Why Privacy Matters in Life Sciences
PraxisVerify is a secure marketplace connecting life sciences companies to pre-vetted regulatory experts for document review and verification. The documents that flow through our platform — 510(k) submissions, Clinical Evaluation Reports, Design History Files, batch records — contain commercially sensitive intellectual property and confidential patient safety data.
In regulated industries, data protection is not just a legal obligation. It is a quality system requirement. Standards including ISO 13485:2016 (Clause 4.2.5 — Control of Documents) and 21 CFR Part 11 (Electronic Records; Electronic Signatures) mandate that organisations maintain the confidentiality, integrity, and traceability of regulated documents throughout their lifecycle. Our privacy practices are designed to meet these expectations.
Platform Security Architecture
PraxisVerify implements a zero-trust approach to document review. This means every access request is verified, every action is logged, and no implicit trust is granted based on network location or user role.
- In-browser review only — experts review documents within a secure browser environment. No downloads are permitted, and no documents are transmitted via email.
- Automatic 90-day deletion — all uploaded documents are permanently deleted 90 days after the review engagement closes, unless a longer retention period is required by applicable regulation.
- Complete audit trails — every document access, review action, and status change is logged with timestamps and user attribution, designed to support 21 CFR Part 11 audit trail requirements.
- Expert credentialing — all experts undergo credential verification before gaining platform access. Credentials are verified against issuing bodies (e.g., IRCA, RAPS, CQI).
Legal Basis for Processing (GDPR Article 6)
We process personal data under the following lawful bases:
- Consent (Art. 6(1)(a)) — analytics cookies are only set after you consent via the cookie banner.
- Contractual necessity (Art. 6(1)(b)) — when you engage with the platform as a client or expert, we process your data to deliver the services you have requested.
- Legitimate interest (Art. 6(1)(f)) — we process contact enquiry data to respond to your questions. Our legitimate interest is providing timely customer support, balanced against your right to privacy.
Distinct processing purposes by audience
PraxisVerify Ltd is the sole data controller for both of the following processing activities. They are kept administratively separate.
- Client and prospect enquiries — we process the contact details and company information of life sciences companies who enquire about, demo, or subscribe to the platform. Lawful basis: legitimate interest (pre-contractual) and contractual necessity (once subscribed). Retention: enquiries are retained for up to 24 months from last contact; active client account data follows the retention schedule in the Data Processing Agreement (DPA).
- Expert recruitment and credentialing pipeline — we process the contact details, declared specialisms, credentials, and professional indemnity insurance information of regulatory professionals applying to join the expert network. Lawful basis: legitimate interest (pre-credentialing pre-screening) and contractual necessity (once a consulting agreement is executed). Retention: applications that do not progress to credentialing are retained for up to 12 months from last contact; credentialed expert records follow the retention schedule in the expert consulting agreement.
You may request access to, correction of, or deletion of your personal data at any time by emailing info@praxisverify.com.
Analytics Cookies
This site uses Google Analytics 4 (GA4) with Consent Mode v2 to understand how visitors use the site. When you first visit, a cookie banner asks for your consent before any analytics cookies are set.
What we collect
Anonymous, aggregated page view data only — pages visited, approximate geographic region, device type, and referral source. We do not collect any personally identifiable information (PII) through analytics.
How consent works
- By default, analytics cookies are denied until you click "Accept" on the cookie banner.
- If you decline, GA4 runs in cookieless mode — no cookies are set and no identifiable data is stored.
- Your choice is saved in your browser's local storage so you are not asked again.
How to opt out
You can clear your browser's local storage for this site at any time to reset your cookie preference. You can also install the Google Analytics Opt-out Browser Add-on to block tracking across all sites.
Contact Data
If you email us at info@praxisverify.com, we store your name and email address solely for the purpose of responding to your enquiry. We do not add you to any mailing list, share your data with third parties, or use it for marketing purposes unless you explicitly request it.
Your Data Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — request a copy of any personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your personal data.
- Restriction — ask us to restrict how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Complaint — lodge a complaint with the Irish Data Protection Commission (DPC).
To exercise any of these rights, email info@praxisverify.com.
Data Controller
PraxisVerify Ltd
Ireland
info@praxisverify.com
PraxisVerify Ltd is the data controller for all personal data processed through this website and the PraxisVerify platform. As a company operating in the life sciences sector, we process personal data in accordance with the General Data Protection Regulation (EU 2016/679), the Irish Data Protection Act 2018, and applicable sector-specific requirements. For platform-related data processing — including expert credentials, client contact information, and document review metadata — a separate Data Processing Agreement (DPA) is provided to all platform users.
Sub-Processors
We use a limited number of third-party services to operate this website. Each sub-processor has been assessed for GDPR compliance:
- Google Analytics 4 (Google LLC, USA) — anonymous website analytics with Consent Mode v2. Data processing governed by Google’s Data Processing Terms. EU Standard Contractual Clauses apply.
- GitHub Pages (GitHub Inc. / Microsoft, USA) — static website hosting. No personal data is collected by the hosting provider beyond standard server logs. Governed by the GitHub Customer Agreement.
- Google Fonts (Google LLC, USA) — web font delivery. IP addresses are logged by Google for font serving. No cookies are set.
- Cloudflare (Cloudflare Inc., USA) — CDN, DDoS protection, and security headers. Governed by Cloudflare’s GDPR commitments.
We do not use any sub-processors for document review or expert matching on this marketing website. Platform sub-processors will be disclosed separately when the full platform launches.
Data Retention
- Contact enquiries — retained for 12 months after the last communication, then permanently deleted.
- Analytics data — retained in Google Analytics for 14 months (GA4 default), then automatically purged.
- Cookie consent preferences — stored in your browser’s local storage until you clear it. No server-side record is kept.
Updates to This Policy
We may update this policy from time to time. Any changes will be posted on this page with a revised "Last updated" date. This policy was last updated on .