Skip to main content

Privacy Policy

How we collect, use, and protect your information when using Biocore's enterprise-grade regulatory compliance infrastructure for pharmaceutical companies and AI workflows.

1. Introduction

Biocore Systems LLC ("Biocore", "we", "us", or "our"), a company registered in the United Arab Emirates, Dubai, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our API services, or interact with our platform (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

We collect information that you provide directly to us, such as when you create an account, use our services, subscribe to our API, or contact us for support. The types of information we may collect include:

Personal Information

  • Name and contact information (email address, phone number)
  • Company name and job title
  • Account credentials (username, password)
  • Billing information and payment details
  • Profile information and preferences

Usage Data

  • API usage statistics and logs
  • Website browsing patterns and interactions
  • Device information (IP address, browser type, operating system)
  • Location data (general geographic location based on IP address)
  • Time and date of access

Automatically Collected Information

  • Cookies and similar tracking technologies
  • Log files and analytics data
  • Error reports and diagnostic information

Customer Data

If you use our Services to process data on behalf of your organization, we may collect and process Customer Data as defined in our Terms of Service. This may include:

  • Regulatory data and documents uploaded to the Services
  • Data generated through your use of our API services
  • Any Protected Health Information (PHI) if a Business Associate Agreement (BAA) is in place

Important: If Customer Data includes PHI, a separate Business Associate Agreement (BAA) must be executed before any such data is processed. Please refer to our Terms of Service for more details.

3. Data Collection by Deployment Type

Managed Hosting

For managed hosting deployments, Biocore collects only user authentication information necessary for login and user management:

  • Username and email address (for authentication)
  • User role and permissions (for authorization)
  • Login timestamps (for security monitoring)

Customer Data Access: Customer data (regulatory documents, PHI if applicable) is stored in managed infrastructure, but Biocore's access is limited to:

  • User authentication and authorization (login information only)
  • System operations and technical support (with customer authorization)
  • UI display for authorized users

Biocore does NOT access customer data content (regulatory documents, PHI) except as necessary for technical support with customer authorization, or as required by law. All data access is logged and auditable.

Self-Hosted Deployments

For self-hosted deployments, Biocore collects ZERO data. Customer has complete control over all data:

  • No data collection by Biocore (no telemetry, no usage analytics, no connection to Biocore servers)
  • Customer has full control over all data, infrastructure, and security
  • Customer is fully responsible for data security, compliance, backup, and retention
  • Biocore provides software only; no data access or responsibility

Self-hosted deployments provide complete data sovereignty, making them ideal for organizations with strict compliance requirements or data residency concerns.

4. How We Use Your Information

We use the information we collect for various purposes, including:

  • Service Delivery: Provide, maintain, and improve our services, including API access, customer support, and technical assistance
  • Account Management: Process transactions, manage subscriptions, and send related information such as receipts and invoices
  • Communication: Send technical notices, updates, security alerts, and support messages
  • Customer Support: Respond to your comments, questions, and requests
  • Security Monitoring: Detect, prevent, and address technical issues, fraud, and security threats
  • Legal Compliance: Comply with legal obligations, enforce our terms, and protect our rights and the rights of our users
  • System Operations: Monitor system performance, troubleshoot issues, and ensure service availability (with customer authorization for managed hosting)
  • Marketing: Send promotional communications about our products and services (with your consent where required)

Note: We do not use Customer Data (regulatory documents, PHI) for analytics, product development, or system improvement purposes. Analytics are limited to aggregated, anonymized usage statistics that do not contain Customer Data or PHI.

5. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy. We may share your information in the following circumstances:

Service Providers and Subcontractors

We may share information with third-party service providers and subcontractors who assist us in operating our website, conducting our business, or serving our users. These service providers are contractually obligated to keep this information confidential and use it only for the purposes for which we disclose it to them. Examples include:

  • Cloud hosting and infrastructure providers
  • Payment processors and billing services
  • Analytics and monitoring services (limited to aggregated, anonymized data)
  • Customer support and communication tools

Subcontractor Disclosure: For enterprise customers, Biocore will provide a list of material subcontractors upon request. All subcontractors are bound by:

  • Data processing agreements with equivalent data protection obligations
  • Business Associate Agreements (BAAs) for HIPAA-covered subcontractors
  • Confidentiality and security requirements
  • Compliance with applicable data protection laws

Government Data Access and Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose information to protect our rights, privacy, safety, or property, or that of our users or others.

Customer Notification: Biocore will notify Customer of any government request for Customer Data, unless legally prohibited from doing so. Notification will be provided:

  • Prior to disclosure, when legally permitted
  • Within 48 hours of disclosure, if prior notification is prohibited
  • Immediately upon learning that a prohibition on notification has been lifted

Data Access Resistance: Biocore will:

  • Challenge government requests that appear overbroad or lack proper legal basis
  • Require valid legal process (subpoena, court order, warrant) before disclosure
  • Limit disclosure to the minimum data necessary to comply with the request
  • Require government authorities to provide written assurance of legal authority

Self-Hosted Deployments: For self-hosted deployments, Biocore has no access to Customer Data and therefore cannot be compelled to disclose it. Government requests would be directed to Customer, who maintains full control and responsibility.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity.

With Your Consent

We may share your information with your explicit consent or at your direction.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest using industry-standard protocols (TLS 1.3, AES-256)
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms (multi-factor authentication, role-based access control)
  • Secure data centers with physical and logical safeguards
  • Employee training on data protection and privacy
  • Compliance with industry standards including SOC 2 Type II and HIPAA
  • Comprehensive audit logging and monitoring
  • Data integrity controls and backup systems

HIPAA Compliance:

If you are a Covered Entity or Business Associate under HIPAA and process Protected Health Information (PHI) through our Services, we implement security controls aligned with HIPAA Security Rule requirements. We employ administrative, physical, and technical safeguards to protect ePHI, including encryption, access controls, audit controls, and integrity controls. A Business Associate Agreement (BAA) is required before processing any PHI and is available upon request.

Breach Notification: In the event of a security breach involving PHI, Biocore will notify Customer within the timeframes required by HIPAA (typically within 60 days of discovery). Biocore will cooperate with Customer's breach notification obligations and provide all necessary information to support Customer's notification to affected individuals and regulatory authorities.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your personal information, we will securely delete or anonymize it.

Retention Periods:

  • Account Information: Retained for as long as your account is active, plus 90 days after account termination for data export purposes
  • Customer Data: Retained for the duration of the subscription term, plus 90 days after termination (as specified in Terms of Service)
  • PHI: Retained in accordance with HIPAA requirements and as specified in the BAA
  • Audit Logs: Retained for a minimum of 7 years for compliance purposes (GxP, HIPAA)
  • Billing Information: Retained for 7 years for tax and accounting purposes

We may retain certain information for legitimate business purposes, such as fraud prevention, dispute resolution, or compliance with legal obligations, even after account deletion. For self-hosted deployments, Customer is responsible for all data retention and deletion.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access: Request access to your personal information and receive a copy of the data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information (subject to legal and contractual obligations)
  • Objection: Object to processing of your personal information for certain purposes
  • Restriction: Request restriction of processing of your personal information
  • Data Portability: Request transfer of your data to another service provider in a structured format
  • Withdraw Consent: Withdraw consent where processing is based on consent
  • Opt-Out: Unsubscribe from marketing communications at any time

Data Export: You may export your data at any time during the subscription term in standard formats (JSON, CSV, PDF) through the Services interface or by request. Biocore will provide data export within 30 days of request at no additional charge for standard exports. Custom export formats may incur additional fees as specified in the Order Form.

To exercise any of these rights, please contact us at hello@biocore.com. We will respond to your request within a reasonable timeframe and in accordance with applicable law (typically within 30 days, or within 60 days for complex requests under GDPR).

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information. Cookies are small data files stored on your device that help us improve your experience, analyze usage patterns, and provide personalized content.

Types of cookies we use:

  • Essential Cookies: Required for the Service to function properly
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

10. Data Residency and International Transfers

Data Storage Location

Default Storage: By default, Customer Data in managed hosting deployments is stored in Biocore's cloud infrastructure. The primary data center location is specified in the Order Form or SLA.

Data Residency Options: Biocore offers data residency options for customers with specific geographic requirements:

  • US Data Residency: US data center options are available for customers requiring data to remain within US jurisdiction. This option is specified in the Order Form and may incur additional fees.
  • EU Data Residency: EU data center options are available for customers requiring GDPR-compliant data residency within the European Economic Area.
  • Self-Hosted: For customers with strict data residency requirements, self-hosted deployment provides complete control over data location and ensures data never leaves customer infrastructure.

Data Replication and Backups: Data backups and disaster recovery systems may replicate data across geographic regions for redundancy. Backup locations are specified in the SLA or Order Form. Customers with strict data residency requirements should specify backup location restrictions in the Order Form.

Cross-Border Data Transfer Safeguards

Biocore operates from the United Arab Emirates, Dubai. Your information may be transferred to and processed in countries other than your country of residence, including the UAE and other jurisdictions where we or our service providers operate. These countries may have data protection laws that differ from those in your country.

Transfer Safeguards: We implement appropriate safeguards to ensure that your personal information receives adequate protection when transferred across borders:

  • Standard Contractual Clauses (SCCs): For EU customers, Biocore uses EU-approved Standard Contractual Clauses for data transfers outside the EEA, as required by GDPR
  • Adequacy Decisions: Biocore leverages adequacy decisions where available (e.g., UK adequacy for EU-UK transfers)
  • Data Processing Agreements: All data transfers are governed by data processing agreements that specify transfer mechanisms and safeguards
  • Encryption: All data transfers are encrypted in transit using TLS 1.3 or higher
  • Data Residency Options: US and EU data residency options minimize cross-border transfers

Export Control Compliance

Biocore complies with applicable export control regulations, including:

  • US Export Administration Regulations (EAR): Compliance with US Department of Commerce export control requirements
  • International Traffic in Arms Regulations (ITAR): If Customer Data includes ITAR-controlled information, Customer must notify Biocore and additional restrictions may apply
  • Sanctions Screening: Biocore screens all customers against applicable sanctions lists (OFAC, UN, EU) and will not provide Services to sanctioned entities
  • Trade Restrictions: Biocore complies with applicable trade restrictions and embargoes

Customer Responsibility: Customer is responsible for ensuring that its use of the Services complies with all applicable export control laws and regulations. Customer must notify Biocore if Customer Data includes export-controlled information.

If you are located in the European Economic Area (EEA) or United Kingdom, we comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), when transferring your personal information internationally. If you are located in the United States, we comply with applicable US federal and state data protection laws, including state-specific privacy regulations.

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we learn that we have collected personal information from a child without parental consent, we will take steps to delete that information.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete personal information we have collected from you
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to access your personal data
  • The right to rectification of inaccurate data
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision-making and profiling

If you wish to exercise any of these rights, please contact us. We will respond to your request within one month, or within two months for complex requests. We may require verification of your identity before processing your request.

14. Regulatory Compliance

Biocore is committed to compliance with applicable regulatory requirements for pharmaceutical and healthcare customers:

  • FDA Regulations: Support for FDA regulatory requirements, including 21 CFR Part 11, GxP standards, and data integrity requirements
  • HIPAA: HIPAA Security Rule compliance for healthcare customers (with BAA)
  • GDPR: Compliance with General Data Protection Regulation for EU customers
  • State Regulations: Compliance with applicable state data protection and privacy laws

For detailed information about regulatory compliance, data residency options, and government data access, please refer to our Terms of Service.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also notify you via email or through a prominent notice on our Service.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Biocore Systems LLC

Dubai, United Arab Emirates

Email: hello@biocore.com

For privacy-related inquiries, please include "Privacy Policy" in the subject line.

Related Legal Documents

Terms of Service →

Last Updated: February 3, 2026

By using Biocore's Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, you must not use the Services.