Privacy Policy

The ITWC IRB System collects information necessary to manage Institutional Review Board processes for clinical research. This includes:

• Account information (name, email, organizational affiliation)
• Research protocol data submitted for IRB review
• Communication records between researchers, clinics, and the IRB
• Audit logs of system access and actions for regulatory compliance

Your information is used to:

• Facilitate IRB review and approval processes
• Maintain regulatory compliance (FDA 21 CFR Part 11)
• Communicate updates about research protocols and submissions
• Generate audit trails required by federal regulations
• Improve system functionality and user experience

We implement industry-standard security measures to protect your data, including:

• End-to-end encryption for data in transit and at rest
• Role-based access controls (RBAC)
• Multi-factor authentication (MFA)
• Regular security audits and penetration testing
• SOC 2 Type II compliant infrastructure

Research data and audit logs are retained in accordance with FDA 21 CFR Part 11 requirements. Personal account information can be deleted upon request, subject to regulatory retention obligations.