Skip to main content

Privacy Policy

Srotas Health Ltd

Effective: Dec 7, 2022

Contact us at connect@srotas.health

1. Who We Are and What This Policy Covers

Srotas Health Ltd is a software company that builds tools for clinical research and healthcare organisations. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit our website, use our products, or get in touch with us.

When our customers use our platform to manage patient or study participant data, they control how that data is handled. In those cases, we act on their instructions, and individuals should refer to their relevant provider or organisation for information about how their data is used.

2. Information We Collect

We collect information in a few different ways.

Information you give us

  • Your name, email address, phone number, job title, and organisation when you sign up, reach out, or fill in a form.
  • Any messages, requests, or feedback you send to us.
  • If you apply for a job, your CV and application details.

Information we collect automatically

  • Your IP address, browser type, device information, and the pages you visit on our site.
  • Usage data such as which features you use and how often, collected through logs and similar tools.
  • Cookies and similar tracking technologies (see Section 6 for details).

Information from customers

When customers use our platform, they may upload or process data that includes health or clinical information about patients or study participants. We handle this data according to our agreement with each customer and do not use it for our own purposes.

3. How We Use Your Information

We use the information we collect to:

  • run and improve our products and services;
  • respond to your questions and provide customer support;
  • send you updates, product news, or marketing where you have agreed to receive them;
  • keep our systems secure and prevent fraud or misuse;
  • meet our legal and regulatory obligations; and
  • carry out other purposes we describe to you at the point of collection.

We do not sell your personal information. We do not use the data our customers upload to the platform for our own marketing or product development unless a customer has separately agreed to this in writing.

4. How We Share Your Information

We share personal information only where we need to operate our business. We do not sell or share your data with advertisers.

  • Service providers. We work with third party service providers such as cloud hosting companies, email tools, and analytics platforms. These providers can only use your data to perform services for us.
  • Customer integrations. Where a customer connects our platform to their own tools or systems, we share data as directed by that customer.
  • Legal requirements. We may share information where required by law, a court order, or a regulatory authority, or to protect the safety of our users and systems.
  • Business transfers. If Srotas Health is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction.

5. Automated Processing

Some features of our platform use automated processing to help customers manage their workflows. These tools are designed to support people, not replace their judgement. Customers and their staff remain responsible for reviewing outputs and making decisions. Where customer data is processed by automated features, we do so only as directed by the customer and in line with our agreement with them.

6. Cookies

We use cookies and similar technologies on our website to make it work properly, remember your preferences, and understand how people use it. Some cookies are essential for the site to function. Others help us with analytics or, where you have agreed, marketing.

You can manage or turn off cookies through your browser settings at any time. Turning off certain cookies may affect how the site works for you. Where required by law, we will ask for your consent before placing non-essential cookies.

7. Data Security

We take security seriously. We use encryption to protect data in transit and at rest, keep customer data isolated between accounts, require multi-factor authentication for platform access, and carry out regular security reviews and testing.

We also require any third party that processes personal data on our behalf to maintain appropriate security standards. Where relevant, we enter into data processing agreements and Business Associate Agreements with these parties.

No system is completely secure. If you believe your information has been compromised, please contact us at security@srotas.health.

8. Data Breach Notification

If we experience a data breach that affects your personal information, we will notify you and any relevant regulatory authority as required by law. In the UK and EU, this means notifying the relevant authority within 72 hours of becoming aware. In the US, under HIPAA rules, we notify affected parties within 60 calendar days. We will tell you what happened, what data was involved, and what steps we are taking.

9. How Long We Keep Your Data

We keep personal information for as long as we need it for the purpose it was collected, to meet legal or contractual requirements, or to resolve any disputes. When we no longer need it, we delete or anonymise it.

  • Account data. Account and contact information is kept for the duration of our relationship and for a period afterwards as required by law, typically up to six years.
  • Customer data. Customer platform data is handled according to our agreement with each customer. When a customer relationship ends, we delete or return their data as agreed, normally within 90 days.
  • Marketing data. Marketing contact information is kept until you unsubscribe or ask us to remove it.

10. International Data Transfers

We are based in the UK and serve customers around the world. Your data may be stored or processed in the United Kingdom, the United States, the European Economic Area, or other countries where our service providers operate.

When we transfer personal data across borders, we put in place appropriate protections. For transfers from the UK or the EEA, we use Standard Contractual Clauses or the UK International Data Transfer Addendum, or other mechanisms approved by the relevant authority.

11. Your Privacy Rights

You have rights over your personal information. The specific rights available depend on where you live, but generally include the ability to:

  • access a copy of the personal information we hold about you;
  • ask us to correct information that is inaccurate or out of date;
  • ask us to delete your information, where we do not have a legal reason to keep it;
  • ask us to restrict or stop processing your data in certain circumstances;
  • receive a copy of your data in a usable, portable format;
  • object to processing based on our legitimate interests; and
  • withdraw consent at any time, where we rely on consent to process your data.

UK and EEA residents

You can contact your local data protection authority if you are unhappy with how we have handled your data. In the UK, this is the Information Commissioner's Office. We aim to respond to all requests within 30 days.

US residents

Depending on your state, you may have additional rights under laws such as the California Consumer Privacy Act. These may include the right to know what data we have collected, to request deletion, to opt out of any sale of personal information (we do not sell personal information), and to appeal any decision we make about your request. We do not discriminate against you for exercising any of these rights.

Data processed on behalf of a customer

If your data was processed through our platform by one of our customers, such as a healthcare provider or research organisation, please direct your request to them. We will support them in responding as required.

To make a request about data we hold directly, email connect@srotas.health. We may ask you to verify your identity before processing your request.

12. Children

Our website and marketing are not intended for children under 13, and we do not knowingly collect personal information from children for marketing purposes. Where our platform is used to process information about minors as part of a clinical study or healthcare programme, this is done under the direction of our customer and governed by the applicable agreements and laws.

13. Links to Other Sites

Our website may link to third party websites or services. We are not responsible for how those sites handle your data. We recommend reviewing their privacy policies before sharing any personal information with them.

14. Changes to This Policy

We update this policy from time to time. When we make significant changes, we will let you know by email or by posting a notice on our website. The date at the top of this page shows when it was last updated.

15. How to Contact Us

If you have any questions about this policy or how we handle your personal information, please get in touch.

Privacy: connect@srotas.health

Security: connect@srotas.health

© 2026 Srotas Health Ltd. All rights reserved.