Legal

Privacy Policy & Terms of Use

Effective Date: April 2026  •  Last Updated: April 2026

This Privacy Policy explains how GenPhase.ai (“GenPhase,” “we,” “our,” or “us”) collects, uses, stores, shares, and protects personal information when you visit our website, engage with our services, use our platforms, or otherwise interact with us.

GenPhase provides AI-native clinical imaging services, software-enabled workflow solutions, and related AI and technology services for regulated and enterprise environments, including life sciences and healthcare use cases. This includes our clinical imaging execution services and the ONIX AI™ platform.

By using our website or services, you acknowledge the practices described in this Privacy Policy.

1. Scope

This Privacy Policy applies to:

  • visitors to our website;
  • prospective and current customers, partners, and vendors;
  • users of our software platforms and related services;
  • individuals whose information is included in data submitted to us in connection with clinical imaging, healthcare, life sciences, or enterprise AI engagements, where applicable.

This Privacy Policy does not replace contractual commitments, data processing agreements, business associate agreements, clinical trial agreements, or other compliance documentation that may apply to a specific customer relationship.

2. Information We Collect

Depending on the nature of your interaction with us, we may collect the following categories of information:

a. Contact and Business Information

Such as your name, work email address, phone number, company name, job title, and communication preferences.

b. Website and Device Information

Such as IP address, browser type, device identifiers, operating system, referral URLs, pages viewed, and usage activity on our website.

c. Service and Platform Data

Information submitted through our services or platforms, which may include operational, workflow, project, customer, or regulated clinical research data.

d. Clinical, Imaging, or Health-Related Data

Where GenPhase provides clinical imaging or healthcare-related services, we may process imaging studies, metadata, case information, protocol-related information, quality control data, audit logs, and related health or research information submitted by customers or authorized partners. GenPhase’s website describes these services as clinician-led imaging execution with audit-ready workflows and human-in-the-loop governance.

e. AI / Model Interaction Data

Where applicable, we may collect prompts, outputs, usage logs, feedback, model performance signals, and workflow telemetry to operate, secure, monitor, and improve our AI-enabled systems.

3. How We Receive Information

We may receive information:

  • directly from you when you contact us, request a demo, fill out a form, or engage with us;
  • from customers, CROs, sponsors, biopharma companies, healthcare providers, research sites, or other authorized partners;
  • from integrations, platforms, or service providers used in connection with our services;
  • automatically through website analytics, cookies, and similar technologies.

4. How We Use Information

We use information for legitimate business and lawful purposes, including to:

  • provide and support our services and platforms;
  • deliver clinical imaging execution, quality control, adjudication, workflow orchestration, and audit trail functionality;
  • manage customer relationships, demos, onboarding, and support;
  • communicate with you regarding inquiries, services, updates, and opportunities;
  • improve platform performance, workflow efficiency, quality assurance, and user experience;
  • maintain security, detect fraud, investigate incidents, and enforce our terms;
  • comply with legal, regulatory, contractual, and industry obligations;
  • develop, test, improve, and validate our AI, analytics, and software systems, subject to applicable law and contractual commitments.

5. AI and Machine Learning

GenPhase develops and deploys AI-enabled systems in life sciences, healthcare, and enterprise settings. Our website also describes “privacy-first AI systems,” “explainable” AI, and human-in-the-loop governance.

Where permitted by law, contract, and applicable customer instructions, we may use data to:

  • operate AI-assisted workflows;
  • evaluate model quality, safety, and performance;
  • improve workflow automation, quality checks, and decision support;
  • develop or enhance internal tools and platform capabilities.

Where regulated, sensitive, or health-related data is involved:

  • we apply access controls and role-based restrictions;
  • we seek to minimize unnecessary personal identifiers;
  • we use de-identification, anonymization, or aggregation where appropriate;
  • we do not use customer data for model training in ways inconsistent with our contractual obligations or applicable law.

6. Protected Health Information and Sensitive Data

Where GenPhase processes health-related, clinical, or imaging data, we handle such data with heightened safeguards appropriate to the regulatory and contractual context.

These safeguards may include:

  • least-privilege access controls;
  • encryption in transit and at rest;
  • audit logging and monitoring;
  • controlled workflows for authorized clinicians, reviewers, or operations staff;
  • contractual restrictions with subprocessors and service providers;
  • retention controls and secure deletion practices where applicable.

7. Cookies and Analytics

We may use cookies, pixels, session technologies, and similar tools to:

  • operate the website;
  • remember preferences;
  • analyze traffic and engagement;
  • improve performance and content;
  • support marketing and campaign measurement.

8. How We Share Information

We may share information with:

  • affiliates and group companies;
  • service providers, subprocessors, cloud providers, analytics providers, and security vendors;
  • professional advisors such as auditors, insurers, and legal counsel;
  • customers, partners, or authorized counterparties where required to provide services;
  • regulators, courts, law enforcement, or public authorities where required by law or legal process;
  • a successor entity in connection with a merger, acquisition, financing, reorganization, or sale of assets.

We do not sell personal information in the ordinary consumer-data-broker sense.

9. International Data Transfers

GenPhase may process information in jurisdictions where we or our service providers operate. Where cross-border transfers occur, we implement appropriate legal, technical, and organizational measures as required under applicable law.

10. Data Retention

We retain personal information for as long as reasonably necessary to:

  • provide services;
  • fulfill contractual obligations;
  • maintain required audit trails and business records;
  • resolve disputes;
  • comply with legal, regulatory, tax, accounting, and compliance requirements.

Retention periods may vary depending on the type of information, the service context, and applicable law.

11. Security

We maintain administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.

These safeguards may include:

  • encryption;
  • access control and authentication measures;
  • logging and monitoring;
  • secure software development and testing practices;
  • incident response procedures;
  • vendor risk management.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Compliance and Regulatory Positioning

Depending on the engagement, GenPhase may support customers operating in regulated environments, including clinical research, life sciences, healthcare, and privacy-regulated industries. The website references 21 CFR Part 11-aligned auditability, human-in-the-loop governance, and GDPR/CCPA-oriented responsible AI capabilities.

13. Data Breach and Incident Response

If we become aware of a confirmed security incident affecting personal information, we will investigate, contain, remediate, and provide notifications as required by applicable law, regulation, or contract.

14. Your Rights

Depending on your location and applicable law, you may have rights to:

  • access certain personal information;
  • request correction of inaccurate information;
  • request deletion of certain information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • request portability where applicable;
  • lodge a complaint with a supervisory authority.

To exercise these rights, contact us using the details below.

15. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies separately.

16. Children’s Privacy

Our website and services are not directed to children, and we do not knowingly collect personal information directly from children through the public website unless permitted and appropriately managed under applicable law and contractual context.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date.

18. Contact Us

For privacy, data protection, or security-related questions, please contact: