Novostead Privacy Policy

Last updated: 2026-01-20

This Privacy Policy explains how Novostead (“Novostead,” “we,” “us,” “our”) collects, uses, discloses, and protects information when you use our website, applications, tools, directories, newsletters, and related services (collectively, the “Services”).

1) Who we are (Controller)

Novostead is the entity responsible for processing your personal information (the “Controller,” under GDPR terminology).

Contact:

If you are in the EEA/UK, you may need to appoint an EU/UK representative depending on your operations.

2) Summary (plain language)

We collect limited information to:

  • operate accounts (login and saved items)
  • provide alerts/newsletters you request
  • improve the Services (analytics and troubleshooting)
  • process “Request intro” / concierge inquiries you submit
  • maintain integrity of listings and submissions (moderation and anti-spam)

We do not sell your personal information in the traditional sense. We do not knowingly collect personal information from children under 13 (or the age required in your jurisdiction).

Novostead is an educational directory and tool platform. Please do not submit medical records or sensitive health information through our forms.

3) Information we collect

A) Information you provide directly

Depending on how you use Novostead, you may provide:

Account and profile information

  • email address (for login, account communications)
  • display name, avatar, bio (optional)
  • preferences (e.g., city, topics followed, notification settings)

Newsletter and alerts

  • email address for “Radar” or other newsletters
  • alert settings (conditions, locations, topics)

Concierge / Request Intro

  • name (optional), email (required)
  • other details you may choose to provide such as phone number, city/country, budget band, timeline preferences, or notes
  • Important: we ask you not to include medical records or sensitive medical details.

Submissions and reviews

  • clinic/test/company submissions, edits, comments, and reviews
  • supporting links and citations you provide

Expert applications

  • credentials text you submit, expertise areas, proof links (optional)

B) Information we collect automatically

When you use the Services, we may automatically collect:

Device and usage data

  • IP address (often approximate location derived from IP)
  • device type, browser type, operating system
  • pages viewed, clicks, scrolling events, time on page (approximate)
  • referrer URL, UTM parameters

Cookies and similar technologies We use cookies/local storage and similar technologies for:

  • authentication/session management
  • preferences (e.g., theme)
  • analytics and performance monitoring (See Section 8 for more.)

C) Information from third parties

We may receive information from:

  • authentication providers (e.g., email login, OAuth providers if enabled)
  • analytics providers (if used)
  • email delivery providers (newsletter delivery events like delivery/open/click may be tracked)
  • payment processors (e.g., Stripe) regarding subscription status (we do not store full credit card numbers)
  • publicly available sources used in our directory content (e.g., ClinicalTrials.gov, PubMed)

These sources are about trials and publications—not your personal data.

4) Sensitive information

Novostead is not designed for collecting sensitive medical data or medical records.

  • Do not upload or paste medical records or sensitive personal health information into forms.
  • If you do submit sensitive information anyway, you do so at your own discretion, and we may delete it to protect your privacy.

We do not intentionally collect:

  • biometric identifiers
  • genetic data
  • government ID numbers
  • detailed medical histories

If you intend to support uploads in the future (e.g., lab PDFs), you should implement separate consent flows and stronger controls and update this policy accordingly.

5) How we use information (purposes)

We use your information to:

Provide and maintain the Services

  • create and manage accounts
  • authenticate users
  • enable features like saves, alerts, comparisons, and subscriptions (if applicable)

Operate newsletters and notifications

  • send the Novostead Radar newsletter (if you sign up)
  • send alerts you configure (trial updates, saved topic alerts)

Process “Request intro” and concierge inquiries

  • route or respond to your inquiry
  • follow up with questions needed to provide your requested shortlist or introduction
  • protect against spam or abusive inquiries

Improve, secure, and debug the Services

  • analytics, usage patterns, and product improvements
  • performance monitoring
  • preventing fraud, abuse, and security incidents

Moderation and content integrity

  • review submissions, comments, reviews
  • enforce policies, remove spam/misinformation
  • maintain the integrity of directory listings

Legal and compliance

  • comply with applicable laws
  • respond to lawful requests
  • enforce our Terms

6) Legal bases (GDPR/UK GDPR)

If you are in the EEA/UK, we process personal data under these legal bases:

  • Contract: to provide the Services you request (e.g., account features)
  • Consent: for newsletters/marketing emails and some cookies (where required)
  • Legitimate interests: analytics, service improvement, fraud prevention, security, and moderation
  • Legal obligation: compliance with applicable laws

You can withdraw consent (e.g., unsubscribe from email) at any time.

7) How we share information

We may share information in limited ways:

A) Service providers (processors)

We use vendors to operate the Services, such as:

  • hosting and infrastructure (e.g., Vercel)
  • database/authentication (e.g., Supabase)
  • email delivery (e.g., Mailchimp)
  • payment processors (e.g., Stripe)
  • analytics (e.g., internal metrics, PostHog, Plausible, or Google Analytics—if enabled)
  • error monitoring (e.g., Sentry—if enabled)

These providers process data on our behalf under contractual obligations.

B) Providers/clinics (Request intro only)

If you use “Request intro” or concierge features, we may share the information you submitted with the relevant provider only as needed to fulfill your request.

We aim to share minimal information required (usually contact info and your request details). We do not intend to share medical records.

C) Legal reasons

We may disclose information if required by law, subpoena, court order, or to protect rights, safety, and security.

D) Business transfers

If Novostead is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to standard protections.

We do not sell personal information We do not sell personal information for money. If you are in California, see Section 12.

8) Cookies, analytics, and tracking

We use cookies and similar technologies for:

  • Essential: login sessions, security, preferences
  • Analytics (optional depending on your settings and jurisdiction): measuring traffic and usage patterns. We primarily use internal first-party analytics (e.g., page view counts, anonymous session metrics) to improve our Services. We may also use third-party analytics providers if enabled.

Managing cookies You can control cookies through your browser settings. Some features may not work if cookies are disabled.

If required by law, we will implement a cookie banner/consent mechanism for analytics cookies.

9) Data retention

We retain personal information only as long as necessary for the purposes described above, including:

  • Account data: retained while your account is active; deleted or anonymized after account deletion requests, subject to legal obligations.
  • Newsletter signups: retained until you unsubscribe (and a reasonable period thereafter for compliance and suppression).
  • Leads/concierge inquiries: retained as needed to process your request and for reasonable business recordkeeping; then deleted or anonymized.
  • Logs/analytics: retained for security and performance purposes for a limited period.

Retention periods may vary depending on legal requirements and operational needs.

10) Security

We use reasonable administrative, technical, and organizational measures to protect information. However, no system is 100% secure. You use the Services at your own risk.

If we become aware of a security incident affecting your personal information, we will respond in accordance with applicable law.

11) International data transfers

Your information may be processed in countries other than your own, including where our providers operate.

If you are in the EEA/UK, we will rely on recognized transfer mechanisms (such as Standard Contractual Clauses) where required.

12) Your rights and choices

A) Email preferences

You can unsubscribe from newsletters at any time using the unsubscribe link in the email. Transactional/operational emails (e.g., login, security) may still be sent as needed.

B) Access, correction, deletion

Depending on your location, you may have rights to:

  • access your personal information
  • correct inaccurate information
  • request deletion
  • object to processing
  • request portability
  • restrict processing

To request these, contact: privacy@novostead.com.

C) California privacy rights (CCPA/CPRA)

If you are a California resident, you may have rights to:

  • know what personal information we collect and disclose
  • request deletion (subject to exceptions)
  • correct inaccurate information
  • opt out of “sale” or “sharing” (as defined by law)

Novostead does not sell personal information for money. If we engage in “sharing” for cross-context behavioral advertising in the future, we will provide appropriate opt-out mechanisms.

D) Do Not Track

Browsers may offer “Do Not Track” signals. There is no universal standard for responding to them; we may not respond to all DNT signals.

13) Children’s privacy

The Services are not intended for children. We do not knowingly collect personal information from children under 13 (or applicable age in your jurisdiction). If you believe a child provided us personal information, contact us to request deletion.

14) Third-party links

The Services link to third-party sites (clinics, registries, publications). We are not responsible for their privacy practices. Review third-party privacy policies before providing them personal information.

15) Updates to this Privacy Policy

We may update this policy periodically. We will update the “Last updated” date at the top. Material changes may be highlighted on the site.

16) Contact us

Questions or requests:

Questions? Contact us at support@novostead.com