Book a demo
Book a demo
Book a demo

Privacy policy

Privacy policy

Last updated: May 8, 2026

  1. Introduction

Phases Innovations Inc. ("Phases," "we," "us," or "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, protect, and disclose your personal data through our website at https://phases.ai and related services ("Services").


By accessing or using our Services, you agree to the practices described in this Privacy Policy and all applicable data protection laws, including the California Consumer Privacy Act (CCPA/CPRA), the EU General Data Protection Regulation (EU GDPR), and the UK General Data Protection Regulation (UK GDPR).

  1. Notice at collection

At or before the point of collection, we inform you of:

  • The categories of personal information we collect

  • The purposes for which each category is used

  • Whether that information is sold or shared (we do not sell or share)

  • The retention period for each category

  1. Information we collect

3.1. Information you provide

  • Contact information: Name, email address, phone number

  • Health-related information: Medical history, conditions, treatment history, and other information you voluntarily provide for clinical trial matching (this is considered sensitive personal information under CCPA/CPRA)

  • Account information: Login credentials, communication preferences

  • Inquiry data: Messages, questions, or feedback you submit through our Services

3.2. Information collected automatically

  • Device and usage data: Browser type, operating system, IP address, pages visited, referring URLs

  • Cookies and similar technologies: See Section 7

3.3. Information collected via email agent (if authorized)

See the Email Agent Data Usage Addendum for full details on Gmail data access.

  1. How we use your information

We process personal data for the following purposes and lawful bases:

  • Consent – to contact you or add you to our trial matching program;

  • Contract – to fulfill requests or respond to inquiries;

  • Legal obligation – to comply with applicable laws;

  • Legitimate interest – to improve Services, perform analytics, and ensure security.

Uses include:

  • Matching individuals with clinical trial opportunities;

  • Communications regarding study opportunities;

  • Platform improvement and analytics;

  • Compliance with applicable laws.

  1. Sensitive personal information

We collect sensitive personal information, including health data, for the purpose of clinical trial matching. Under CCPA/CPRA, you have the right to limit the use and disclosure of your sensitive personal information to purposes necessary to provide the Services.


To limit use of your sensitive data, contact us at founders@phases.ai.

  1. Sharing and disclosure

We do not sell your personal data. We do not share your personal data for cross-context behavioral advertising.


We may disclose data to:


  • Service providers who process data on our behalf under written agreements that restrict use to the purposes outlined in this Policy. A current list of subprocessors is available upon request at founders@phases.ai.

  • Legal authorities if required by law, regulation, or legal process

  • Parties to a business transfer such as a merger, acquisition, or asset sale, in which case you will be notified of any change in data practices

  1. Cookies and tracking

For the purposes of this Section, "cookies" includes similar technologies such as localStorage, sessionStorage, and pixel tags.

7.1. Marketing website (phases.ai)

Our website does not use cookies for analytics, advertising, or tracking. The site is hosted on Framer, which uses local storage for strictly necessary framework state (page rendering and layout) that is exempt from consent under the ePrivacy Directive Article 5(3).

7.2. Authenticated platform (www.platform.phases.ai)

Once you sign into the Platform, we set:

  • Strictly necessary cookies — for authentication, tenant routing, security (CSRF protection), and a small UI preference cookie that remembers whether the navigation sidebar is open. These are exempt from consent.

  • Analytics cookies (PostHog) — to understand product usage so we can improve the Platform. PostHog is listed as a sub-processor and its use is governed by the Data Processing Agreement signed by your organisation. Platform users who wish to opt out of analytics may email founders@phases.ai.


We do not use cookies or pixels for advertising, retargeting, audience segmentation, or cross-site tracking on either property.

7.3. Managing cookies

You may disable cookies through your browser settings. Disabling strictly necessary cookies on the Platform will prevent you from staying signed in.

  1. Data retention

We retain data only as long as needed to fulfill our services or comply with legal obligations. For health-related data, we generally retain it for no more than 24 months after last user interaction unless a longer period is required by law.


You may request correction or deletion of your data at any time. We will acknowledge your request within 5 business days and complete deletion within 30 calendar days.

  1. Data accuracy

We take reasonable steps to ensure the personal data we hold is accurate and up to date. You may request correction of inaccurate data at any time by contacting founders@phases.ai.

10. Data security

We implement technical and organizational measures to protect your data, including:


  • Encryption in transit (TLS 1.2+) and at rest (AES-256)

  • Role-based access controls

  • Regular security audits

  • Secure server infrastructure

No system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify affected individuals and relevant authorities in accordance with applicable law, including within 72 hours where required by UK GDPR.

11. Your privacy rights

11.1. United States residents

Depending on your state of residence (California, Virginia, Colorado, Connecticut, and others), you may have the right to:


  • Know what personal data we collect and why

  • Access your personal data

  • Delete your personal data

  • Correct inaccurate data

  • Opt out of data sale or sharing (we do not sell or share)

  • Limit use of sensitive personal information

  • Non-discrimination for exercising your rights


11.2. California residents (CCPA/CPRA)

In addition to the rights above, California residents may:


  • Receive a Notice at Collection

  • Request information about data collected and shared in the prior 12 months

  • Submit requests through an authorized agent with proper documentation

11.3. United Kingdom residents (UK GDPR)

If you are a UK or EU/EEA resident, you have the right to:

  • Access your personal data

  • Rectification of inaccurate data

  • Erasure of your data ("right to be forgotten")

  • Restrict processing in certain circumstances

  • Data portability — receive your data in a structured, machine-readable format

  • Object to processing based on legitimate interest

  • Withdraw consent at any time without affecting the lawfulness of prior processing

  • Lodge a complaint with a supervisory authority. UK residents may contact the Information Commissioner's Office (ICO) at https://ico.org.uk. EU/EEA residents may contact their national Data Protection Authority — a list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

11.4. How to exercise your rights

Contact us at founders@phases.ai. We may need to verify your identity before processing your request. Authorized agents may submit requests on your behalf with proper written documentation.

12. Children's privacy

Our Services are not intended for individuals under 16. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at founders@phases.ai.

13. International data transfers

Our Services are primarily intended for users in the United States and United Kingdom. Personal data is stored and processed in these countries.


If you access our Services from outside these regions, your data will be transferred to and processed in the U.S. or U.K. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) where required.

14. Updates to this policy

We may revise this Policy from time to time. Updates will be posted on this page with a new effective date. If changes materially affect how we use your data, we will notify you via email or a prominent notice on our website at least 30 days before the changes take effect.

15. Contact us

If you have any questions about our Privacy Policy or any other privacy related issue, please contact us at founders@phases.ai or via mail.


We will acknowledge your request within 5 business days and complete any data deletion within 30 calendar days.

16. Email agent data usage addendum

Effective Date: January 30, 2026

This addendum describes how our Email Agent service accesses and uses email data when you authorize it through OAuth.

16.1. Gmail data we access

When you authorize our Email Agent, we access:

  • Email messages: Subject lines, body content, sender/recipient information, attachments

  • Email metadata: Timestamps, labels, thread information, read/unread status

  • Contact information: Email addresses from your contacts and message history

16.2. How we use gmail data

We use your Gmail data exclusively to:

  • Analyze email content to provide AI-powered assistance

  • Generate email responses and suggestions

  • Organize and categorize your messages

  • Perform actions you explicitly request (sending emails, marking as read, etc.)

Your Gmail data is never used to train AI models, serve advertising, or for any purpose other than providing the Email Agent service.

16.3. Data retention

We retain data only as long as needed to fulfill our services or comply with legal obligations. For health-related data, we generally retain it for no more than 24 months after last user interaction unless a longer period is required by law.

You may request correction or deletion of your data at any time. We will acknowledge your request within 5 business days and complete deletion within 30 calendar days.

16.4. Data security

Your Gmail data is:

  • Encrypted in transit (TLS 1.2+) and at rest (AES-256)

  • Stored on secure servers with role-based access controls

  • Never shared with third parties except as required by law

  • Not used to train AI models or for advertising

16.5. Revoking access

You can revoke our access to your Gmail at any time:

  1. Visit https://myaccount.google.com/permissions

  2. Find the Phases Email Agent application

  3. Click "Remove Access"

Once revoked, we will delete your email data within 30 days.

16.6. Questions

For questions about Gmail data usage, contact us at founders@phases.ai.