technical safeguards (dedicated audit logging, workforce training, risk assessments) required under 45 CFR Part 164. Covered entities must not use this Service for PHI.
No system is perfectly secure. Please protect your email account, do not share OTP codes, and notify us immediately at [email protected] if you suspect unauthorized access.
8. Data Retention & Deletion
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Medicine reminder data: Retained until you delete individual reminders or your account. Deletable at any time from within the tool or by contacting us.
- Calculator projects: Retained until you delete them or your account.
- OTP codes: Expire within 10 minutes and are not stored after use.
- Browser notification tokens: Deleted when you revoke notification permission or delete your account.
- Purchase records: Transaction metadata retained for up to 7 years for accounting and legal compliance. This does not include payment card data (held by Stripe under their retention policies).
- Usage/technical data: Aggregated and anonymized within 90 days; raw logs retained up to 90 days for security purposes.
To request deletion of your account and all associated data, email [email protected]. We will confirm and complete deletion within 30 days.
9. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your account and associated data (including all reminder and calculator data).
- Restrict or object to certain processing.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time for consent-based processing (marketing emails, push notifications).
To exercise any of these rights, email [email protected]. We will respond within 30 days.
10. Cookies
We use strictly necessary cookies for authentication and session management. For full details, see our Cookie Policy.
11. Third-Party Links
The Library links to resources hosted by third parties (FDA, ICH, TransCelerate, NIH, EMA, etc.). We are not responsible for the privacy practices of those sites. We recommend reviewing their privacy policies before providing any personal information.
12. Children's Privacy
The Service is intended for adults (clinical research professionals and adult patients managing their own health). It is not directed to children under 18. We do not knowingly collect personal data from minors. If we learn that we have, we will promptly delete it.
13. International Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place for international transfers from the EEA/UK.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service and, where appropriate, by email. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy, please contact:
AVD Clinical — Privacy
Email: [email protected]
Phone: +1 929-502-4973
Website: avdclinical.com