OpenClinica Privacy Policy

Updated March 27, 2024

Maintaining your privacy is important to us and so is being transparent about your information we collect and use. The following policy is intended to help you understand what information we collect, how we use that information, circumstances under which we may share that information, and how we store and secure your information.

When we refer to “OpenClinica,” “we,” or “us” in this policy, we mean OpenClinica, LLC. OpenClinica provides software tools for conducting clinical research studies. We also own and operate a number of websites and offer related services, such as support. We refer to all these products, together with our other services and websites as “Services” in this policy.

If you do not agree with this privacy policy then you should not use these Services or otherwise provide us with your information.

Notice to end users

Our products are intended for use by our customers which are organizations. Where the Services are made available to you through an organization (e.g. your employer, research sponsor, or data management service provider), that organization is the administrator of the Services and is responsible for the end-users and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Information we collect about you

We collect the following information about you when you specifically provide it to us, or make use of our Services.

Information you provide to us

We collect information about you when you input it into the Services or otherwise provide it directly to us.

  • Account and profile information. We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services. For example, you may register on one of our websites in order to access certain resources, or purchase a product/service and enter your contact or billing information.
  • Information you provide by using our products. The Services include any OpenClinica software products you use, where we collect and store information that you add, upload, send, receive and share. This includes any information about you that you may choose to include, and information our customers choose to include in their clinical studies.
  • Information you provide through our website. The Services include websites we either own or operate. For example, when submit a form on one of these websites, we may require you to provide us with contact information such as your name, company name, job title, address, phone number, and email address.
  • Information you provide through our support channels. The Services also include customer support, where you may choose to submit information regarding a problem or question related to the Services. When you engage with our support team we obtain information, including your contact information. For example, you may submit a ticket or telephone our help desk to describe a problem you are experiencing, submit supporting documentation such as screenshots, etc.
  • Billing and payment information. In order to provide the Services we collect payment and billing information. For example, you may provide us with a billing contact for invoicing purposes, or provide us with your payment card details via a secure payment processing service.

Information we collect automatically when you use our Services

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

  • Your use of the Services. We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use, links you click, search terms entered, the types and sizes of files uploaded, and the types, quantities, sizes, and status of studies, sites, forms, events, rules, study subjects, and data extracts.
  • Device and connection information. We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference in order to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
  • Cookies and other tracking technologies. OpenClinica and our third-party partners, such as our website usage analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. You can opt out of these forms of tracking by adjusting your browser settings, though in some cases they may be necessary in order to utilize the Services.

Information we receive from other sources

  • Other users of the Services. Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned by someone else on a support ticket, or in using our collaboration features. We also receive your email address from other Service users when they provide it in order to invite you to the Services.
  • OpenClinica partners. We work with partners globally who provide implementation, training, consulting, and other services around our products. Some of these partners also help us to market and promote our products, generate leads for us, and resell our products. We receive information from these partners, such as billing information, billing and technical contact information, company name, what products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.

We also receive information about you form advertising and market research partners who provide us with information about your interest in, and engagement with, our Services and online advertisements.

How we use information we collect

How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you.

  • To provide the Services and personalize your experience. We use information about you to provide the Services to you, including to procure and configure the Services, authenticate you when you log in, tailor content you have access to, provide customer support, and operate and maintain the Services. For example we use the name you provide in your account to identify you to other Service users, or to show you a list of data queries requiring your attention.
  • For research and development. Customer feedback and usage data (such as activity, patterns, trends, and metadata) is essential to making our Services as useful as possible. This information helps us troubleshoot problems and informs our product design and roadmap.
  • To communicate with you about the Services. We use your contact information to send transactional communications via email and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We also use your contact information to provide you with tailored communications based on your system preferences and usage. For example, an action you take in the Services may automatically trigger an email notification to automatically provide you with an updated study report.
  • To market, promote, and drive engagement with the Services. We use your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, and by displaying OpenClinica ads on other companies’ websites. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions and contests. You can control whether you receive these communications as described below under “Opt-out of communications.”
  • Customer support. We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services. Where you give us permission to do so, and if necessary in order to troubleshoot a technical issue, we may access your clinical data.
  • For security and regulatory compliance. We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies. We also use information about you to meet the requirements of regulations and guidelines which pertain to clinical research, such as ICH GCP and 21 CFR Part 11.
  • To protect our legitimate business interests and legal rights. Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
  • Other purposes. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
  • Legal bases for processing (for EEA users). If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
    • We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
    • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
    • You give us consent to do so for a specific purpose; or
    • We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer, the clinical trial sponsor) have a legitimate interest to do so, you have the right to object to that use, though in some cases, this may mean no longer using the Services.

How we share information we collect

We recognize that your clinical research data is a critical asset and take privacy and security of this data very seriously. We do not share your clinical research data with any third-party unless we are specifically authorized to do so.

Certain other information you provide to us may be shared in the ways described below:

  • Community forums. We operate some publicly accessible websites such as blogs, forums, and bug trackers. You should be aware that any information you provide in these websites – including profile information associated with the account you use to post the information – may be read, collected, and used by any member of the public who accesses websites. Your posts and certain profile information may remain even after you terminate your account. You should therefore consider the sensitivity of any information you input into these Services. To request removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.
  • Service providers. We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, billing, collections, and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
  • OpenClinica partners. We work with third parties who provide consulting, sales, support and technical services to deliver and implement customer solutions around the Services. We may share your information with these third parties in connection with their services, such as to enable the delivery of the OpenClinica products and services you have purchased. If a partner needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
  • Third-Party apps. You, your administrator or other Service users may choose to utilize third party apps which extend the functionality of the Services. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. Third-party app policies and procedures are not controlled by us, and this privacy policy does not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices. If you object to information about you being shared with these third parties, please disable the app.
  • Third-party widgets. Some of our Services contain widgets and social media features, such as the Twitter “tweet” button. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are hosted by third parties. Your interactions with these features are governed by the privacy policy of the company providing it.
  • Compliance with enforcement requests and applicable laws; enforcement of our rights. In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect OpenClinica, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
  • Business transfers. We may share or transfer information we collect under this privacy policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of the OpenClinica business to another company.

Security and Storage

We take the security of your information seriously and have numerous measures in place to protect against the loss, misuse, and alteration of information under our control. While we implement technical and procedural safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

We use data hosting service providers in the United States, the European Union, and other locales to host the information we collect. How long we keep information we collect about you depends on the type of information. For example:

  • If you are a customer, and cease being a customer, we will delete your clinical data. Your data that we store on our routine back-up systems will remain on those back-up systems and overwritten in the ordinary course of reuse of those system-backup media.
  • If the Services are made available to you through one of our customers (e.g., your employer), we retain your information as long as required by our customer.
  • If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information.
  • We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our Services.

How to access and control your information

You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using features available from within the Services. Where the Services are administered for you by an administrator (see “Notice to End Users” above), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

Children’s privacy

Outside of the context of a specific clinical research study being conducted by our customers, for which research subjects have been appropriately consented, our Services are not intended for, or designed to attract, individuals under the age of 16. We do not collect personally identifiable information from any person we actually know is an individual under the age of 16.

Links to Independent Websites

Our Services may contain links to third party websites. The policies and procedures described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies.

Use of OpenClinica Participate and the OpenClinica iOS app

To use the OpenClinica Participate and/or the OpenClinica iOS app Services, you should be a participant or potential participant in a clinical study run by one of our customers.

The Services are designed to be used by researchers running studies that obtain your consent and have secured approval from an independent ethics review board, such as your hospital’s Institutional Review Board (IRB). You should ensure you are familiar with the study and consent requirements before using these Services.

Information you provide to us using these Services will be shared with the researchers running the study. OpenClinica will not share, use, or view your data provided under these Services, other than to provide support to the organization running the study.

Privacy Shield Notice

OpenClinica, LLC adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and the Privacy Shield Principles regarding the collection, use, and retention of information about you that is transferred from the European Union or Switzerland (as applicable) to the U.S. We ensure that the Privacy Shield Principles apply to all information about you that is subject to this privacy policy and is received from the European Union, the European Economic Area, and Switzerland.

Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

To learn more about the Privacy Shield Program, and to view our certification, please visit our public Privacy Shield listing.

In compliance with the Privacy Shield Principles, OpenClinica, LLC commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact OpenClinica, LLC at

OpenClinica, LLC has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit for more information or to file a complaint. The services of JAMS are provided at no cost to you.

You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints.

Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Cookie Declaration

Let us customize your experience. We believe in the values promoted by GDPR and are committed to compliance. We use cookies to analyze our traffic and to serve relevant content. For an optimal experience, please consent to the use of cookies.

Cookies are small text files that can be used by websites to make a user’s experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our privacy policy page.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Your consent applies to the following domains:,,

Your current state: Deny. Change your consent

Cookie declaration last updated on 1/2/22 by Cookiebot:

Necessary (8)

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

CookieConsent [x3] Cookiebot Stores the user’s cookie consent state for the current domain 1 year HTTP Cookie
has_js Registers whether or not the user has activated JavaScript in the browser. Session HTTP Cookie
language Linkedin Saves the user’s preferred language on the website. Session HTTP Cookie
li_gc LinkedIn Stores the user’s cookie consent state for the current domain 2 years HTTP Cookie
SESS# Preserves users states across page requests. 23 days HTTP Cookie
visitorId Preserves users states across page requests. 1 year HTTP Cookie

Preferences (3)

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

CookieConsentBulkSetting-# Cookiebot Enables cookie consent across multiple websites Persistent HTML Local Storage
lang [x2] LinkedIn Remembers the user’s selected language version of a website Session HTTP Cookie

Statistics (22)

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

__utma Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics. 2 years HTTP Cookie
__utmb Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit. 1 day HTTP Cookie
__utmc Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit. Session HTTP Cookie
__utmt Used to throttle the speed of requests to the server. 1 day HTTP Cookie
__utmz Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics. 6 months HTTP Cookie
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 years HTTP Cookie
_gat Used by Google Analytics to throttle request rate 1 day HTTP Cookie
_gid Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 1 day HTTP Cookie
_hjAbsoluteSessionInProgress This cookie is used to count how many times a website has been visited by different visitors – this is done by assigning the visitor an ID, so the visitor does not get registered twice. 1 day HTTP Cookie
_hjFirstSeen This cookie is used to determine if the visitor has visited the website before, or if it is a new visitor on the website. 1 day HTTP Cookie
_hjid Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. 1 year HTTP Cookie
_hjIncludedInPageviewSample Hotjar Determines if the user’s navigation should be registered in a certain statistical place holder. 1 day HTTP Cookie
_hjSession_# Hotjar Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. 1 day HTTP Cookie
_hjSessionUser_# Hotjar Collects statistics on the visitor’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. 1 year HTTP Cookie
_hjTLDTest Registers statistical data on users’ behaviour on the website. Used for internal analytics by the website operator. Session HTTP Cookie
AnalyticsSyncHistory LinkedIn Used in connection with data-synchronization with third-party analysis service. 30 days HTTP Cookie
browser_id Linkedin Used to recognise the visitor’s browser upon reentry on the website. 5 years HTTP Cookie
hjViewportId Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes. Session HTML Local Storage
p.gif Adobe Inc Keeps track of special fonts used on the website for internal analysis. The cookie does not register any visitor data. Session Pixel Tracker
personalization_id Twitter This cookie is set by Twitter. The cookie allows the visitor to share content from the website on his/her Twitter profile. 2 years HTTP Cookie
slideshare.experiments Linkedin Used by SlideShare to determine if the visitor is participating in a design experiment. Persistent HTML Local Storage
vuid Vimeo Collects data on the user’s visits to the website, such as which pages have been read. 2 years HTTP Cookie

Marketing (15)

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

_gcl_au Google Tag Manager Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. 3 months HTTP Cookie
ads/ga-audiences Google Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites. Session Pixel Tracker
bcookie LinkedIn Used by the social networking service, LinkedIn, for tracking the use of embedded services. 2 years HTTP Cookie
bscookie LinkedIn Used by the social networking service, LinkedIn, for tracking the use of embedded services. 2 years HTTP Cookie
IDE Google Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 year HTTP Cookie
lidc LinkedIn Used by the social networking service, LinkedIn, for tracking the use of embedded services. 1 day HTTP Cookie
pagead/1p-conversion/# Google Pending Session Pixel Tracker
pagead/1p-user-list/# Google Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites. Session Pixel Tracker
pagead/landing [x2] Google Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. Session Pixel Tracker
pagead/viewthroughconversion/1070768943 Google Pending Session Pixel Tracker
test_cookie Google Used to check if the user’s browser supports cookies. 1 day HTTP Cookie
UserMatchHistory LinkedIn Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor’s preferences. 30 days HTTP Cookie
VISITOR_INFO1_LIVE YouTube Tries to estimate the users’ bandwidth on pages with integrated YouTube videos. 179 days HTTP Cookie
YSC YouTube Registers a unique ID to keep statistics of what videos from YouTube the user has seen. Session HTTP Cookie

Unclassified (1)

Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.

cas_login_checked Pending Session HTTP Cookie


Updates to this policy

We may change this privacy policy from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by adding a notice on the Services homepages, login screens, or by sending you an email notification. We will also keep prior versions of this Privacy Policy in an archive for your review. We encourage you to review our privacy policy whenever you use the Services to stay informed about our information practices and the ways you can help protect your privacy.

Contact Us

If you have questions or concerns about how your information is handled, please direct your inquiry to:

OpenClinica, LLC
1075 Main Street, Suite 140
Waltham, MA 02451 USA

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now