Privacy Policy

Effective Date: February 22, 2024

Aretetic Solutions, LLC ("Aretetic", "we", "us", or "our") is committed to protecting the privacy and security of our clients, partners, and users. This Privacy Policy outlines how we collect, use, protect, and disclose personal and organizational information through our services, including the DigitalCabinet platform.

1. Scope

This policy applies to all data processed through our software platforms, subscription services, consulting work, and technical support infrastructure. It covers all users, including registry organizers, clinicians, researchers, and participants where applicable.

2. Data Collected

We collect and process the following types of data:

• Contact Information (e.g., name, email, organization, phone)

• Account and Subscription Details

• System Logs and Usage Metrics

• Survey Responses and Uploaded Files (where applicable)

• Payment and Billing Information (processed via Stripe)

3. Data Usage

We use collected data to:

• Provide and maintain DigitalCabinet services

• Fulfill contractual obligations

• Monitor usage and improve performance

• Deliver support and respond to inquiries

• Ensure compliance with legal and regulatory frameworks

4. Data Ownership

Clients retain ownership of their data. Aretetic acts solely as a data manager and secure custodian. We will not sell, broker, or use your data outside the scope of your contract.

5. Data Security

Aretetic maintains technical, physical, and administrative safeguards, including:

• Encryption at rest and in transit

• Role-based access controls

• Routine audits and threat monitoring

6. Compliance

We comply with the following regulatory standards:

• HIPAA: All systems are designed to safeguard protected health information (PHI).

• GDPR: Data subjects maintain control of their data. Controllers determine use; we act as a processor.

• CCPA: We adhere to California's consumer data protection requirements.

7. Data Retention

Data is retained only as long as necessary to fulfill service requirements or legal obligations. Upon termination of services or withdrawal of consent, data is deleted or returned to the client per contract terms.

8. Third-Party Services

We work with secure, vetted service providers (e.g., Stripe for payments, AWS for infrastructure). These vendors do not use client data for any purpose beyond the contracted service.

9. Participant Privacy

When clients operate patient registries through DigitalCabinet, they are the Data Controllers and define how participant data is used. Aretetic does not access or control PHI/PII beyond system processing. Participants retain access to their data even if consent is withdrawn; access by controllers is revoked upon withdrawal.

10. Your Rights

You may request access to, correction of, or deletion of your data by contacting us. For registry participants, such requests must go through the appropriate Data Controller.

11. Updates to this Policy

This policy may be updated periodically. Material changes will be posted on this page with an updated effective date.

12. Contact

For questions or concerns, contact us at:

Aretetic Solutions, LLC
12606 Wildcat Canyon Rd. Lakeside, CA 92040
📧 Info@DigitalCabinet.org
📞 +1 (858) 215-1822