Privacy statement

Last modified: April 7, 2019
FlaskData provides private and secure cloud services for clinical research data processing. Our Privacy Policy explains:

1. How Informed Consent of research subjects is the first step in the process
2. What information we collect and why we collect it.
3. How we use that information.


Informed consent

A person participating in clinical research run by one of users will be asked to sign an Informed Consent Form (ICF) after having received a written and oral explation of the study.  We keep a record of informed consent, date obtained and signed, ICF version and when needed, additional information such as language of the ICF.   Withdrawal of informed consent is prospective and does not affect research data collected based on informed consent before its withdrawal.  A research subject may request to be forgotten, which results in the subject personal data being removed from our systems.  You can find the latest FDA Guidance for informed consent of trial subjects (updated March 2018) here - E6(R2) Good Clinical Practice


Information we collect

We collect information to provide services to our users in two ways:
1. Information you give us in order to use our services. In order to use our services, we need a name and email address. That's it. You provide this information at the time you signup or when you invite a person to join your research project in a site or study-wide role.
2. Information we get from your use of our services. We may collect information about the applications that you use and how you use them, like when you create a new site and write alert rules. This helps us improve usability, improve accessibility and of course, fix bugs.

Log information
1. When you use our services, we collect information in Web server logs: IP address, browser type, browser language
2. Server event information such as application URL and query string, application errors, the date and time of your request and referral URL.

Cookies and one-time tokens.
We use various technologies to collect and store information when you use a FlaskData service, and this may include sending one or more cookies or one-time tokens to your device. We do not share cookies or tokens with any other sites.


How we use information we collect

We use information such as site time zone settings, to present you with a customized user experience in your browser. We use the information in server logs to help us improve performance, usability, accessibility, fix bugs and help maintain your privacy and the security of our services.


Accessing and updating your user profile information

You can update your personal information (name, email password etc..) at any time.


We do not share information

We do not use your email address to send you advertising messages nor share your email with anyone nor any other organization.
We do not share any any data, user-generated content, personal profiles, or server log information with anyone except in the following exceptional situations in order to:
1. Meet any applicable law, regulation, legal process or enforceable governmental request.
2. Enforce applicable Terms of Service, including investigation of potential violations.
3. Detect, prevent, or otherwise address fraud, security or technical issues.
4. Protect against harm to the rights, property or safety of FlaskData and our users as required or permitted by law.
5. If FlaskData is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.


Information security

We work hard to protect FlaskData and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:
1. We encrypt FlaskData services using SSL Extended Verification certificates.
2. We host FlaskData services at SAS 70 certified hosting facilities at Amazon AWS.
3. We secure and periodically audit FlaskData services using HIPAA and GDPR compliance security rule guidelines in technical, administrative and physical areas. If you have any questions please feel free to visit the FlaskData web site and click on the Contact Us link in the site footer.