Privacy Policy

Your privacy is important to us. Learn how we protect and handle your data.

PRIVACY POLICY

Last updated: June 11, 2025

OVERVIEW

Welcome to SHRARE Technology AG ("Company," "we," "us," "our"). We are committed to protecting your privacy and ensuring the secure handling of your personal information. This Privacy Policy describes how we collect, use, share, and protect your personal data when you use our services.

Our Services and Platforms

We operate the following digital properties:

Our platform leverages artificial intelligence to help researchers and pharmaceutical companies develop medical product candidates through document analysis and insights generation, excluding patient data processing.

TABLE OF CONTENTS

  1. Information We Collect
  2. How We Use Your Information
  3. AI and Machine Learning
  4. Legal Basis for Processing
  5. Information Sharing and Disclosure
  6. Data Security
  7. Data Retention
  8. International Data Transfers
  9. Your Privacy Rights
  10. Cookies and Tracking Technologies
  11. Children's Privacy
  12. Third-Party Services
  13. Changes to This Policy
  14. Contact Information

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

Account and Profile Information:

  • Name, email address, phone number
  • Professional title, company/organization name
  • Account credentials and authentication information
  • Payment and billing information
  • Communication preferences

Content and Documents:

  • Research documents and files you upload (excluding patient data)
  • Project information and metadata
  • Communications with our support team
  • Feedback, surveys, and user-generated content

Professional Information:

  • Industry sector and research focus areas
  • Institutional affiliations
  • Professional credentials and qualifications

1.2 Information We Collect Automatically

Usage Data:

  • How you interact with our platform and services
  • Features used, time spent, click patterns
  • Search queries and document analysis requests
  • Performance metrics and error logs

Device and Technical Information:

  • IP address and approximate geolocation
  • Browser type, version, and settings
  • Operating system and device identifiers
  • Screen resolution and device capabilities
  • Referral URLs and navigation paths

Analytics and Performance Data:

  • Application performance metrics
  • AI model interaction patterns
  • System usage statistics
  • Error reporting and diagnostics

1.3 Information from Third Parties

We may receive information about you from:

  • Authentication providers (Google, Microsoft, institutional SSO)
  • Payment processors for billing verification
  • Professional networks when you connect accounts
  • Public research databases for verification purposes
  • Business partners in joint research initiatives

2. HOW WE USE YOUR INFORMATION

2.1 Primary Service Delivery

  • Platform Operation: Providing access to our AI-powered research platform
  • Document Processing: Analyzing research documents to generate insights
  • Account Management: Creating and maintaining your user account
  • Customer Support: Responding to inquiries and providing assistance
  • Billing and Payments: Processing transactions and managing subscriptions

2.2 Service Improvement and Development

  • Platform Enhancement: Improving existing features and developing new capabilities
  • Performance Optimization: Monitoring and optimizing system performance
  • Quality Assurance: Testing and validating platform functionality
  • Research and Development: Advancing our AI and machine learning capabilities

2.3 Communication and Marketing

  • Service Communications: Sending important updates, notifications, and announcements
  • Educational Content: Providing relevant industry insights and best practices
  • Marketing Communications: Sharing product updates and promotional materials (with consent)
  • Event Information: Notifying you about webinars, conferences, and training sessions
  • Regulatory Compliance: Meeting legal obligations and industry standards
  • Security Monitoring: Protecting against fraud, abuse, and security threats
  • Legal Proceedings: Responding to lawful requests and protecting our rights
  • Audit and Verification: Supporting compliance audits and certifications

3. AI AND MACHINE LEARNING

3.1 AI Processing Disclosure

Our platform uses artificial intelligence and machine learning technologies to:

  • Analyze research documents for insights and patterns
  • Generate summaries and extract key information
  • Provide recommendations based on document content
  • Enhance search functionality and content discovery
  • Improve platform performance and user experience

3.2 Data Training and Model Development

Current AI Training Practices:

  • We do not use your personal information or proprietary documents to train our foundational AI models
  • Document content analysis is performed on-demand without storing sensitive content in training datasets
  • We may use anonymized, aggregated usage patterns to improve AI model performance
  • All AI training complies with applicable privacy laws and our ethical AI principles

User Control Over AI Training:

  • You can opt out of having your usage patterns included in anonymized analytics
  • Document content remains under your control and is not used for training without explicit consent
  • We provide clear disclosures before any AI training that involves your data

3.3 AI Accuracy and Limitations

Important Disclaimers:

  • AI-generated insights and summaries may contain errors or inaccuracies
  • Our AI models may exhibit bias based on training data limitations
  • Human oversight is recommended for critical research decisions
  • AI outputs should not replace professional judgment in medical or scientific contexts

Bias Mitigation:

  • We regularly audit our AI models for potential bias
  • We use diverse training datasets where possible
  • We provide transparency about AI model limitations
  • We continuously improve our bias detection and mitigation processes

3.4 AI Security and Privacy

  • AI processing occurs in secure, encrypted environments
  • Document analysis is performed in real-time without persistent storage
  • AI models are designed with privacy-by-design principles
  • We implement access controls to protect AI processing infrastructure

We process your personal information based on the following legal grounds:

4.1 Contract Performance

  • Providing our platform services as outlined in our Terms of Use
  • Processing payments and managing subscriptions
  • Delivering customer support and technical assistance

4.2 Legitimate Interests

  • Improving and developing our platform and services
  • Protecting against fraud, abuse, and security threats
  • Conducting analytics to enhance user experience
  • Marketing our services to existing customers
  • Complying with applicable laws and regulations
  • Responding to lawful requests from authorities
  • Meeting industry-specific compliance requirements
  • Maintaining records for audit and legal purposes
  • Sending marketing communications to prospects
  • Using optional features that require explicit consent
  • Processing data for purposes beyond our core services
  • Sharing data with third parties for non-essential purposes

5. INFORMATION SHARING AND DISCLOSURE

5.1 Service Providers and Partners

We may share your information with trusted third parties who assist us in operating our platform:

Current Service Providers:

  • Cloud Infrastructure: Microsoft Azure, Google Cloud Platform
  • AI/ML Services: OpenAI, Microsoft Azure AI Services
  • Analytics: Google Analytics, internal analytics tools
  • Customer Support: Help desk and communication platforms
  • Payment Processing: Stripe, PayPal, and other payment providers
  • Security Services: Cybersecurity and monitoring providers

Partner Protections:

  • All service providers are bound by data processing agreements
  • We conduct regular security assessments of our partners
  • Partners are required to implement appropriate security measures
  • We limit data sharing to only what is necessary for service delivery

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will:

  • Provide advance notice of any ownership changes
  • Ensure the new owner commits to similar privacy protections
  • Give you the option to delete your account before the transfer
  • Maintain data protection standards throughout the transition

We may disclose your information when required by law or to:

  • Comply with legal processes (subpoenas, court orders, regulatory requests)
  • Protect safety of our users, employees, or the public
  • Prevent fraud or illegal activities
  • Enforce our Terms of Use and other agreements
  • Defend our legal rights in litigation or investigations

5.4 Anonymized and Aggregated Data

We may share anonymized, aggregated information that cannot identify you individually for:

  • Industry research and benchmarking
  • Product development and improvement
  • Marketing and business development
  • Academic research collaborations

6. DATA SECURITY

6.1 Technical Safeguards

Encryption:

  • Data in transit: TLS 1.3 encryption for all data transmission
  • Data at rest: AES-256 encryption for stored data
  • Database encryption: All personal data stored in encrypted databases
  • Backup encryption: All backups are encrypted and securely stored

Access Controls:

  • Multi-factor authentication for all employee accounts
  • Role-based access controls limiting data access to job requirements
  • Regular access reviews and prompt deactivation of unused accounts
  • Privileged access management for administrative functions

Infrastructure Security:

  • Network segmentation and firewall protection
  • Intrusion detection and prevention systems
  • Regular security monitoring and incident response
  • Vulnerability scanning and penetration testing

6.2 Organizational Safeguards

Employee Training:

  • Regular privacy and security training for all employees
  • Confidentiality agreements for all personnel with data access
  • Background checks for employees with sensitive data access
  • Incident response training and regular drills

Governance:

  • Data Protection Officer overseeing privacy compliance
  • Security committee reviewing policies and incidents
  • Regular compliance audits and risk assessments
  • Vendor management program for third-party security

6.3 Incident Response

In the event of a security incident:

  • We will investigate immediately and contain the incident
  • Affected users will be notified within 72 hours when required by law
  • We will cooperate with authorities and provide necessary information
  • Remediation steps will be implemented to prevent future incidents
  • We will provide regular updates on investigation progress

7. DATA RETENTION

7.1 Retention Principles

We retain personal information only as long as necessary for:

  • Service provision during your active use of our platform
  • Legal compliance with applicable laws and regulations
  • Legitimate business purposes such as fraud prevention
  • Dispute resolution and contract enforcement

7.2 Specific Retention Periods

Account Information:

  • Active accounts: Retained while account remains active
  • Inactive accounts: Deleted after 3 years of inactivity
  • Deleted accounts: Permanently deleted within 30 days of deletion request

Document Content:

  • Uploaded documents: Retained while account is active or until user deletion
  • Analysis results: Retained for 1 year or until user deletion
  • Temporary processing data: Deleted within 24 hours of processing

Communication Records:

  • Support communications: Retained for 3 years
  • Marketing communications: Retained until unsubscribe + 1 year
  • Legal communications: Retained as required by law

Financial Records:

  • Payment information: Retained for 7 years for tax and audit purposes
  • Transaction records: Retained for 10 years as required by law
  • Billing disputes: Retained until resolution + 3 years

7.3 Deletion Procedures

When retention periods expire or upon user request:

  • Data is permanently deleted from all systems and backups
  • Secure deletion methods are used to prevent data recovery
  • Deletion certificates are maintained for compliance purposes
  • Third-party processors are instructed to delete data

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Transfer Framework

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States and European Union. We ensure adequate protection through:

Transfer Mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with international service providers
  • Adequacy decisions where available (e.g., EU-UK, EU-Switzerland)
  • Binding Corporate Rules for intra-company transfers

8.2 Safeguards for International Transfers

Legal Protections:

  • All international transfers comply with applicable data protection laws
  • We maintain transfer impact assessments for high-risk jurisdictions
  • Supplementary measures are implemented where standard protections are insufficient
  • Regular compliance monitoring ensures ongoing protection

Technical Safeguards:

  • End-to-end encryption for all international data transfers
  • Data minimization to limit transferred information to what is necessary
  • Access logging and monitoring for all cross-border data access
  • Incident notification procedures for international processing

8.3 Data Localization Compliance

For users in jurisdictions with data localization requirements:

  • We maintain local data storage where required by law
  • Cross-border transfers are limited to what is legally permissible
  • We provide data residency information upon request
  • Local support is available for data protection inquiries

9. YOUR PRIVACY RIGHTS

9.1 Universal Rights

Regardless of your location, you have the following rights:

Access and Transparency:

  • Right to access personal information we hold about you
  • Right to information about how your data is processed
  • Right to data portability in a machine-readable format

Control and Correction:

  • Right to rectification of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") in certain circumstances
  • Right to restriction of processing in specific situations

Objection and Withdrawal:

  • Right to object to processing based on legitimate interests
  • Right to withdraw consent where processing is based on consent
  • Right to opt-out of direct marketing communications

9.2 Regional Rights

European Union/EEA (GDPR):

  • Enhanced consent requirements for sensitive data processing
  • Mandatory data protection impact assessments for high-risk processing
  • Right to lodge complaints with supervisory authorities
  • Specific rights regarding automated decision-making

California (CCPA/CPRA):

  • Right to know what personal information is collected and sold
  • Right to delete personal information (with exceptions)
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information

Canada (PIPEDA):

  • Right to access personal information with reasonable assistance
  • Right to challenge accuracy and have corrections made
  • Right to withdraw consent where feasible
  • Right to file complaints with the Privacy Commissioner

9.3 Exercising Your Rights

How to Make Requests:

  • Email: privacy@shrare.net
  • Online form: Available in your account settings
  • Phone: +41 79 903 7904
  • Mail: Our address listed in the Contact Information section

Request Processing:

  • We will verify your identity before processing requests
  • Most requests are completed within 30 days
  • Complex requests may take up to 90 days with notification
  • We will explain any denials and provide appeal options

No Cost for Reasonable Requests:

  • Initial requests are processed free of charge
  • Excessive or repetitive requests may incur reasonable fees
  • We will notify you of any fees before processing

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Types of Technologies We Use

Essential Cookies:

  • Authentication cookies to maintain your login session
  • Security cookies to protect against fraud and abuse
  • Load balancing cookies to ensure optimal performance
  • Preference cookies to remember your settings

Analytics Cookies:

  • Usage analytics to understand how our platform is used
  • Performance monitoring to identify and fix issues
  • A/B testing to improve user experience
  • Error tracking to enhance platform reliability

Marketing Cookies (with consent):

  • Campaign tracking to measure marketing effectiveness
  • Retargeting pixels for relevant advertising
  • Social media integration for content sharing
  • Lead generation tracking for business development

Your Cookie Choices:

  • Essential cookies cannot be disabled as they are necessary for service operation
  • Analytics cookies can be opted out through our cookie preferences
  • Marketing cookies require explicit consent and can be withdrawn anytime
  • Browser settings can be configured to block or delete cookies

Cookie Consent Management:

  • We use a cookie consent platform to manage your preferences
  • Granular controls allow you to choose specific cookie categories
  • Consent history is maintained for compliance purposes
  • Easy withdrawal options are available in your account settings

10.3 Third-Party Analytics

We use the following analytics services:

  • Google Analytics (with anonymized IP addresses)
  • Microsoft Clarity for user experience analysis
  • Internal analytics for platform-specific metrics

These services may collect information about your online activities across different websites. You can opt out of these services through their respective privacy controls.

11. CHILDREN'S PRIVACY

11.1 Age Restrictions

Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18, or under the applicable age of digital consent in your jurisdiction.

11.2 Parental Rights

If you believe we have collected information from a child under the applicable age:

  • Contact us immediately using the information in Section 14
  • We will investigate and delete the information if confirmed
  • Parental verification may be required for certain requests
  • We will implement additional safeguards to prevent future collection

11.3 Educational and Research Context

For users in educational or research institutions:

  • Institutional oversight is required for users under 18
  • Parental consent may be obtained through institutional programs
  • Limited data collection applies to all users under 18
  • Enhanced security measures protect younger users

12. THIRD-PARTY SERVICES

12.1 Integrated Services

Our platform may integrate with third-party services including:

  • Single Sign-On providers (Google, Microsoft, institutional SSO)
  • Cloud storage services (Google Drive, OneDrive, Dropbox)
  • Payment processors (Stripe, PayPal)
  • Communication tools (Slack, Microsoft Teams integrations)

12.2 Third-Party Privacy Policies

When you use integrated third-party services:

  • Separate privacy policies apply to those services
  • We do not control how third parties handle your information
  • Review third-party policies before using integrated services
  • Data sharing with third parties occurs only with your consent

Our platform may contain links to external websites:

  • We are not responsible for the privacy practices of external sites
  • Review privacy policies of any linked websites
  • Different privacy standards may apply to external sites
  • Exercise caution when sharing personal information on external sites

13. CHANGES TO THIS POLICY

13.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our services or business practices
  • New legal requirements or regulatory guidance
  • Enhanced privacy protections or user rights
  • Feedback from users and privacy advocates

13.2 Notification of Changes

When we make material changes:

  • Email notification to all registered users
  • Prominent notice on our website and platform
  • 30-day advance notice for significant changes
  • Clear explanation of what has changed and why

13.3 Continued Use

Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may:

  • Contact us with concerns or questions
  • Exercise your rights to access, delete, or modify your data
  • Discontinue use of our services
  • Request account deletion if you disagree with the changes

14. CONTACT INFORMATION

14.1 Data Protection Officer

Primary Contact: SHRARE Technology AG
Data Protection Officer
St. Alban-Anlage 70
4052 Basel, Switzerland

Email: privacy@shrare.net
Phone: +41 79 903 7904

14.2 Regional Representatives

European Union/EEA: iuro Rechtsanwälte GmbH t/a Prighter
Schellinggasse 3
Vienna, Vienna 1010
Austria
Email: support@prighter.com
Phone: +43 1 997 4124

United Kingdom: Prighter Ltd
[Address details available upon request]
England
Email: support@prighter.com
Phone: +43 1 997 4124

14.3 Additional Contact Methods

General Inquiries: info@shrare.net
Security Issues: security@shrare.net
Legal Matters: legal@shrare.net

Mailing Address:
SHRARE Technology AG
St. Alban-Anlage 70
4052 Basel, Switzerland

14.4 Response Times

  • Privacy requests: 30 days (may extend to 90 days for complex requests)
  • Security incidents: 24 hours for acknowledgment
  • General inquiries: 5 business days
  • Urgent matters: Same business day when possible

This Privacy Policy was last updated on January 15, 2025, and is effective immediately.

Company Information:
SHRARE Technology AG
St. Alban-Anlage 70
4052 Basel, Switzerland