Helix Clinical Data Partners, Inc. — Privacy Policy

Effective Date: January 1, 2026  |  Last Updated: May 25, 2026

Helix Clinical Data Partners, Inc. ("Helix," "we," "us," or "our") compiles and licenses site-level clinical-trial operational metrics to sponsors, contract research organizations, and analysts. This Policy describes how we collect, use, store, share, and sell clinical-trial operations data. These datasets describe the operational performance of trials and research sites in aggregate and do not contain patient-level records.

1. Scope and Subjects

This Policy applies to aggregate operational metrics reported at the level of a clinical trial, protocol, and research site across multiple countries. The records describe trial and site performance, not identifiable individuals.

2. Information We Collect

No protected health information (PHI) or individual patient data is included. All patient-related figures are aggregate counts at the site or trial level. Because no individually identifiable health information is processed, the datasets fall outside the scope of the Health Insurance Portability and Accountability Act ("HIPAA").

3. Applicable Regulations

Because these datasets contain only aggregate, non-identifiable operational metrics, HIPAA and the General Data Protection Regulation ("GDPR") do not apply to the records as distributed. Sites located outside the United States are represented solely by aggregate operational counts and a site country label; no personal data of trial participants or site staff is included.

4. How We Use Information

5. Data Storage

Storage: Storage of this information is permitted. Data is held in secure, access-controlled cloud infrastructure. As trials span multiple countries, aggregate records may be stored and processed in more than one jurisdiction consistent with sponsor agreements.

6. Sharing of Information

Sharing: Sharing of this information with third parties is permitted. We share aggregate benchmark datasets with sponsors, contract research organizations, analytics partners, and service providers under contract.

7. Sale of Information

Sale: Sale of this information is permitted. Helix licenses and sells clinical-operations benchmark datasets to commercial customers, and tokenized data assets derived from these datasets may be sold, licensed, or transferred on authorized data marketplaces.

8. Data Localization

Certain sponsor agreements or national regulations may restrict where specific site data can be stored or transferred. Where such restrictions apply, Helix honors them. Absent such a restriction, no data-localization requirement applies to these aggregate datasets.

9. Security

We maintain reasonable administrative, technical, and physical safeguards, including encryption in transit, role-based access controls, and periodic audits.

10. Changes to This Policy

We may update this Policy from time to time; the "Last Updated" date reflects the most recent revision.

11. Contact Us

Helix Clinical Data Partners, Inc.
Attn: Data Privacy Office
75 Kendall Square, Suite 500
Cambridge, MA 02142
Email: privacy@helixclinical.example