Your information,handled with care.

ClinicalMatchMate (“we,” “our,” or “us”) operates the website at clinicalmatchmate.com and related services (the “Platform”). Our Platform helps patients and caregivers discover and understand clinical trials that may match their condition, preferences, and location.

Questions about this policy should be directed to privacy@clinicalmatchmate.com.

2a. Information you provide directly

• Contact and account information: If you create an account or submit a contact form, we collect your name and email address (and any message you include). Account identifiers and profile fields are stored in Supabase, our database and authentication provider.
• Intake responses: When you submit the intake form, we store your responses in our Supabase database so your profile and matches can persist. This occurs when you submit the form—an account is not required first; intake submitted without an account is linked to a private token in your browser and can later be claimed by an account. We store: your name, email, date of birth, age, biological sex, and (if provided) height, weight, and pregnancy status; your condition, diagnosis date, severity, biomarkers, other conditions and comorbidities, allergies, current medications, supplements, smoking and alcohol use, prior treatments, and any additional context you enter; your location (ZIP or city and the latitude/longitude derived from it) and travel preferences; and your consent timestamp. Clinical and trial-related text from these fields is also sent to our matching service and to Google Gemini to generate matches and explanations (see Section 4).
• Feedback submissions: If you submit feedback, we collect the content of that feedback and, if you choose to provide it, your email address.

2b. Information collected automatically

• Usage data: Standard server logs, including IP address, browser type, referring page, and pages visited. We use this for security and performance monitoring.
• Session data: If you are logged in, we maintain an authenticated session managed by Supabase. Session identifiers do not contain your health information.

2c. Location data

You enter a ZIP code or location during intake. To rank trials by distance, we send that ZIP to OpenStreetMap’s Nominatim geocoding service to look up approximate latitude and longitude. Your location text and the derived latitude and longitude are stored with your intake row in our database, and are also sent to our matching service so it can rank nearby trial sites. See the OpenStreetMap Foundation Privacy Policy.

We use the information we collect to:

• Generate and display clinical trial matches based on your inputs
• Respond to contact form submissions and feedback
• Authenticate your account and maintain session security
• Monitor and improve Platform performance and reliability
• Comply with legal obligations

We do not use your health-related responses to build advertising profiles, sell them to data brokers, or use them to train third-party foundation models. Third-party AI APIs process prompts we send them to perform the functions described in Section 4, subject to those vendors’ terms and policies.

We do not sell, rent, or trade your personal information. We may share data with:

• Supabase: Our database and authentication provider. Account and intake data, match jobs, and match results tables used by the product are stored in our Supabase project. See Supabase’s Privacy Policy.
• Matching infrastructure:By default, matching runs in a Supabase Edge Function in our project that reads trial catalog data and your intake payload. When configured, we may instead send the same class of intake payload to a separate HTTP matching service we operate (“Trail_Matcher”). In both cases, processing is for generating and writing match results to our database—not for advertising.
• Google (Gemini): We send clinical and trial-related text to Google Gemini to power trial discovery near your location, plain-language explanations built from public trial information, and matching analysis. See Google’s Privacy Policy. We do not send your data to Anthropic or any other AI provider.
• OpenStreetMap (Nominatim):We send the ZIP code you enter to OpenStreetMap’s Nominatim geocoding service to convert it into approximate coordinates for distance-based trial ranking. See the OpenStreetMap Foundation Privacy Policy.
• Resend:Used to deliver contact form submissions and notification emails. Message content is transmitted through Resend’s infrastructure.
• Legal requirements: If required by law, regulation, or valid legal process, we may disclose information to the appropriate authorities.

• Intake responses (with an account): Retained while your account exists. When your account is deleted, related rows that reference your user id (including intake responses, match jobs, and match scores) are removed from our database via cascading delete.
• Intake submitted without an account: If you submit intake but never create or link an account, that unclaimed submission is automatically deleted after 30 days.
• Account data: Retained while your account is active. You can delete your account and its associated data yourself at any time from your account Settings; you may also email privacy@clinicalmatchmate.com to request deletion.
• Contact form submissions: Retained for up to 12 months for follow-up and quality purposes, then deleted.
• Server logs: Retained for up to 90 days for security monitoring.

We use industry-standard practices to protect your data, including TLS encryption in transit, authenticated access via Supabase, and access controls on application routes. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data. To exercise these rights, contact us at privacy@clinicalmatchmate.com. We will respond within 30 days.

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately.

We may update this Privacy Policy from time to time. We will indicate the effective date on this page. Continued use of the Platform after changes constitutes acceptance of the updated policy where permitted by law.

For privacy-related inquiries, email privacy@clinicalmatchmate.com or use our contact page.