Privacy Policy

How AEcelerate collects, uses, shares, and safeguards personal and health-related information.

Version1.0EffectiveJuly 12, 2026

1. Introduction

AEcelerate, Inc. ("AEcelerate," "we," "our," or "us") respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access our website ("Site") and any of our online and, where required, offline services (collectively, "Services").

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

2. Personal Data We Collect

We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data.

Personal Data You Provide

We may collect the following personal data that you voluntarily provide to us:

  • Subscribe to Our Newsletter. If you subscribe to our newsletter, you will provide us with your email address.
  • Customer Service. If you contact our customer service department, you may need to provide us with additional information so that we can respond to your questions or concerns as completely and thoroughly as possible.
  • Business Information. We may collect personal data from business clients or vendors, including company name, physical address, phone number, email address, and payment information.
  • Review and Feedback. When you provide us with a rating or feedback on our products and Services, you may provide us with your name, email address, phone number, and any other information you choose to provide to us.

Information as You Navigate Our Site

We automatically collect certain personal data through your use of the Site and Services, such as the following:

  • Usage Information. For example, pages on the Site you access, the frequency of access, and what you click on while on the Site.
  • Device Information. For example, hardware model, operating system, application version number, and browser.
  • Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
  • Location Information. Location information from Site visitors on a city-regional basis.

For more information on our cookie usage see our "Cookies" section below.

Personal Data We Collect About You from Other Sources

In some cases, we may receive personal data about you from other sources. This includes government entities, advertising networks, data brokers, operating systems and platforms, mailing list providers, social networks, and advertising and marketing partners.

3. How We Use Your Personal Data

In addition to the purposes stated above, we may use all the personal data we collect in accordance with applicable law such as to:

  • Process and fulfill your requests;
  • Contact you regarding our products and services that we feel may be of interest to you;
  • Communicate with you about our Site or Services or to inform you of any changes to our Site or Services;
  • Provide support;
  • Maintain and improve our Site and Services;
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of use;
  • Defend our legal rights and the rights of others;
  • Fulfill any other purposes for which you provide it;
  • For any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal data as disclosed to you; and
  • Comply with applicable law.

4. How We Share Your Personal Data

We may share the personal data that we collect about you in the following ways:

  • With service providers who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our or a third party's legal rights, including providing information to others for the purposes of fraud prevention;
  • With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal data;
  • With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;
  • With any other person or entity where you consent to the disclosure;
  • For any other purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary, including to protect the health or safety of others.

5. Health Information and HIPAA Compliance

This section describes our practices with respect to clinical and health-related information, which are central to the AEcelerate Service.

  • Website vs. Service. This Privacy Policy addresses the personal data of visitors to our marketing website and of authorized Service account holders that is not Protected Health Information ("PHI"). The AEcelerate Service — the platform accessed by authorized users at participating providers, sites, CROs, and sponsors — may process clinical and health-related information, including PHI, on behalf of covered entities.
  • Business Associate Relationship. When AEcelerate creates, receives, maintains, or transmits PHI in connection with the Service, it does so as a Business Associate (or equivalent) under the Health Insurance Portability and Accountability Act ("HIPAA") and the applicable Business Associate Agreement ("BAA") executed with the covered entity. The use and disclosure of PHI accessed through the Service is governed by the executed BAA and HIPAA — not this public Privacy Policy.
  • De-Identification Before External Processing. Where the Service's AI-assisted features are used, clinical text is de-identified through a multi-stage pipeline — including local masking rules, date tokenization, and Cloud Data Loss Prevention (DLP) — before being processed by those features. De-identification reduces, but does not eliminate, exposure of data to external processing. The Service is designed with a fail-closed posture: where de-identification is configured as required, data is not sent to external processing when de-identification cannot be verified.
  • Data Minimization and De-identification. We apply data minimization and, where applicable, de-identification principles consistent with HIPAA's Safe Harbor and Expert Determination methods, as well as the data-integrity requirements of 21 CFR Part 11 and ICH E2B(R3).
  • Regulatory Alignment. Our security and data-integrity controls are designed to align with HIPAA, 21 CFR Part 11, and ICH E2B(R3). Ultimate responsibility for overall regulatory compliance — including submission accuracy, safety reporting, and source-data verification — remains with the covered entity, sponsor, or CRO, as further described in our Terms of Use.

6. Sub-Processors and Third-Party Services

The Service relies on a number of third-party providers ("sub-processors") to deliver its functionality. The categories of sub-processors we may use include:

  • Generative AI models — third-party AI services that support drafting, summarization, and evidence-linking features.
  • Cloud Data Loss Prevention (DLP) — services that inspect and de-identify text as part of the de-identification pipeline.
  • Electronic Health Record (EHR) integrations — such as Epic, accessed via SMART-on-FHIR, and operating under the covered entity's own agreement with the EHR vendor.
  • Regulatory, pharmacological, and scientific data sources — including the FDA (openFDA, DailyMed), ClinicalTrials.gov, PubMed, Semantic Scholar, and OpenScholar.
  • Infrastructure providers — including hosting, database, and caching services that support the Service's availability and performance.

The availability, security, and content of these third-party services are outside AEcelerate's control. Where PHI is involved, processing by these sub-processors is governed by the applicable BAA and HIPAA, as described above.

7. Cookies

The Site may use cookies and similar technologies (such as pixels and web beacons) to operate properly, remember your preferences, and understand how the Site is used. Cookies are small files stored on your device by your web browser.

You can control or disable cookies through your browser settings. Note that blocking all cookies, including essential ones, may prevent you from accessing parts of the Site. For more information on managing cookies, you can visit www.AboutCookies.org or www.allaboutcookies.org.

The Site does not currently deploy third-party advertising trackers.

Some browsers offer a "Do Not Track" feature. Because there is no uniform standard for how browsers communicate this signal, the Site does not currently interpret or respond to "Do Not Track" signals.

8. Security

We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. These measures include encryption of sensitive session data at rest, short-lived data-retention windows for transient processing, managed secret storage for credentials and keys, and strict access controls for operational staff.

However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

10. Children's Privacy

The Site and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal data from children under 13.

11. Notice to Nevada Residents

Nevada law allows Nevada residents to opt-out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines "sale" to mean the exchange of certain types of personal information for monetary consideration to another person. We do not currently sell personal information as defined in Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to info@aecelerate.com.

12. Notice to California Residents

No third-party disclosure for direct marketing purposes. We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

13. How to Contact Us

To contact us for questions or concerns about our privacy policies or practices, please contact us by email at info@aecelerate.com.

Last reviewed on July 12, 2026.