Prevantic Logo

Privacy Policy

Last Updated: February 13, 2025

1. Commitment to Privacy

Prevantic ("we", "our", or "us") provides an AI-native platform designed for the highly regulated life sciences sector. We recognize that our customers provide us with, or process through our platform, highly sensitive and proprietary data including clinical trial protocols, subject data, and regulatory strategy documents.

This policy describes our practices regarding the collection, use, and disclosure of information through our website and services, adhering to the highest standards of data protection and ethical AI.

2. AI Sovereignty & Data Residency

The core of the Prevantic value proposition is **Data Sovereignty**. Unlike consumer-grade AI services, Prevantic is engineered to operate within your secure environment:

  • Zero External Storage: Your clinical and regulatory data is processed in-memory or within your defined secure perimeters. We do not store your intellectual property on Prevantic-controlled infrastructure.
  • Model Isolation: We use isolated model instances. Your data is never used to train global base models or shared across customer boundaries.
  • Local Deployment Options: For organizations with the most stringent requirements, Prevantic supports fully air-gapped or VPC-contained deployments.

3. Compliance Framework

We design our platform to support your compliance with international regulations, including:

  • GDPR (EU/UK): We act as a Data Processor for your personal data, following strict Data Processing Agreements (DPA).
  • HIPAA (US): We support Business Associate Agreements (BAA) for processing Protected Health Information (PHI).
  • GxP: Our software development lifecycle (SDLC) follows GAMP 5 principles to ensure the integrity of data used in regulatory submissions.

4. Personal Information We Collect

We collect minimal personal data, primarily for account management and security:

  • Account Data: Name, work email, job title, and company.
  • Usage Metrics: Metadata related to platform performance and security logs (e.g., login attempts, API latency). We do not log the content of the data you process.
  • Communication Data: Information provided when contacting support or requesting a demo.

5. Data Retention & Deletion

We retain personal account information only as long as necessary to provide our services or as required by law. As we do not store your processed documents by default, the management of document lifecycle remains entirely under your control within your infrastructure.

6. Your Rights

Depending on your location, you may have the right to access, correct, or delete your personal data. You may also object to processing or request data portability.

To exercise these rights, please contact our Data Protection Officer at compliance@prevantic.com.

7. Changes to this Policy

We may update this policy periodically to reflect changes in our technology or legal requirements. We will notify customers of material changes via email or platform notifications.