Privacy Policy

Last updated: June 12, 2026

1. Introduction

Lynd Clinical, Inc. (“Lynd Clinical,” “Lynd,” “we,” “us,” or “our”) provides a clinical-trial participant recruitment, screening, and electronic-signature platform used by research sites, investigators, and study sponsors. This Privacy Policy explains how we collect, use, disclose, and protect information when you:

  • visit our website at lyndclinical.com;

  • use the Lynd platform (the “Services”); or

  • receive communications from us, including email, telephone calls, and text (SMS) messages.

By using the Services or providing us your information, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

2. Our Role and Health Information (HIPAA)

Much of the health information in the Services is Protected Health Information (“PHI”) that belongs to, and is provided by, the research sites and providers who use Lynd. For that information, those organizations are the covered entities, and Lynd Clinical acts as their Business Associate under the Health Insurance Portability and Accountability Act (“HIPAA”). Our handling of PHI is governed by our Business Associate Agreements (“BAAs”) with those organizations, and where a BAA conflicts with this Policy as to PHI, the BAA controls.

For information you provide to us directly — such as when you visit our website, contact us, or consent to receive text messages — Lynd Clinical determines how that information is handled, as described in this Policy.

HIPAA and consent to receive messages are separate. Authorizing the use or disclosure of your health information (a HIPAA authorization) is not the same as consenting to receive text messages, and consenting to receive text messages is not a HIPAA authorization. Each is requested separately, and you may decline or withdraw either one.

3. Information We Collect

Depending on how you interact with us, we may collect the following categories of information:

  • Identifiers and contact information — name, email address, telephone/mobile number, mailing address, and, for participants, date of birth and medical record number (MRN).

  • Health information (PHI/ePHI) — medical history, diagnoses (e.g., ICD-10 conditions), laboratory and imaging results, medications, allergies, encounter history, and demographic and eligibility details, processed on behalf of the research sites that use Lynd.

  • Screening and eligibility information — responses to study screening questionnaires and related recruitment status.

  • Consent and communication records — your contact-method consents (including SMS opt-in/opt-out), HIPAA authorization records, and the date, method, and content of disclosures you were shown.

  • Electronic-signature records — your electronic signature, the document and its version, the meaning of the signature, and the date, time, IP address, and device/browser used to sign.

  • Eligibility assessments — match scores, rationales, and related output generated by our software to support recruitment decisions.

  • Audit and security records — an append-only audit trail of actions taken in the Services, attributable to the acting user.

  • Technical and usage data — IP address, browser/device information, and log data generated when you use the website or Services.

4. Mobile Information and Text Messaging (SMS)

This section describes how we handle information related to our text-messaging program. It is incorporated into, and is part of, this Privacy Policy.

What we collect and why. With your consent, we collect your mobile phone number to send you one-time verification and signing codes that confirm your identity when you electronically sign clinical-trial documents. Where you have separately opted in, we may also send service notifications such as appointment or study reminders. We do not send marketing text messages.

No protected health information is sent by SMS. Our text messages contain only the information needed to complete the action (for example, a numeric code) and never include your name, date of birth, MRN, diagnosis, or other health details.

We do not share or sell your mobile information. The following statement is a core commitment of our messaging program:

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.

We do not sell, rent, or trade your mobile phone number or your SMS opt-in/consent data. We use a trusted messaging service provider (a Communications-Platform vendor) solely to deliver messages on our behalf; that provider processes your mobile number only as needed to transmit our messages and is contractually prohibited from using it for any other purpose.

Consent. We send text messages only after you opt in (for example, by checking a clearly labeled, un-pre-selected box and providing your mobile number, or by texting a keyword to us). Consent to receive text messages is not a condition of any treatment, payment, enrollment, or participation in a study.

Frequency and cost. Message frequency varies; verification codes are sent only when you request to sign a document. Message and data rates may apply.

Opting out and getting help. You can opt out at any time by replying STOP to any of our messages; we will send a single confirmation and then stop sending messages to that number. Reply HELP for help, or contact us at privacy@lyndclinical.com. Opting out of text messages does not opt you out of email or other communications, which you can manage separately.

See our Terms of Use for the full SMS program terms.

5. How We Use Information

We use information to:

  • verify identity and deliver one-time signing/verification codes;

  • provide, operate, maintain, and secure the Services;

  • support participant recruitment, screening, and electronic signing on behalf of research sites and sponsors;

  • send service communications you have requested or consented to;

  • comply with legal, regulatory, and recordkeeping obligations, including applicable requirements under 21 CFR Part 11 and FDA recordkeeping rules; and

  • detect, investigate, and prevent fraud, abuse, and security incidents.

6. How We Share Information

We share information only as follows:

  • With the research sites, investigators, and sponsors for whom we process the information, consistent with our agreements and applicable law.

  • With service providers and subprocessors who perform services for us — for example, cloud hosting, transactional email delivery, telephony, and SMS delivery — under contracts that require them to protect the information and use it only to provide services to us.

  • For legal and safety reasons — to comply with law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Lynd, our users, or others.

  • In a business transfer — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We do not sell your personal information, and — as stated in Section 4 — we do not share mobile opt-in data or consent with third parties, and we do not share mobile information with third parties or affiliates for marketing or promotional purposes.

7. How We Protect Information

We maintain administrative, technical, and physical safeguards designed to protect information, including:

  • encryption in transit (TLS/HTTPS) and encryption at rest;

  • network isolation of our databases (no public network exposure);

  • unique, named user accounts with multi-factor authentication required for production access, role-based least-privilege authorization, and organization-level tenant isolation;

  • an append-only audit trail recording actions on records; and

  • session controls, access reviews, and timely deprovisioning.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data Retention

We retain information for as long as needed to provide the Services and to meet our legal, regulatory, and contractual obligations. Clinical records and their audit trail are retained in accordance with applicable regulatory requirements — including the requirement under 21 CFR 312.62(c) to retain records for at least two years after a marketing application is approved (or after the investigation is discontinued) — and for any longer period required by the sponsor or protocol. Mobile numbers and SMS opt-in/consent records are retained for as long as your consent is active and as required to evidence consent and comply with law. We do not destroy clinical records before their retention period elapses.

9. Your Rights and Choices

  • Text messages: opt out anytime by replying STOP; reply HELP for help.

  • Email: use the unsubscribe link in our emails or contact us.

  • Access, correction, and deletion: because much of the health information we process belongs to a research site or provider, requests to access, correct, or delete that information may need to be directed to that organization; we will assist as required by our agreements and applicable law. For information you provided to us directly, contact us using Section 13.

  • HIPAA rights: you may have rights regarding your PHI (including the right to revoke a HIPAA authorization in writing); contact the research site that holds your records, and see our BAAs.

10. U.S. State Privacy Rights

Depending on your state of residence, you may have additional rights regarding your personal information (for example, to access, correct, delete, or limit certain uses). Much of the health information in the Services is exempt from, or treated specially under, these laws because it is regulated by HIPAA or used in connection with regulated clinical research. To exercise any applicable rights, contact us using Section 13. We will not discriminate against you for exercising your rights.

11. Children’s Privacy

The Services are intended for use by adults (18+) and by authorized professional users. We do not knowingly collect personal information directly from children through the website. Where a study involves minors, information is provided through the research site and the minor’s parent or legally authorized representative, consistent with the applicable consent and authorization.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date above. Material changes to our SMS practices will be reflected here and, where appropriate, communicated to you.

13. Contact Us

Questions about this Privacy Policy or our data practices:

Lynd Clinical, Inc.
817 Broadway, 7th Floor
New York, NY 10003
Email: privacy@lyndclinical.com