Privacy Policy

1.1 Scope and Roles

This Policy explains how Clinovo (“Clinovo”, “we”, “us”, “our”) collects, uses, discloses, and protects personal information in connection with our websites, products, services, and marketing activities.
For most website visitors, prospects, and marketing contacts, Clinovo acts as an independent “controller” (under GDPR/UK GDPR) and “business” (under CCPA/CPRA). For certain clinical trial and related services, Clinovo may act as a “processor” or “service provider” on behalf of sponsors or customers, in which case our processing is governed by separate contracts and data processing agreements.

1.2 Information We Collect
Personal Information
We may collect personal information that you voluntarily provide, including:

Name, email address, phone number, and contact details
Account credentials and authentication data
Professional information (title, company, industry, job function)
Health-related and clinical trial data, where permitted by law and typically under the instructions of sponsors or with your explicit consent
Payment and billing information
Information submitted via marketing forms, webinar registrations, event registrations, and gated content downloads

Automatically Collected Information
When you access our services, we automatically collect certain information, including:

Device information (IP address, browser type, operating system)
Usage data (pages visited, features used, time spent)
Cookies and similar technologies (see Cookie Policy below)
Log files and technical data
Tracking data from marketing campaigns and advertising channels
Email engagement data (opens, clicks, unsubscribes)
Webinar and event attendance data

1.3 Legal Bases for Processing (EEA/UK only)
Where the GDPR/UK GDPR applies, we rely on one or more of the following legal bases:

Contract: To provide, maintain, and support the services you request.
Legal obligation: To comply with legal, regulatory, and recordkeeping requirements.
Legitimate interests: To secure our services, perform basic analytics, manage B2B relationships, and conduct limited direct marketing, provided these interests are not overridden by your rights and freedoms.
Consent: For certain email marketing, use of non-essential cookies and similar technologies, AI-based profiling for marketing, and processing of special-category data (such as health-related data) where required by law.

Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

1.4 How We Use Your Information
We use personal information for purposes including:

Providing, maintaining, and improving our services
Processing transactions and managing your account
Communicating with you about services, updates, and support
Complying with legal and regulatory obligations
Analyzing usage patterns and improving user experience
Detecting, preventing, and addressing security incidents or fraud
Personalizing content, recommendations, and user experiences
Conducting marketing and lead generation campaigns (including via Zoho Marketing Suite and related Zoho applications)
Sending marketing communications, newsletters, and webinar invitations based on your preferences and applicable law
Measuring and optimizing marketing effectiveness and campaign performance
Managing automated email nurture sequences and audience segments for targeted outreach
Coordinating sales enablement activities and managing customer and prospect relationships through our CRM platforms, including Bullhorn ATS/CRM

For individuals in the EEA/UK, we rely on consent for certain email marketing, analytics, and profiling based on non-essential cookies, and on legitimate interests for some B2B marketing, subject to your right to object.

1.5 Data Sharing and Disclosure
We may share information in the following circumstances:

Service Providers and Processors: With third-party vendors that perform services on our behalf, such as cloud hosting, payment processing, analytics, email delivery, webinar hosting, event management, customer relationship management (including Bullhorn ATS/CRM), and marketing automation platforms (including Zoho Marketing Suite products). These providers are bound by contractual obligations to protect personal information and use it only as instructed.
Customer Relationship Management (CRM) and Sales Enablement Platforms: We use CRM and sales enablement tools, such as Bullhorn ATS/CRM, to manage leads, contacts, opportunities, pipelines, and client and prospect records, and to coordinate sales and account-based marketing activities. When using Bullhorn and similar platforms, these providers act as our data processors/service providers and process personal information only on our instructions and for our business purposes, subject to appropriate data processing agreements and security controls.
Marketing and Advertising Partners: With advertising networks, social media platforms, and demand generation partners to deliver targeted ads, create audience segments, and measure campaign performance. This may include contact details, professional information, engagement, and behavioral data. In some cases, this may be considered a “sale” or “sharing” of personal information for cross-context behavioral advertising under CCPA/CPRA, and California residents may opt out.
Sales Team Coordination: With internal sales teams and systems to enable lead management, account-based marketing, and sales outreach.
Legal Compliance: When required by applicable law, regulation, legal process, or governmental request.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets.
With Your Consent: Where you provide explicit consent to share information with third parties.
Protection of Rights: When necessary to protect our rights, property, safety, or that of our users or the public.

We do not sell personal information to third parties for their independent marketing purposes. Where our use of advertising technologies constitutes a “sale” or “sharing” under CCPA/CPRA, you may exercise your right to opt out as described below.

1.6 Data Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including:

Encryption of data in transit and at rest
Access controls and authentication mechanisms
Regular security audits, testing, and vulnerability management
Employee training on data protection and security practices
Vendor due diligence and data processing agreements
Compliance with applicable regulations, including HIPAA (where applicable), GDPR/UK GDPR, and CCPA/CPRA

No security measures are perfect, and we cannot guarantee absolute security, but we continuously work to improve our security posture.

1.7 Data Retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce agreements.
In general:

Clinical trial data may be retained for extended periods as required by regulatory authorities and sponsor agreements.
Marketing and lead data (including data processed in Zoho Marketing Suite and Bullhorn ATS/CRM) are retained while you maintain an active relationship with us or until you opt out or request deletion, plus a limited period to demonstrate compliance.
Website analytics and technical logs may be retained for shorter, defined periods consistent with our retention schedules.

We review retention periods periodically and delete or anonymize data that is no longer needed.

1.8 Your Rights and Choices
Your rights depend on your location and applicable law. Subject to conditions and exceptions, you may have some or all of the following rights:

Access: Request access to personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information.
Restriction: Request restriction of our processing in certain circumstances.
Portability: Request a copy of certain information in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests, including direct marketing.
Withdraw Consent: Withdraw consent where processing is based on consent.
California-Specific Rights: For California residents, the right to know, access, correct, delete, opt out of sale or sharing of personal information, limit use of sensitive personal information, and be free from discrimination for exercising these rights.

To exercise these rights, contact us at privacy@clinovo.com or via the contact details below. You may also manage email preferences or unsubscribe at any time through the links provided in our communications and via our Zoho-powered preference and consent management tools. Where your information is stored in systems such as Bullhorn ATS/CRM, we use the data privacy and consent management features available in those systems to help locate, update, restrict, or delete your information when you exercise your rights, subject to applicable law and our contractual obligations.

Where required by law, we will respond within the applicable time frame.

1.9 International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including where our service providers, Zoho data centers, and Bullhorn platforms are located. When transferring personal information from the EEA/UK or other jurisdictions with data-transfer restrictions, we implement appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses, and supplementary measures as required by law. For providers such as Bullhorn, we rely on their implemented safeguards and our contractual controls to protect personal information during such transfers.

1.10 Children’s Privacy
Our services are intended for adults and are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate steps.

2. Marketing & Lead Generation Policy

Clinovo uses multi-channel marketing, supported by Zoho Marketing Suite, Bullhorn ATS/CRM, and related services, to generate leads and communicate with prospective and existing clients in a compliant, consent-based manner.

2.1 Marketing Channels and Lead Collection
We collect and manage leads through channels such as:

Professional networking platforms
Search engine and display advertising
Webinars and virtual events
Gated content (whitepapers, case studies, guides, frameworks)
Email communications and newsletters
Industry conferences and events
Website traffic and organic search

Forms and subscription points are integrated with Zoho Marketing Suite and related tools and are configured to collect explicit consent where required and to record opt-in status, preferences, and proof of consent. Data from these activities may be synced into Bullhorn ATS/CRM to create or update prospect and client records and support coordinated sales follow-up.

2.2 Marketing Automation and Email Nurturing
Using Zoho Marketing Suite, Zoho Campaigns, Zoho Marketing Automation, and integrated workflows with Bullhorn ATS/CRM, we may:

Send personalized, behavior-based email sequences and nurture campaigns
Track email engagement metrics (opens, clicks, unsubscribes)
Segment audiences based on professional details, behavior, and expressed interests
Automate lead scoring and qualification
Deliver timely content recommendations and event invitations
Manage subscription preferences and opt-outs via Zoho-hosted preference centers
Share relevant engagement and segmentation information with Bullhorn ATS/CRM to help sales teams prioritize outreach and manage pipelines

Email addresses and related profile data are stored in Zoho systems and may also be reflected in Bullhorn ATS/CRM, and are used for ongoing communications consistent with your preferences and applicable law. In the EEA/UK, we send marketing emails only where we have a valid legal basis (such as consent or the “soft opt-in”), and every communication includes an easy way to unsubscribe.

2.3 Lead and Opportunity Management with Bullhorn
We use Bullhorn ATS/CRM as a system of record for many sales and relationship-management activities, including:

Centralizing and updating prospect and client information
Tracking interactions and communication history across channels
Managing opportunities, pipelines, and sales activities
Coordinating account-based marketing and sales enablement based on marketing engagement signals from tools such as Zoho Marketing Suite

Bullhorn’s configurable data privacy features and compliance tools are used to help us respect consent choices, retention limits, and other legal requirements when handling your information.

2.4 Paid Advertising and Audience Targeting
We may use advertising tools, including those integrated with Zoho and other platforms, to:

Run targeted campaigns on professional networking sites and search engines
Conduct account-based marketing focused on specific organizations or roles
Re-engage website visitors through remarketing
Create audiences and lookalike audiences based on existing customer or prospect segments

Where required by law, we rely on consent for the use of cookies and similar technologies for advertising and profiling. California residents may opt out of sale or sharing of personal information for cross-context behavioral advertising via the mechanisms described below.

2.5 Third-Party Marketing Partners and Service Providers
We work with Zoho, Bullhorn, and other marketing service providers for email delivery, automation, CRM, analytics, advertising, and event management. All such providers are subject to contractual confidentiality and data protection obligations and, where applicable, act as “processors”, “service providers”, or “contractors” under GDPR/CCPA/CPRA. Bullhorn provides GDPR- and CCPA-focused privacy and compliance capabilities, which we configure to align with our legal obligations and this Policy.

2.6 Opt-Out, Preferences, and “Do Not Sell or Share”
You may opt out of marketing communications or update your preferences at any time by:

Clicking the unsubscribe or preference link in any marketing email (managed via Zoho)
Updating your communication preferences in your Clinovo or Zoho-hosted profile or preference center
Contacting privacy@clinovo.com with your request

If you are a California resident, you may also opt out of the sale or sharing of your personal information for cross-context behavioral advertising by:

Using our “Do Not Sell or Share My Personal Information” link where available on our website
Enabling a browser or extension that sends a recognized Global Privacy Control (GPC) signal, which we honor as an opt-out request

Even if you opt out of marketing communications, you may still receive transactional or service-related communications.

3. Artificial Intelligence Usage Policy

3.1 AI-Powered Features
Clinovo leverages artificial intelligence (AI) and machine learning technologies to enhance our services. Our platform and related tools (including certain Zoho and Bullhorn features) may use AI to:

Analyze clinical trial and operational data to identify patterns and insights
Provide predictive analytics and forecasting
Perform natural language processing for protocol review and document/data extraction
Detect data anomalies, quality issues, and compliance risks
Personalize content, recommendations, and user experiences
Support customer service and sales enablement, including prioritizing leads and suggesting next-best-actions

3.2 Data Used for AI
We may use the following types of data to train, configure, and improve AI models and AI-enabled features:

Aggregated and anonymized usage data
De-identified clinical trial and operational data
Anonymized engagement and behavioral data from our digital properties
Publicly available datasets and research publications
User interaction patterns with our services and content, processed in a way that reduces identification risk

We do not use personally identifiable information (PII) or protected health information (PHI) to train AI models without an appropriate legal basis, explicit consent where required, and technical and organizational measures to protect privacy, such as pseudonymization, aggregation, and access controls.

3.3 Human Oversight and Decision-Making
AI assists our teams but does not replace human judgment in critical areas. In particular:

Critical medical, clinical, and legal decisions are not made solely by AI.
AI-generated recommendations and risk scores are subject to review by qualified personnel.
Users may request human review of AI-assisted recommendations that have a significant impact on them, where applicable law provides such rights.

3.4 AI Transparency and Explainability
We are committed to transparency in our AI usage:

We inform users when AI-based features materially influence recommendations or decision support.
We seek to provide meaningful, understandable explanations of key factors behind AI-assisted recommendations where feasible and appropriate.
We document our AI methodologies and governance practices and may make additional information available on request, subject to protection of trade secrets and security measures.

3.5 AI Bias, Fairness, and Risk Management
We actively work to reduce bias and manage risks in our AI systems by:

Testing models for potential unfair bias and unintended discriminatory outcomes
Using diverse datasets and considering representativeness where relevant
Monitoring AI performance over time and recalibrating or retraining models as needed
Providing feedback mechanisms so users can report concerns or suspected biased outcomes

3.6 Third-Party AI Services
We may utilize third-party AI services and components (including those offered by Zoho, Bullhorn, and cloud providers) that are contractually required to maintain appropriate security and privacy standards and to comply with applicable data protection laws. We do not permit such providers to use your personal information for their own independent marketing purposes.

3.7 Your AI-Related Choices
Depending on your location and the context of processing, you may have rights related to automated decision-making and profiling, including:

The right to know when AI is used in decision-making that significantly affects you
The right to request human intervention in certain automated decisions
The right to express your point of view and contest decisions where applicable
The right to object or opt out of certain types of AI-based profiling for direct marketing or personalization

To exercise these choices, contact us at ai-ethics@clinovo.com or use the preference tools available in our services where offered.

4. Cookie Policy

4.1 What Are Cookies
Cookies are small text files placed on your device when you visit our website or interact with our services. They help us provide essential functionality, remember your preferences, understand how our services are used, and support security and marketing activities. Similar technologies (such as pixels, tags, and local storage) may also be used and are collectively referred to as “cookies” in this Policy.

4.2 Types of Cookies We Use
We use the following categories of cookies:

Strictly Necessary Cookies: Essential for the operation of our website and services, such as authentication, security, and load balancing. These cookies are necessary for the service you request and are used based on our legitimate interests.
Functional/Preference Cookies: Enable enhanced functionality and personalization, such as remembering language preferences or user interface settings.
Performance and Analytics Cookies: Help us understand how visitors use our services and measure performance, for example by counting visits, understanding traffic sources, and analyzing usage patterns. These may include analytics cookies set by Zoho and other providers.
Targeting and Advertising Cookies: Used to deliver relevant advertisements, support retargeting, measure campaign effectiveness, and build audiences. These may be set by us or by third parties such as advertising networks, social media platforms, and marketing partners, and may be integrated with Zoho Marketing Suite and other tools.

In the EEA/UK and other regions where required, non-essential cookies (functional, analytics, and advertising) are used only after you provide consent via our cookie banner or settings.

4.3 Third-Party Cookies and Service Providers
We work with a number of third-party service providers that may set cookies on your device, including:

Zoho (for marketing automation, analytics, forms, and tracking)
Bullhorn (for certain tracking or integration-related functionality where applicable)
Analytics and performance measurement providers
Advertising networks and platforms
Social media platforms
Customer support and chat providers
Payment processing providers

These third parties have their own privacy and cookie policies governing their use of cookies. We encourage you to review their policies to understand how they collect, use, and protect your information.

4.4 Cookie Duration
Cookies may be:

Session cookies, which are stored only while your browser is open and deleted when you close it
Persistent cookies, which remain on your device for a defined period or until you delete them through your browser or device settings

4.5 Cookie Consent and Managing Preferences
We use a cookie consent banner and preference tool to:

Inform you about the categories of cookies we use
Obtain your consent where required before setting non-essential cookies
Allow you to accept, reject, or customize cookie categories
Provide a “Cookie Settings” or similar link on our website so you can revisit and adjust your choices at any time

You can also manage cookies through your browser settings, including blocking or deleting cookies. If you disable certain cookies, some parts of our website or services may not function properly.

4.6 Do Not Track and Global Privacy Control
Many browsers offer a “Do Not Track” (DNT) feature. At this time, there is no industry consensus on how to respond to DNT signals, so we do not respond to them.
However, where required by law (including in California), we recognize and honor the Global Privacy Control (GPC) signal as a request to opt out of sale or sharing of personal information related to certain cookie-based tracking and advertising activities.

4.7 Mobile Identifiers
When you access our services through mobile devices, we may collect or use mobile device identifiers and similar technologies for the purposes described above. You can limit ad tracking or reset identifiers through your device settings.

Contact Information, Regional Supplements, and Updates

5.1 Contact Us
Clinovo Data Protection Team
Email: Neetha@clinovo.com
Phone: +1 (866) 994-3121
Address: 533 Airport Boulevard, Suite 400, Burlingame, CA 94010, USA

5.2 Data Protection Officer (EEA/UK)
If you are located in the European Economic Area or the United Kingdom, you may contact our Chief Technology & Data Officer (acting as our Data Protection Officer) at Neetha@clinovo.com for questions regarding this Policy or our data protection practices in your region.

5.3 Supervisory Authorities
If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with a data protection supervisory authority in your country or region of residence or work.

5.4 Regional Privacy Notices
We may provide additional region-specific notices (for example, a Privacy Notice for California Residents or an EEA/UK Privacy Notice) that supplement this Policy and describe local rights and obligations in more detail. Where there is a conflict, the region-specific notice will prevail for individuals in that region.

5.5 Policy Updates and Acceptance
We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or use of Zoho, Bullhorn, and other service providers. When we make material changes, we will notify you through appropriate channels, such as email, in-app messages, or a prominent notice on our website.
The “Effective Date” at the top of this Policy indicates when it was last revised. By using Clinovo’s services after any updates take effect, you acknowledge that you have read and understood the updated Policy and agree to its terms, to the extent permitted by applicable law.