Site Platform 

For Research Sites, Investigators & Coordinators 

Privacy Policy 

Effective Date: April 8, 2026  |  Version 1.0 

HEKMA Clinical Intelligence Platform, Inc.  |  legal@hekma.io 


1. Introduction 

This Privacy Policy explains how HEKMA Clinical Intelligence Platform, Inc. collects, uses, stores, and protects personal data about Site Users — including PIs, sub-investigators, CRCs, and other research site staff — when they access the HEKMA Site Platform. 

This policy does not govern HEKMA’s processing of research participant (patient) data, which is addressed separately in applicable Data Use Agreements and the Patient Privacy Policy. 


2. Data We Collect from Site Users 

2.1 Professional Identity Data 

    • Full name, professional title, institutional affiliation 

    • Medical license or research credential numbers (where required for role verification) 

    • Institutional email address and direct contact details 

    • GCP training certifications and expiry dates 

2.2 Platform & Study Activity Data 

    • System login times, IP addresses, and device identifiers 

    • Study data entries, query responses, and data corrections (with full 21 CFR Part 11 audit trail) 

    • Delegation of Authority Log entries and role assignments 

    • eTMF document uploads, versions, and approval signatures 

    • Pre-screening activity and patient referral records (de-identified at the patient level) 

2.3 Communications 

    • Messages exchanged through the platform’s sponsor-site and HEKMA-site communication channels 

    • Support interactions and training records 

3. How We Use Site User Data 

    • Identity verification and role-based access control management 

    • Maintaining 21 CFR Part 11-compliant electronic audit trails 

    • Generating study performance reports for Sponsor review 

    • Enabling pre-screening and eligibility matching functionality 

    • Regulatory inspection readiness — audit trail data may be produced to FDA or other agencies upon lawful request 

    • Platform training and quality improvement programs 

4. Data Sharing 

Site User identity and activity data may be shared with: 

    • Sponsors: Sponsor organizations can view site-level study activity data and audit records as permitted under the study’s regulatory framework and site agreement 

    • Regulatory Authorities: Upon lawful request or during an inspection, audit trail and site user activity data may be disclosed to FDA, IRBs, or other applicable regulatory bodies 

    • HEKMA’s infrastructure providers: Under strict Data Processing Agreements 

5. Security Controls 

    • Role-based access controls limiting data access to authorized functions 

    • End-to-end encryption for all data in transit and at rest 

    • 21 CFR Part 11-compliant immutable audit trails 

    • Regular security audits and vulnerability assessments 

    • Mandatory multi-factor authentication for all Site Platform users 

6. Data Retention 

Site User records are retained for the duration of your site’s active participation in Studies plus the regulatory record-keeping period applicable to those Studies (minimum 2 years post-study completion per FDA 21 CFR 312.62, or longer as required by the Sponsor). Audit trail records are retained for the full regulatory retention period. 


7. Your Rights 

Site Users have the right to access, correct, or request deletion of personal data about them, subject to regulatory record-keeping obligations that may override deletion requests (audit trails and study records cannot be deleted while subject to regulatory retention requirements). Contact dpo@hekma.io to exercise your rights. 


8. Contact 

Data Protection Officer: dpo@hekma.io 

Site Support: sites@hekma.io 

Schedule A Demo