Privacy Policy

Updated: April 3, 2025

Introduction and Overview

This Privacy Policy explains how Delfa, Inc. and its affiliates (collectively "Delfa," "we," "us," or "our") collect, use, protect, and disclose personal data through our website at https://delfa.ai/ and any affiliated websites (collectively the "Websites"), as well as through any related services provided by Delfa (together with the Websites, the "Services"). In this Privacy Policy, "you" and "your" refer to you and any entity on whose behalf you act.

At Delfa, protecting your personal data is a priority. We handle your personal data in accordance with this Privacy Policy and applicable law. By using our Services, you consent to the collection and use of your personal data as described in this Privacy Policy. Your personal data will not be used for purposes beyond those outlined in this Privacy Policy without your consent.

Our Business and Purpose

Delfa provides software solutions for clinical research organizations. Users of our Services include sponsors, clinical research sites, and other individuals who visit our Websites or interact with us.

Our Commitment to Your Privacy

Delfa does not sell or share your personal data (as those terms are defined under applicable data privacy and security rules and regulations ("Data Protection Laws")) with third parties or non-affiliated companies, except as necessary to provide services you have requested, when we have your permission to disclose such personal data, or when we provide personal data to companies or consultants working on our behalf under confidentiality agreements. These service providers and consultants have no independent right to disclose your personal data.

Types of Personal Data We Collect

This section describes the categories of personal data we collect and receive while you use our Services or otherwise interact with Delfa, including both information you voluntarily provide to us and information we collect automatically when you use our Websites.

For the purposes of this Privacy Policy, "personal data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, including but not limited to name, address, telephone number, email address, location information, date of birth, and gender; as well as browsing data and Log Data (defined below), such as cookies or IP addresses. Personal data is broadly defined to include any information that can relate to an individual; some regulations may use the term "Personal Information." For clarity, references to personal data in this Privacy Policy include Personal Information.

"Sensitive personal data" is a subset of personal data that includes social security numbers, financial account information, and protected health information, among other categories. Delfa does not collect sensitive personal data through the Websites, though it may be collected through our Services.

Information You Provide to Us

Personal data you provide: If you choose to share personal data with Delfa, it may include your contact information.

How we use this personal data: We use your personal data to evaluate clinical trial eligibility, meet regulatory requirements, conduct internal auditing, reporting, and quality assurance, and for any other purpose described on the page where you provided your personal data. We do not share your personal data with any third parties except our service providers.

Information Collected Automatically

Log Data: Like many website operators, we collect information that your browser sends whenever you visit our Websites ("Log Data"). This Log Data may include personal data such as your computer's Internet Protocol ("IP") address, browser type and version, pages visited on our Websites, the time and date of your visit, time spent on those pages, and other statistical information about your website usage.

How we use Log Data: We use automatically collected data to troubleshoot our Websites and improve our services. This data is not used for marketing purposes.

Cookies and tracking technologies: We also gather information about your use of our Websites through tracking technologies such as cookies. A "cookie" is a small text file transferred to your device to track your interests and preferences and to recognize you as a return visitor. Cookies constitute personal data under Data Protection Laws. You may opt out of certain cookies as described below.

Cookies are not connected to other personal data; they are used in aggregate form with other users' data to generate statistical reports on website navigation and usage.

We engage third parties to perform site analytics. If you prefer not to have your data used for analytics, you can install the relevant opt-out browser extension.

To learn more about cookies and other tracking technologies, including how to disable them, please visit https://www.allaboutcookies.org/. Please note that some cookies are essential for our websites to function properly, and disabling them will reduce website functionality.

How we use data from cookies and similar technologies: We use this information to monitor website functionality and identify unique visitors. We do not sell or share this personal data. We also use these technologies to enhance our services and measure the effectiveness of our communications. We do not use cookies or similar technologies for targeted advertising or marketing.

How We Disclose Your Personal Data

Delfa limits the disclosure of your personal data. We disclose personal data only to service providers with whom we have agreements for specific services. A service provider may only use your personal data according to our instructions. However, there are circumstances in which Delfa may be legally required to disclose your personal data, including:

Legal obligations: We may need to disclose your personal data in response to legal process, such as a court order or subpoena. We may also disclose your personal data in response to a law enforcement request, or where we believe disclosure is necessary to investigate, prevent, or address illegal activities, suspected fraud, situations involving potential threats to physical safety, to verify compliance with our Privacy Policy, or as otherwise required by law.

Business transactions: We may transfer your personal data to an entity that acquires, buys, or merges with Delfa or our other business units. In such cases, your personal data would remain subject to the commitments in this Privacy Policy until the acquiring party updates or amends the Policy with notice to you.

Delfa requires all third-party subprocessors to meet our privacy and security standards by entering into written agreements to safeguard the confidentiality, security, and integrity of personal data. We take precautions to ensure that any transfer of personal data is governed by terms consistent with this Privacy Policy.

Delfa may share personal data with third parties for purposes of providing the Services, such as facilitating communications with our Customers, monitoring application security, and provisioning services.

Delfa uses third parties to communicate marketing and promotional content. Additionally, we may disclose personal data as necessary to comply with the law, including in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements.

Deidentified and Aggregated Information

In addition to the uses of personal data described above, we may remove identifiable elements from your personal data to create deidentified information ("Deidentified Information"). Deidentified Information may be combined with other data in aggregated forms for product improvement purposes. For example, data used for analytics to monitor service usage or improve website functionality is aggregated, meaning we cannot identify you or any other individual from it.

Data Storage, Accuracy, and Retention

Delfa stores your personal data in a secure database in accordance with industry standards and Data Protection Laws. We strive to maintain accurate and complete records. You can help us maintain data accuracy by notifying us of any changes to your personal data. We retain your personal data only for as long as necessary to provide our services.

Opt-Out Rights

If you wish to opt out of receiving further communications from Delfa, you may do so at any time by contacting us. We will retain minimal personal data to prevent further contact with you.

Security Measures

The security of your personal data is our priority. Delfa implements reasonable and appropriate administrative, physical, and technical safeguards, as required by Data Protection Laws, to secure our Websites and prevent unauthorized access to your personal data.

Third-Party Websites

Delfa Websites may contain links to external websites. Linked websites are not under Delfa's control, and this Privacy Policy does not apply to them. We recommend reviewing the privacy policy of each linked website. Delfa is not responsible for disclosures to third parties to whom you directly provide your personal data. This Privacy Policy applies solely to personal data collected by Delfa in relation to our Services.

Children Under 18

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If you are under 18, do not provide any personal data on our Websites. If we learn we have collected personal data from a child under 18, we will promptly delete it. For concerns regarding a child's personal data, please contact us.

California Consumer Privacy Act (CCPA) Notice

We do not sell or share your personal data as defined under Data Protection Laws. We use personal data collected online or otherwise for the following CCPA "Business Purposes":

  • Auditing related to current consumer interactions and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use, provided the personal data is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer's experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
  • Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.

We do not sell or share personal data or use it for marketing or any other purpose including CCPA "Commercial Purposes." For questions or requests related to your rights, contact us at admin@delfa.ai.

Notice to Residents of Other States with "Do Not Sell" or "Do Not Share" Laws

If you reside in a state other than California with Data Protection Laws that provide rights to opt out of the sale or sharing of personal data or to limit the use and disclosure of sensitive personal data (such as Virginia, Connecticut, Colorado, or Utah), please note that, except as outlined in this Policy, we do not sell or share your personal data.

Individual Rights to Personal Data

If you reside in a state with Data Protection Laws, you may be entitled to certain rights.

To exercise your privacy rights, you may contact us directly. We may request additional personal data to verify your identity in our systems to process your request. We will only use personal data provided in a request to review and comply with that request. If you choose not to provide this information, we may only be able to process your request to the extent we can identify you in our data systems.

The Right to Knowledge / Specific Information

You have the right to request the following information about personal data we may have collected and disclosed during the last 12 months:

  • The categories of personal data we have collected about you;
  • The sources of the personal data;
  • The purposes for collecting the personal data;
  • The categories of third parties with whom we share the personal data; and
  • If we sold or disclosed your personal data for a business purpose, two separate lists disclosing:
    • the categories of personal data disclosed for a business purpose and the categories of recipients; and
    • the categories of personal data sold to third parties and the categories of recipients (Note: Delfa does not sell personal data).

The Right to Access / Data Portability

You have the right to access and obtain a copy of the specific pieces of personal data we have collected about you in the last 12 months, upon verification of your identity.

The Right to Correction

You have the right to request that Delfa correct any inaccurate personal data we have collected and maintain about you.

The Right to Deletion

You have the right to request that Delfa delete the personal data we collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies.

To Submit a Request to Exercise Your Rights

To exercise a right you believe you may be entitled to under applicable law, contact us directly at admin@delfa.ai.

We will verify your identity before processing your request, which may require us to obtain additional personal data from you. We will only use personal data provided in a request to review and comply with that request. In certain circumstances, we may decline a request to exercise the rights described above.

Response Timing and Format

We will respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time, we will inform you in writing.

We will deliver our written response by mail or electronically, according to your preference. Any disclosures provided will only cover the 12-month period preceding receipt of your verifiable request. If we cannot comply with all or part of your request, we will explain why.

We reserve the right to charge a reasonable fee to process or respond to your request if we determine it is excessive, repetitive, or manifestly unfounded. If we determine a fee is warranted, we will explain our decision and provide a cost estimate before completing your request.

The Right to Opt-Out of Sale or Sharing of Personal Data

You have the right to direct Delfa not to sell or share personal data we have collected about you. You also have the right to limit the use and disclosure of sensitive personal data we have collected about you.

For clarity, Delfa does not sell or share your personal data or sensitive personal data.

GDPR Rights

If you are within the European Union, you are entitled to certain information and have certain rights under the General Data Protection Regulation. Those rights include:

  • Right to access – You have the right to request copies of your personal data.
  • Right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • Right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • Right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • Right to data portability - You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

HIPAA Compliance

HIPAA (Health Insurance Portability and Accountability Act) typically applies to health data held by healthcare providers or insurers. HIPAA does not apply to personal data voluntarily provided by individuals interested in clinical study participation for the purpose of determining clinical trial eligibility. Delfa is not a "Covered Entity" or a "Business Associate" under HIPAA.

Changes to this Policy

We reserve the right to update or modify this Privacy Policy at any time by posting a revised version online, as indicated by the Effective Date at the beginning of the document. You should periodically review this page for any changes. Your continued use of our Services after we post modifications constitutes your acknowledgment of receiving notice of the modifications and your consent to abide by the modified Privacy Policy.

Contact Information

For questions, concerns, or complaints about your privacy rights under this Privacy Policy, please contact us at: admin@delfa.ai

We are committed to addressing complaints about your privacy and our collection or use of your personal data promptly. If you submit a reasonable complaint or inquiry concerning your personal data, we will investigate thoroughly and respond within 45 days. If justified, we will implement appropriate remediation measures.

© 2025 Delfa, Inc. All rights reserved.

← Back to Home