Privacy Policy

Last updated: June 2, 2026

1. Introduction

This Privacy Policy describes how Protocol Explorer ("we," "us," or "our") collects, uses, and discloses information in connection with our business-to-business (B2B) services. This website and its services are intended for professional use by authorized representatives of clinical research organizations, pharmaceutical companies, and related business entities. It is not intended for individual consumers.

2. Information We Collect

We collect information provided directly by logged-in users and their respective organizations:

  • Account and Profile Information: Your professional contact and profile details, including name, business email address, and — where you choose to provide them — organizational affiliation, country, city, and job title. Your business email is also your sign-in identifier.
  • Communication Preferences: Whether you have opted in to receive marketing or product-update emails, together with the date your preference was last changed.
  • Records of Consent and Agreement: Records evidencing your choices — for example, the date you set your communication preferences, and the version and date of the Disclaimer & Terms of Use you accepted when contributing content.
  • Clinical Protocol Documents: We collect clinical study protocol documents and related study definitions uploaded or shared by authorized users. Contributors must only submit non-confidential, non-personal protocol content that they are authorized to share publicly; the platform is not intended for confidential, proprietary, or patient data.
  • Usage Data: Technical information regarding how you access and use the platform to ensure security and improve performance.

3. How We Use Your Information

We process the information we collect for the following business purposes:

  • Platform Operation: To host, display, and make available the protocol content that contributors choose to share, and to operate, secure, and improve Protocol Explorer.
  • Standards Development: To support understanding and adoption of the open USDM standard, including reviewing how protocols are represented in USDM to improve the platform and the standard itself.
  • Platform Administration: To manage user accounts, provide technical support, and ensure the security of our systems.
  • Communications: To send you service-related messages and, where you have opted in, marketing or product-update emails (see "Marketing Communications" below).
  • Compliance: To comply with applicable laws, regulations, and industry standards related to clinical data management.

4. Data Sharing and Disclosure

We do not sell your professional information. We may share information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist us in operating, securing, and improving the platform, subject to strict confidentiality agreements. These include Microsoft Azure and Microsoft Entra, which provide our cloud hosting and identity (sign-in) services, and our email service provider, which delivers marketing emails to users who have opted in.
  • Public Availability: Protocol content that contributors submit for publication is intended to be public, and may be viewable and downloadable by other users of the platform without restriction. Contributors are responsible for ensuring that submitted content is non-confidential and appropriate for public sharing.
  • Legal Requirements: If required by law, subpoena, or other legal process.

5. Cookies

We use only strictly necessary cookies — those required for the site to function. These keep you signed in (authentication), protect against cross-site request forgery and other security risks, and carry short-lived status messages between pages.

We do not use analytics, advertising, or tracking cookies, and we do not embed third-party trackers. Because we rely only on strictly necessary cookies, no cookie-consent banner is required. The operational telemetry we use to keep the service secure and reliable is collected on our own servers; it does not set cookies on your device or share data with advertising networks.

6. Marketing Communications

Marketing and product-update emails are optional and off by default. If you opt in — either when you create your account or from your profile — you agree to receive occasional product updates and materials about Protocol Explorer by email. You can withdraw your consent at any time from your profile, and every marketing email also includes an unsubscribe link. We keep a record of your preference and the date it was last changed. Withdrawing consent does not affect essential service-related messages, such as security or account notifications.

7. Data Security

We implement industry-standard technical and organizational measures designed to protect the clinical protocols and professional data we collect against unauthorized access, loss, or alteration. However, no method of transmission over the Internet is 100% secure.

8. Data Retention

We retain collected information for as long as necessary to fulfill the purposes outlined in this policy, including support for the long-term development of open standards, or as required by legal and regulatory obligations. When you delete your account, your profile and account information are removed from our identity provider (Microsoft Entra), subject to a short recovery window on their side and any retention we are legally required to observe. Protocol content you have published is public and is not removed automatically — you should delete any protocols you no longer wish to share before deleting your account (see "Your Rights and Choices").

9. Your Rights and Choices

While signed in, you can exercise the following directly from your profile:

  • Access: View the personal details we hold about you on your profile page.
  • Correction: Update your name, organization, country, city, and job title at any time. Your business email is your sign-in identifier and cannot be changed here; contact us if it needs to change.
  • Withdraw consent: Turn marketing emails off at any time using your communication preferences.
  • Deletion: Permanently delete your account from your profile. Because published protocols are public content, you must first delete any protocols you own; once you confirm, your account is removed and cannot be recovered through the site.

Depending on your location, you may have additional rights under applicable data protection laws (such as UK and EU GDPR). To make any other request, or if you need help, contact us using the details below.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at protocol.explorer@paconsulting.com.

12. Related Policies

See also our Disclaimer & Terms of Use, which covers content disclaimers, contributor responsibilities, and takedown.