PRIVACY STATEMENT

At CRIO, we respect and protect the privacy of our customers and the security of the information that they entrust to us as though it were our own. We greatly value our relationship with you and we want you to understand the standards that govern the information and privacy practices of our website. Throughout this Privacy Policy, we refer to information that personally identifies you or others as "personal information." This Privacy Policy is available on our website, at www.clinicalresearch.io.

Privacy Shield

We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ We will not disclose personally identifiable information to any Agent unless we first either ascertain that the Agent adheres to the EU-U.S. Privacy Shield Framework or Swiss-U.S. Pricacy Shield Framework or is subject to the EU Directive on Data Protection or another adequacy finding or enter into a written agreement with such Agent requiring that the Agent provide at least the same level of privacy protection as is required by the relevant Privacy Shield Principles.

Information We Collect

We collect personally identifiable information such as name, email address, phone number, credit card information, as well as client name and account information in order to provide our "e- source" clinical research services and site operation software (the "Services") Part of the Services relies on users providing us with personal information about individual patients. Our Services uses any such personal information solely for the purpose of tracking clinical trial results. We do not use personal information to contact patients directly, and do not share personal information with anyone other than our authorized partners, each of with whom we have entered into a written agreement addressing, among other things, the types of information to be shared and the level of protection such information shall receive in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Privacy Shield Principles, and other laws.

From time to time we post testimonials on our website and other marketing collateral. We receive permission to post testimonials prior to posting testimonials with personally identifiable information.

If you purchase a product or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date). We use this information to fill your orders. Financial information is processed and stored through our third party payment processor. If we have trouble processing an order, we will use this information to contact you.

We protect your information

We work to protect your personal information and your clients' information ("Data") including email address from loss, misuse or unauthorized alteration by using industry-recognized security safeguards such as firewalls. Our employees and agents are trained and required to safeguard your information. Using physical, electronic and procedural safeguards, we restrict access to personal information to those employees and agents for business purposes only. Additionally, we use internal and external resources to review the adequacy of our security procedures.

CRIO software runs on servers that are hosted at a highly secure data center that is closely monitored. Our backend database is encrypted with 256-bit AES encryption and our backend servers are hosted in a private network with no direct access from outside. All access to our servers is restricted by firewall. All communications between your computers and our servers are secured with the same technology used in electronic filing and electronic banking (RSA/AES 256-bit SSL/Secure Sockets layer encryption). We use a Comodo SSL Certificate and server-gated cryptography for strong encryption of all communication to and from our application services. We host our website at SOC 2 compliant data centers located in the United States of America.

We require you to enter your username and password each time you login.

These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.

How we use the information

When we ask you for information, we will tell you - or it will be clear - what we need to know to fulfill your request and how the information you provide to us will be used. For example, if you register to use the Services, we will ask you for your name, your firm name, e-mail address, password and other contact information. At the time you express interest in attaining additional information, or when you register for the Services, we may also ask for additional personal information, such as your title, mailing address, phone number, fax number or additional firm information. You can opt out of providing this additional information by not entering it when asked. You can update or remove your personal information including email address at any time by logging into the website and editing your personal information. You can view your updated profile to confirm that your edits have been made.

We use the information that we collect to set up Services for you and your firm. We may also use your information to tell you about products or services we think might interest you, to send you email newsletters or to invite you to participate in product or service-related surveys. You can opt out of being contacted by us, or receiving an email newsletter or other information from us, at any time by sending an email to support@clinicalresearch.io. You may also opt-out by following the unsubscribe instructions included in promotional email.

We do not sell, rent or share personal information to anyone except as described in this privacy policy and as permitted by HIPAA and other laws (see "Our Relationships with Third Parties").

We do not share personal information with anyone outside of CRIO for their marketing or promotional use (see "Our Relationships with Third Parties").

We will not review, share, distribute, print, or reference any of your Data except as provided in our contract with you or your organization, or as may be required by law. Individual records may at times be viewed or accessed only for the purpose of resolving a problem, support issue, quality concern or suspected breach of CRIO's contract with you or your organization, or as may be required by law. Of course, you are responsible for maintaining the confidentiality and security of your user registration and password.

We may also collect certain information from visitors to and customers of our website, such as Internet addresses. This information is logged to help diagnose technical problems, and to administer our website in order to constantly improve the quality of the Service. These log files are not tied to personally identifiable information. We may also track and analyze non-identifying and aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

Because of the nature of our business, our website and Services are not designed to appeal to children under the age of 13. We do not knowingly request or receive any information from children.

Our relationships with third parties

We contract with third parties to assist us in servicing you. Our contracts with third parties outline the appropriate use and handling of your information and prohibit third parties (such as our credit card processors and email service provider) from using any of your personal information for purposes unrelated to the product or service for which they've been contracted including their own marketing purposes. Vendors are required to maintain the confidentiality of the information we provide to them.

We may disclose or report personal information in limited circumstances where we believe in good faith that disclosure is required under the law. For example, we may be required to disclose personal information to cooperate with regulators or law enforcement authorities to comply with a legal process such as a court order, subpoena, search warrant or a law enforcement request. We may have partners that provide services; these partner services and websites are clearly identified. When you request any of these products or services, you are permitting us to provide your personal information to the partner to fulfill your request. Our website may provide links to third party sites, such as those of our business partners and online advertisers. Because we do not control the information policies or practices of these third parties, you should review their privacy policies to learn more about how they collect and use personal information.

Should we sell, merge or transfer any part of our business, part of the sale may include your personal information. If so, you will have the opportunity to ask not to receive promotional information following any change of control.

We may use sources outside of CRIO to supplement the information you give us. For example, we may validate your address using other sources. We use this data to help us maintain accuracy and provide you with better service.

How we use Web technologies

We use a variety of technologies on our website. Among these are cookies, which are pieces of information that our website provides to your browser. Cookies allow us to track overall site usage and determine areas users prefer. Certain types of cookies also allow us to customize your visit to our website by recognizing you when you return. For this purpose, your personally identifiable information may be tied to our cookies. You can choose to decline cookies while at our website, however, this may limit your ability to access certain areas of our website. Most browsers accept and maintain cookies by default. Check your browser's "Help" menu to learn how to change your cookie preference.

When we track activity on our website, we collect information such as your IP address, browser type and version, and pages you view. We also keep track of how you get to our website and any links you click on to leave our website. We do not track URLs that you type into your browser, nor do we track you across the Internet once you leave our sites. We use your website activity to assist you by reducing the need to re-enter your data and to help us resolve technical support issues. We may also use this information to offer you a personalized web experience and to tailor our offerings to you.

We may access and set cookies using Web beacons, also known as pixel tags, which are invisible graphical images. These Web beacons tell us useful information regarding our website such as which pages users access. When we send e-mails, we may include a single-pixel GIF to determine the number of people who open our e-mails. When you click on a link in an e-mail, we record this individual response to allow us to customize our offerings to you.

We give you choice and control

We may use your contact information to tell you about other products or services that we think might interest you. However, if you don't want us to contact you for promotional purposes, you can eus when you provide the information. Your contact preferences only apply to marketing contact. We may need to communicate with you regarding the Services (such as service messages, subscription renewal notices, critical notices, or legally mandated notices.) You may not opt-out of these types of transactional messages.

When you wish to exercise your opt out right, you may contact us at: support@clinicalresearch.io

You can update or correct your contact information including email address relating to your CRIO account by using the "My Account" page of our website.

Enforcement:

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at:

CRIO, Inc One Main St., Suite 150 Cambridge, MA 02142 Tel: 617-302-9845 Email: compliance@clinicalresearch.io

We have agreed to be bound by the authority of JAMS in addressing and resolving any dispute relating to your privacy or this policy. This dispute resolution mechanism is available to you at no cost. Any decisions by this organization are binding on us. To learn more about this service, go to:

https://www.jamsadr.com/eu-us-privacy-shield

The Federal Trade Commission has jurisdiction over our compliance with this Policy, the EU-U.S. Privacy Shield Framework, and the Swiss-U.S. Privacy Shield Framework. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework, we are potentially liable.

Changes in this Privacy Policy

If we decide to change our privacy policy, we will post those changes to this privacy policy, the home page, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.