Effective Date: June 3, 2026
Last Updated: June 3, 2026
Inshirah Ventures / Inshirah Consult (“we,” “us,” or “our”) is committed to protecting the privacy, security, and integrity of the data entrusted to us. As a specialized Contract Research Organization (CRO) providing medical safety monitoring, biostatistics, and bioinformatics services, we process highly sensitive information.
This Privacy Policy outlines how we collect, use, protect, and disclose data in absolute compliance with global regulatory standards, including FDA 21 CFR Part 11, ICH-GCP guidelines, the Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation (GDPR)
1. Regulatory Compliance Frameworks
Our data governance architecture is purpose-built to satisfy the stringent requirements of international life sciences regulators:
- FDA 21 CFR Part 11: All electronic records, signatures, and analytical pipelines generated for clinical trials are validated, closed systems featuring computer-generated, time-stamped audit trails that cannot be modified or deleted.
- ICH-GCP (E6 R2/R3): We adhere strictly to Good Clinical Practice standards regarding patient data confidentiality, protocol adherence, and the accurate reporting of clinical trial data.
- HIPAA & HITECH: For any Protected Health Information (PHI) processed during trials or Real-World Evidence (RWE) studies, we act as a Business Associate, implementing rigorous administrative, physical, and technical safeguards.
- GDPR (EU/UK): When processing Personal Data or Special Category Data (genetic, genomic, or health data) of European or UK citizens, we act primarily as a Data Processor under strict Data Processing Agreements (DPAs) with our sponsors.
2. Types of Data We Process
We handle two distinct categories of data:
- A. Corporate and Business Data: Collected via our website inquiry forms or business correspondence from sponsors, vendors, and job applicants.
- Data Points: Name, corporate email address, phone number, company name, and therapeutic area/RFP documentation.
- Purpose: To respond to business inquiries, execute requests for proposals (RFPs), and manage commercial relationships.
- B. Clinical Trial and Research Data (Sponsor-Provided): Provided to us by clinical trial sponsors, healthcare institutions, or partners for analysis, pharmacovigilance, or monitoring.
- Data Points: Pseudonymized/De-identified patient health records, adverse event logs, genomic sequencing files, and multi-omic datasets.
- Our Mandate: We never collect directly identifiable patient data (such as names or social security numbers) on this website. All clinical data transferred to our analytical environments is coded and pseudonymized by the trial sponsor prior to transmission.
3. Data Protection and Cybersecurity Measures
To prevent unauthorized access, alteration, or disclosure of data, Inshirah Consult enforces enterprise-grade security protocols:
- Encryption: All data is encrypted both in-transit (using TLS 1.3) and at-rest (using AES-256 encryption standards).
- Access Control: We employ a strict Principle of Least Privilege (PoLP) enforced by Multi-Factor Authentication (MFA) and role-based access controls. Only authorized personnel directly assigned to a specific study can access that study's data.
- Validated Systems: Clinical data processing and safety monitoring occur exclusively within validated, compliant architectures (including Veeva and Oracle Argus environments) with continuous electronic audit logging.
4. Data Retention and Destruction
To prevent unauthorized access, alteration, or disclosure of data, Inshirah Consult enforces enterprise-grade security protocols:
- Business Inquiries: Website contact data is retained only as long as necessary to fulfill the business inquiry or manage an active contract.
- Clinical/Research Data: We retain trial and analytical data strictly in accordance with the timelines dictated by our clinical trial contracts, sponsor instructions, and applicable regulatory retention periods (e.g., FDA or EMA archiving requirements). Upon contract expiration or completion, data is securely archived, returned, or permanently destroyed using certified, irreversible deletion methods.
5. Third-Party Disclosures
Inshirah Consult does not sell, rent, or trade personal or research data to third parties. Data is only shared with:
- Authorized third-party infrastructure providers (e.g., validated cloud environments like Oracle or Veeva) strictly to execute clinical operations.
- Regulatory bodies (such as the FDA or EMA) when required for global safety monitoring, pharmacovigilance reporting, or regulatory compliance audits.
6. International Data Transfers
Because clinical research is global, data may be processed in jurisdictions outside of where it was collected. When transferring data across borders (e.g., from the EU to the US), we ensure strict compliance with legally recognized transfer mechanisms, including standard contractual clauses (SCCs) and robust data processing addendums.
7. Your Data Rights
Depending on your jurisdiction (e.g., under GDPR), individuals may have the right to access, rectify, restrict, or request the erasure of their personal data.
- Please Note: For clinical trial data, Inshirah Consult acts as a Data Processor. Because data is heavily pseudonymized to protect patient identity, individuals enrolled in clinical trials must contact their primary investigator or trial sponsor to exercise their privacy rights.
8. Contact Information and Data Protection
For any inquiries, requests, or questions regarding this Privacy Policy and our data governance practices, please contact our data compliance team:
Email: compliance@inshirahconsult.com
Website: www.inshirahconsult.com