ResFlow

ResFlow Privacy Policy

How we collect, use, and protect personal information when you use our platform and website.

Effective 21 June 2026

1. Introduction

ResFlow (“ResFlow”, “we”, “our”, or “us”) is a clinical research site operations platform designed to help research sites manage participants, studies, visit schedules, operational logs, bookings, and study-related administrative workflows.

We are committed to protecting personal information and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable privacy laws.

By accessing or using ResFlow, you acknowledge that you have read and understood this Privacy Policy.

2. Roles and Responsibilities

For participant and study-related information entered into ResFlow:

  • The research site using ResFlow acts as the Data Controller.
  • ResFlow acts as the Data Processor.

For information submitted directly to ResFlow through the website, contact forms, demo requests, support requests, or marketing activities:

  • ResFlow acts as the Data Controller.

3. Information We Collect

Site User Information

We may collect:

  • Name
  • Email address
  • Organisation name
  • Role within organisation
  • Login activity
  • Account preferences

Research Site Operational Data

Research sites may enter:

  • Participant identifiers
  • Participant initials
  • Contact information
  • Demographic information
  • Study participation information
  • Visit scheduling information
  • Operational study records
  • Log and workflow records

Research sites are responsible for ensuring they have an appropriate legal basis for entering and processing participant information within ResFlow.

Website Information

We may collect:

  • Contact form submissions
  • Demo requests
  • Support requests
  • Technical usage information
  • Device and browser information
  • Security logs

4. How We Use Information

We use information to:

  • Provide the ResFlow platform
  • Authenticate users
  • Manage accounts
  • Deliver support services
  • Improve platform performance
  • Monitor security
  • Maintain audit records
  • Respond to enquiries
  • Comply with legal obligations

We do not sell personal information.

5. Lawful Basis for Processing

Where ResFlow acts as a Controller, we rely on:

  • Legitimate Interests
  • Contractual Necessity
  • Legal Obligations
  • Consent where required

Where ResFlow acts as a Processor, processing occurs under the instructions of the customer research site.

6. Data Storage and Security

ResFlow uses industry-standard security measures including:

  • Secure authentication
  • Encrypted connections (HTTPS/TLS)
  • Role-based permissions
  • Organisation-level access controls
  • Audit logging
  • Secure cloud infrastructure

No system can guarantee absolute security; however, we take reasonable steps to protect information from unauthorised access, disclosure, alteration, or destruction.

7. Subprocessors

ResFlow may engage trusted service providers to support operation of the platform.

Current subprocessors may include:

  • Supabase (database and authentication)
  • Vercel (application hosting)
  • Resend (transactional email delivery)

Additional subprocessors may be added from time to time.

8. International Data Transfers

Where information is transferred outside the United Kingdom or European Economic Area, ResFlow will implement appropriate safeguards as required by applicable data protection laws.

9. Data Retention

ResFlow retains information only as long as necessary for:

  • Platform operation
  • Contractual obligations
  • Security monitoring
  • Regulatory compliance
  • Legal obligations

Retention periods may vary depending on customer requirements and applicable regulations.

10. Data Subject Rights

Where applicable, individuals may have rights to:

  • Access personal information
  • Correct inaccurate information
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability

Requests should be directed to the relevant research site where ResFlow acts as Processor.

Where ResFlow acts as Controller, requests may be sent directly to us.

11. Cookies and Similar Technologies

ResFlow may use essential cookies and similar technologies necessary for authentication, security, and operation of the platform.

12. Children's Information

ResFlow is intended for use by authorised research organisations and site personnel.

ResFlow does not knowingly collect information directly from children through its public website.

13. Breach Notification

ResFlow maintains incident response procedures and will notify affected customers of confirmed security incidents in accordance with applicable legal and contractual obligations.

14. Changes to This Policy

We may update this Privacy Policy periodically.

Updated versions will be published on our website and will become effective upon publication.

15. Contact Us

For privacy-related enquiries:

Emailresflow.bookings@gmail.comResFlow · Clinical Trial Site Management Software