Privacy Policy
Effective 2026-05-31. Operated by Phase3AI.
1. Who We Are
Clinical Trial Signal is operated by Phase3AI. Contact: tom@phase3ai.com.
2. What We Collect
We collect only what we need to operate the Service:
- Free tier visitors: standard web server logs (IP address, user agent, referrer, request path, timestamp) for security and performance. We do not set advertising cookies.
- Contact form / inquiry submissions: the email address and any free-text information you submit.
- Paid subscribers: email address, payment confirmation metadata from Stripe (we do not store card numbers — Stripe does), watchlist contents you create, and login activity tied to your access token.
3. What We Do Not Collect
- We do not collect protected health information (PHI) about identifiable individuals.
- We do not track you across other sites.
- We do not sell your data.
4. How We Use Information
To operate the Service, provide paid access, send transactional emails (welcome, receipts, account changes, requested digests), respond to support requests, and analyze aggregate Service usage for product improvement.
5. Third-Party Processors
We use these processors:
- Stripe — payment processing. Stripe Privacy Policy
- Netlify — hosting and edge logs. Netlify Privacy Policy
- Supabase — database for subscriber + watchlist data (deployment phase).
- Anthropic — AI brief generation. Source records are sent for summarization; subscriber identifiers are not.
- Email provider (TBD: Resend or similar) — transactional and digest emails.
6. Cookies
We use a small set of strictly necessary cookies and localStorage entries: an access-token cookie/storage entry to keep you signed in, and (if you opt in) a UI-preference cookie. We do not use advertising or cross-site tracking cookies.
7. Data Retention
We retain account and subscription data for as long as your account is active and for up to 24 months after closure to satisfy tax/legal obligations. Contact-form emails are retained until you ask us to remove them or for 24 months after the last interaction, whichever is shorter. Web server logs are retained for up to 90 days.
8. Your Choices and Rights
You may request access to, correction of, or deletion of your personal information by emailing tom@phase3ai.com. Where applicable (e.g., under GDPR or CCPA), you have additional rights including portability and objection to certain processing.
9. Security
We use industry-standard security practices: TLS in transit, encrypted storage at rest with Supabase, scoped Stripe and access tokens, and access controls on our admin tooling. No system is perfectly secure; please report suspected vulnerabilities to tom@phase3ai.com.
10. Children
The Service is intended for professional research use and is not directed to children under 13. We do not knowingly collect information from children under 13.
11. International Users
The Service is operated from the United States. If you access it from outside the U.S., your information may be transferred to and processed in the U.S.
12. Changes to This Policy
We may update this Policy; the effective date will be revised when we do.
13. Contact
Questions: tom@phase3ai.com.