Privacy

Data Categories

ClinixQM processes different categories of data to provide the service:

• Account data: Name, email, organization details for user authentication and billing
• QMS content: Documents, risks, CAPAs, training records, and other quality management data you create
• Usage data: Feature usage, performance metrics, and error logs for service improvement
• Audit logs: User actions and system events for compliance and security purposes

Data Retention

We retain data for as long as needed to provide the service and meet legal obligations:

• Active accounts: Data retained while account is active
• Closed accounts: Data retained for 30 days after closure, then deleted
• Audit logs: Retained according to your organization's configured retention policy
• Backups: Removed from backup systems within 90 days of deletion

GDPR Approach

ClinixQM is designed to support GDPR compliance for organizations subject to EU data protection law:

• Data Processing Agreement: We provide a DPA on request for customers who need one
• Subprocessor transparency: Full list of subprocessors available with notification of changes
• Data subject rights: Tools to support access, rectification, and deletion requests
• Data export: Full data export capability for portability

Data Subject Rights

ClinixQM provides tools to help organizations respond to data subject requests:

• Access: Export all data associated with a user or organization
• Rectification: Update personal data through the application interface
• Erasure: Delete user accounts and associated data
• Portability: Export data in machine-readable format

Data Location

ClinixQM data is stored in Microsoft Azure data centers. By default, data is stored in European data centers. Enterprise customers may request specific data residency arrangements.