Privacy Policy

MedTech Research Group, LLC (“Company”) collects information necessary to verify purchaser eligibility and process orders. We collect:

• Account information: Name, email address, institutional affiliation, professional credentials, and role/title
• Verification documents: Institutional ID, pharmacy license numbers, FDA registration numbers, IRB/IACUC documentation
• Transaction data:Order history, shipping addresses, payment method (processed by our PCI-compliant payment processor — we do not store full card numbers)
• Technical data: IP address, browser type, device information, and page interaction data collected via cookies and analytics tools

We use collected information exclusively for:

• Verifying purchaser eligibility per our regulatory compliance requirements
• Processing and fulfilling orders
• Communicating about orders, account status, and product availability
• Maintaining records required by federal and state regulatory agencies
• Improving our website, services, and research aggregation tools
• Complying with legal obligations, including FDA record-keeping requirements

We implement industry-standard security measures to protect your information, including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Cloud infrastructure hosted on Microsoft Azure (SOC 2 Type II certified platform)
• Regular security audits and vulnerability assessments
• Role-based access controls limiting data access to authorized personnel
• PCI DSS compliant payment processing through our third-party processor

While we employ commercially reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your information.

We may share limited information with the following categories of third parties:

• Payment processors: To process transactions securely
• Shipping carriers: Name, address, and phone number for delivery
• Regulatory agencies: As required by law or in response to valid legal process (subpoenas, court orders, FDA inquiries)
• Analytics providers: Anonymized usage data to improve our website

We require all third-party service providers to maintain confidentiality and handle your information in accordance with applicable privacy laws.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information (subject to legal retention requirements)
• Opt out of non-essential communications
• Request a copy of your data in a portable format

To exercise any of these rights, contact our Privacy Officer at privacy@medtechrg.com. We will respond to all requests within 30 days.

This Privacy Policy is governed by the laws of the State of Georgia. We do not collect protected health information (PHI) as defined under HIPAA — our purchasers are licensed institutional entities, not individual patients. We comply with applicable federal and state privacy regulations.