Privacy Policy
How AEcelerate collects, uses, shares, and safeguards personal and health-related information.
1. Introduction
AEcelerate, Inc. ("AEcelerate," "we," "our," or "us") respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access our website ("Site") and any of our online and, where required, offline services (collectively, "Services").
From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.
2. Personal Data We Collect
We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data.
Personal Data You Provide
We may collect the following personal data that you voluntarily provide to us:
- Subscribe to Our Newsletter. If you subscribe to our newsletter, you will provide us with your email address.
- Customer Service. If you contact our customer service department, you may need to provide us with additional information so that we can respond to your questions or concerns as completely and thoroughly as possible.
- Business Information. We may collect personal data from business clients or vendors, including company name, physical address, phone number, email address, and payment information.
- Review and Feedback. When you provide us with a rating or feedback on our products and Services, you may provide us with your name, email address, phone number, and any other information you choose to provide to us.
Information as You Navigate Our Site
We automatically collect certain personal data through your use of the Site and Services, such as the following:
- Usage Information. For example, pages on the Site you access, the frequency of access, and what you click on while on the Site.
- Device Information. For example, hardware model, operating system, application version number, and browser.
- Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
- Location Information. Location information from Site visitors on a city-regional basis.
For more information on our cookie usage see our "Cookies" section below.
Personal Data We Collect About You from Other Sources
In some cases, we may receive personal data about you from other sources. This includes government entities, advertising networks, data brokers, operating systems and platforms, mailing list providers, social networks, and advertising and marketing partners.
3. How We Use Your Personal Data
In addition to the purposes stated above, we may use all the personal data we collect in accordance with applicable law such as to:
- Process and fulfill your requests;
- Contact you regarding our products and services that we feel may be of interest to you;
- Communicate with you about our Site or Services or to inform you of any changes to our Site or Services;
- Provide support;
- Maintain and improve our Site and Services;
- Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of use;
- Defend our legal rights and the rights of others;
- Fulfill any other purposes for which you provide it;
- For any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal data as disclosed to you; and
- Comply with applicable law.
5. Health Information and HIPAA Compliance
This section describes our practices with respect to clinical and health-related information, which are central to the AEcelerate Service.
- Website vs. Service. This Privacy Policy addresses the personal data of visitors to our marketing website and of authorized Service account holders that is not Protected Health Information ("PHI"). The AEcelerate Service — the platform accessed by authorized users at participating providers, sites, CROs, and sponsors — may process clinical and health-related information, including PHI, on behalf of covered entities.
- Business Associate Relationship. When AEcelerate creates, receives, maintains, or transmits PHI in connection with the Service, it does so as a Business Associate (or equivalent) under the Health Insurance Portability and Accountability Act ("HIPAA") and the applicable Business Associate Agreement ("BAA") executed with the covered entity. The use and disclosure of PHI accessed through the Service is governed by the executed BAA and HIPAA — not this public Privacy Policy.
- De-Identification Before External Processing. Where the Service's AI-assisted features are used, clinical text is de-identified through a multi-stage pipeline — including local masking rules, date tokenization, and Cloud Data Loss Prevention (DLP) — before being processed by those features. De-identification reduces, but does not eliminate, exposure of data to external processing. The Service is designed with a fail-closed posture: where de-identification is configured as required, data is not sent to external processing when de-identification cannot be verified.
- Data Minimization and De-identification. We apply data minimization and, where applicable, de-identification principles consistent with HIPAA's Safe Harbor and Expert Determination methods, as well as the data-integrity requirements of 21 CFR Part 11 and ICH E2B(R3).
- Regulatory Alignment. Our security and data-integrity controls are designed to align with HIPAA, 21 CFR Part 11, and ICH E2B(R3). Ultimate responsibility for overall regulatory compliance — including submission accuracy, safety reporting, and source-data verification — remains with the covered entity, sponsor, or CRO, as further described in our Terms of Use.
6. Sub-Processors and Third-Party Services
The Service relies on a number of third-party providers ("sub-processors") to deliver its functionality. The categories of sub-processors we may use include:
- Generative AI models — third-party AI services that support drafting, summarization, and evidence-linking features.
- Cloud Data Loss Prevention (DLP) — services that inspect and de-identify text as part of the de-identification pipeline.
- Electronic Health Record (EHR) integrations — such as Epic, accessed via SMART-on-FHIR, and operating under the covered entity's own agreement with the EHR vendor.
- Regulatory, pharmacological, and scientific data sources — including the FDA (openFDA, DailyMed), ClinicalTrials.gov, PubMed, Semantic Scholar, and OpenScholar.
- Infrastructure providers — including hosting, database, and caching services that support the Service's availability and performance.
The availability, security, and content of these third-party services are outside AEcelerate's control. Where PHI is involved, processing by these sub-processors is governed by the applicable BAA and HIPAA, as described above.
8. Security
We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. These measures include encryption of sensitive session data at rest, short-lived data-retention windows for transient processing, managed secret storage for credentials and keys, and strict access controls for operational staff.
However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.
9. Third-Party Links
The Site and Services may contain links that will let you leave the Site and Services and access another website. Linked websites are not under our control. We accept no responsibility or liability for these other websites.
10. Children's Privacy
The Site and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal data from children under 13.
11. Notice to Nevada Residents
Nevada law allows Nevada residents to opt-out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines "sale" to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to info@aecelerate.com.
12. Notice to California Residents
No third-party disclosure for direct marketing purposes. We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.
13. How to Contact Us
To contact us for questions or concerns about our privacy policies or practices, please contact us by email at info@aecelerate.com.
Last reviewed on July 12, 2026.