Privacy Policy

Glianex, Inc. ("Glianex," "we," "our," or "us") operates a clinical knowledge retrieval platform. This Privacy Policy explains how we collect, use, store, and protect information about you and your organization when you use our services. By using Glianex, you agree to the practices described here.

Account information. When you sign up, we collect your name, email address, and organizational affiliation through Clerk, our authentication provider. We do not store your password — authentication is handled by Clerk and the identity provider you choose.

Usage data. We collect the questions you ask the system, the AI-generated responses returned, and metadata about your queries (timestamps, response times, feedback ratings). This data is associated with your organization's tenant and is used to improve the service and provide analytics to your administrators.

Uploaded documents. Protocol PDFs and other documents you upload are stored in your organization's secure storage bucket. The content is processed to generate searchable index data and to answer queries. Document content is never shared with other organizations.

Log and audit data. We record significant user actions (uploads, deletions, queries, login events) in an audit log associated with your organization. This supports your institution's compliance and security review requirements.

We use the information we collect to: operate and improve the Glianex service; answer your clinical knowledge queries using your organization's uploaded protocols; provide analytics and reporting to organizational administrators; send transactional communications (invitation emails, billing notices); detect abuse, enforce our Terms of Service, and protect the security of the platform.

We do not use your uploaded protocol documents to train any machine learning models, and we do not share document content with third parties.

All data is stored on servers located in the United States using Supabase (PostgreSQL) and Supabase Storage. Data is encrypted at rest and in transit using industry-standard TLS encryption.

Authentication is handled by Clerk, which maintains SOC 2 Type II certification. Payment processing, where applicable, is handled by Stripe, which maintains PCI DSS Level 1 compliance.

AI responses are generated by the Anthropic Claude API. Queries are transmitted to Anthropic's API over TLS. Anthropic's data handling practices are governed by their own privacy policy and API terms.

We do not sell, rent, or trade your personal information or your organization's documents to third parties. We share information only with:

• Service providers who help us operate the platform (Supabase, Clerk, Anthropic, Stripe, Resend) under data processing agreements.
• Legal authorities when required by law, court order, or governmental authority.
• Successor entities in the event of a merger, acquisition, or sale of all or substantially all assets, with notice provided to affected users.

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal information; object to or restrict certain processing; and data portability. To exercise any of these rights, contact us at the address below. We respond to all requests within 30 days.

Your organization's administrator can delete documents and exported query data at any time through the dashboard. Account deletion can be requested by contacting support.

Glianex uses only essential session cookies required for authentication (managed by Clerk). We do not use advertising cookies, cross-site tracking, or analytics that identify individual users to third parties. We do not use Google Analytics or similar tracking services.

Query history and audit logs are retained for as long as your organization account is active and for a period of 36 months thereafter. Uploaded documents are retained until explicitly deleted by an administrator. Account information is retained until account deletion is requested.

Glianex is a professional service for healthcare institutions and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice within the application at least 14 days before the change takes effect. Continued use of Glianex after that date constitutes acceptance of the updated policy.

For privacy inquiries, data requests, or concerns, contact us at: