Patient Platform 

For Trial Participants & Caregivers (Web) 

Privacy Policy 

Effective Date: April 8, 2026  |  Version 1.0 

HEKMA Clinical Intelligence Platform, Inc.  |  legal@hekma.io 

 

1. Our Commitment to Your Privacy 

At HEKMA, we understand that your health information is among the most sensitive data you own. This Privacy Policy explains exactly what data we collect about you as a Patient Platform user, why we collect it, who we share it with, and what rights you have over it. 

We do not sell your personal or health data. Ever. 

 

2. What Data We Collect 

2.1 Account Information 

     

      • Email address, name, and date of birth (required to create your account)
      • Password (stored using one-way encryption — unreadable by us) 
      • Language preference and time zone 

    2.2 Health Passport Data 

    This is the data you voluntarily enter to build your Health Passport. It may include: 

      • Medical diagnoses, conditions, and health history 
      • Current medications and allergies
      • Prior clinical trial participation
      • Demographic information (age, sex, ethnicity) — collected to improve diversity in clinical trial matching 
      • FHIR-structured health records imported from connected EHR patient portals (with your explicit authorization) 

    2.3 Trial Engagement Data 

      • Trials you have viewed, saved, or expressed interest in 
      • Consent records for data sharing with specific research sites 
      • Trial participation status updates 

    2.4 Technical Data 

      • IP address, browser type, device type, and session timestamps 
      • Platform navigation logs and error reports

    3. How We Use Your Data 

    We use your data for these specific purposes only: 

      • Running the AI TrialMatch Engine to match your Health Passport to relevant open clinical trials 
      • Displaying personalized trial recommendations in your dashboard 
      • Enabling you to share your Health Passport with research sites you select 
      • Sending trial match notifications and platform updates (with your consent) 
      • Improving the accuracy and diversity of AI matching through de-identified, aggregated analysis 
      • Complying with applicable laws and regulations

    4. Who We Share Your Data With 

    We only share your personally identifiable health data in the following circumstances: 

      • Research Sites (with your explicit consent): When you choose to share your Health Passport with a specific research site, that site’s authorized staff will be able to review it for pre-screening purposes. You can revoke this sharing at any time. 
      • Infrastructure providers: Cloud storage and processing partners operating under strict Data Processing Agreements 
      • PAG partners: Only the specific data fields you have consented to share with your PAG partner 
      • Legal requirements: In response to valid legal process 

    We will never share your identifiable health data with a Sponsor organization without your knowledge and explicit consent. 

     

    5. Your Rights 

    You have the following rights over your data: 

      • Access: Download a copy of all your HEKMA Health Passport and account data from your settings 
      • Correction: Edit or correct any health data in your Health Passport at any time 
      • Deletion: Delete your account and all associated data within 30 days of your request 
      • Withdrawal of consent: Revoke any previously granted data-sharing consents at any time 
      • Portability: Export your Health Passport in a standard FHIR-compatible format 
      • Object to processing: Object to use of your data for AI model improvement (opt-out available in settings) 

    6. Data Security

      • All health data encrypted at rest (AES-256) and in transit (TLS 1.2+) 
      • Access to your data restricted to HEKMA staff on a strict need-to-know basis 
      • Prompt breach notification — we will contact you within 72 hours if your data is compromised 
      • Regular independent security audits 

     

    7. Cookies on the Patient Platform 

    We use: 

      • Strictly necessary cookies: Login session management and security 
      • Preference cookies: Language and accessibility settings 
      • Analytics cookies: Aggregated, anonymized usage data to improve platform navigation (opt-out available) 

    We do not use advertising cookies or share cookie data with advertisers. 

     

    8. Children’s Privacy 

    The Patient Platform is not directed at individuals under 18. If a parent or guardian is creating a Caregiver Account for a minor, the parent/guardian must complete registration and manage the account. We do not knowingly collect personal data from individuals under 13. 

     

    9. International Users (GDPR / UAE) 

    If you are accessing the Patient Platform from the European Economic Area or the UAE, you have additional rights under GDPR and applicable UAE data protection laws, including the right to lodge a complaint with your local supervisory authority. HEKMA relies on your consent as the primary legal basis for processing your Health Passport data. 

     

    10. Contact 

    Patient Privacy Enquiries: privacy@hekma.io

    Data Protection Officer: dpo@hekma.io

    Schedule A Demo