Privacy & Trust

Privacy Policy

Last updated: April 20, 2026

Effective date: April 20, 2026

1. Who we are

ClinicalMatchMate (“we,” “our,” or “us”) operates the website at clinicalmatchmate.com and related services (the “Platform”). Our Platform helps patients and caregivers discover and understand clinical trials that may match their condition, preferences, and location.

Questions about this policy should be directed to privacy@clinicalmatchmate.com.

2. Information we collect

2a. Information you provide directly

  • Contact and account information: If you create an account or submit a contact form, we collect your name and email address (and any message you include). Account identifiers and profile fields are stored in Supabase, our database and authentication provider.
  • Intake responses (signed-in matching flow): When you complete the intake form and run matching, we store the following in our Supabase database so your profile and matches can persist: condition; age; the location description you enter (for example city or ZIP); travel willingness; remote trial preference; phase tolerance; time commitment; the personalized follow-up question shown to you and your answer; and prior treatments you list (stored as structured entries for eligibility-related use). Current medications and other conditions you enter in the same session are combined into clinical text for that matching request and sent to our matching service and to Google Gemini as part of that run; they are not stored in separate dedicated columns beyond your follow-up answer and prior-treatment entries described above.
  • Feedback submissions: If you submit feedback, we collect the content of that feedback and, if you choose to provide it, your email address.

2b. Information collected automatically

  • Usage data: Standard server logs, including IP address, browser type, referring page, and pages visited. We use this for security and performance monitoring.
  • Session data: If you are logged in, we maintain an authenticated session managed by Supabase. Session identifiers do not contain your health information.

2c. Location data

You may enter an approximate location as text; that value is stored with your intake as described above. If you choose to share latitude and longitude (for example from device or map-assisted entry), those coordinates are sent to our matching service with your match request so we can rank nearby trial sites for that job. The current application route that saves your intake does not persist latitude and longitude columns on your intake row; providers involved in the matching job may still process coordinates transiently as part of that request.

3. How we use your information

We use the information we collect to:

  • Generate and display clinical trial matches based on your inputs
  • Respond to contact form submissions and feedback
  • Authenticate your account and maintain session security
  • Monitor and improve Platform performance and reliability
  • Comply with legal obligations

We do not use your health-related responses to build advertising profiles, sell them to data brokers, or use them to train third-party foundation models. Third-party AI APIs process prompts we send them to perform the functions described in Section 4, subject to those vendors’ terms and policies.

4. How we share your information

We do not sell, rent, or trade your personal information. We may share data with:

  • Supabase: Our database and authentication provider. Account and intake data, match jobs, and match results tables used by the product are stored in our Supabase project. See Supabase’s Privacy Policy.
  • Matching infrastructure: By default, matching runs in a Supabase Edge Function in our project that reads trial catalog data and your intake payload. When configured, we may instead send the same class of intake payload to a separate HTTP matching service we operate (“Trail_Matcher”). In both cases, processing is for generating and writing match results to our database—not for advertising.
  • Google (Gemini): We send clinical and trial-related text to Google Gemini for operations such as: generating your personalized follow-up question; creating embeddings and suggested ICD-10 codes from your clinical summary during matching; structured match analysis in the default matching pipeline; and certain optional product features (for example plain-language explanations built from public trial text, or location-assisted discovery when you use those tools). See Google’s Privacy Policy.
  • Anthropic (Claude): If you use our chat-style trial screening feature that calls our chat API, the messages you send in that flow are processed by Anthropic Claude. That pathway is separate from the main batch matching pipeline described above. See Anthropic’s Privacy Policy.
  • Resend: Used to deliver contact form submissions by email. Message content is transmitted through Resend’s infrastructure.
  • Legal requirements: If required by law, regulation, or valid legal process, we may disclose information to the appropriate authorities.

5. Data retention

  • Intake responses: Retained while your account exists. You may request deletion of intake data—or deletion of your entire account—by emailing privacy@clinicalmatchmate.com. When your Supabase auth user is removed, related rows that reference your user id (including intake responses, match jobs, and match scores, where our schema uses cascading delete) are removed from our project database as defined by those database rules.
  • Account data: Retained while your account is active. There is no self-serve account deletion control in the product today; contact us at the email above to request deletion.
  • Contact form submissions: Retained for up to 12 months for follow-up and quality purposes, then deleted.
  • Server logs: Retained for up to 90 days for security monitoring.

6. Security

We use industry-standard practices to protect your data, including TLS encryption in transit, authenticated access via Supabase, and access controls on application routes. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data. To exercise these rights, contact us at privacy@clinicalmatchmate.com. We will respond within 30 days.

8. Children

The Platform is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us immediately.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will indicate the effective date on this page. Continued use of the Platform after changes constitutes acceptance of the updated policy where permitted by law.

10. Contact us

For privacy-related inquiries, email privacy@clinicalmatchmate.com or use our contact page.

More in Help & Support