Skip to content

Peptilogics · Sponsor

RETAIN · NCT07214311 · Phase 2/3 pivotal trial

Now enrolling

Privacy notice

What we collect, how we use it, and your rights.

This notice explains what information the RETAIN landing page collects, why, with whom we share it, and the choices and rights available to you. It applies to retain.peptilogics.com and any equivalent canonical domain serving this trial.

Who we are

Peptilogics, Inc. ("Peptilogics", "we") is the sponsor of the RETAIN trial ( NCT07214311 ) and the controller of personal information collected through this landing page.

Information we collect

When you submit the intake form, we collect the contact details you provide: name, professional email address, optional phone number, organization, role, and message text. We also capture limited technical signals to operate the service safely:

  • Tracking attribution. UTM and click-ID parameters from the URL, the referring site, your viewport size, and your time zone. The full list is in our cookie and storage inventory; nothing in it identifies you outside the form submission.

  • Anti-abuse signals. A truncated IP address, the value of the Cloudflare Turnstile CAPTCHA token (if rendered), and a few hidden form fields used to detect automated submissions.

  • Geographic classification. If we are operating in "US-only" mode, we use the IP-derived country to decide whether to render the form or the email-contact panel. We do not log your IP at full resolution; see retention below.

We do not ask for, accept, or process protected health information (PHI) through this landing page. Please do not include patient identifiers in your message.

How we use the information

  • To respond to your inquiry and route it to the appropriate clinical team.
  • To prevent abuse of the form (rate limiting, spam classification).
  • To improve the page (aggregate, non-identifying analytics about traffic sources).
  • To meet our legal and regulatory obligations as the trial sponsor.

Who we share it with

We share submission data with the Peptilogics-operated CLEO inquiry service, which is the sole back-end recipient of public inquiries from this page. We use the following sub-processors for narrowly scoped service functions:

  • Cloudflare — TLS termination at the edge and Turnstile bot-detection.

  • MaxMind — IP-based geographic classification (country only) when operating in US-only mode.

  • GeoNames — postal-code centroids for the site-locator feature; we use a bundled offline subset, so no information about your request reaches GeoNames. The dataset is provided by GeoNames under the Creative Commons Attribution 4.0 (CC BY 4.0) license; see geonames.org for the source.

We do not sell or share personal information for cross-context behavioral advertising and do not use third-party advertising or analytics SDKs. We honor the Global Privacy Control signal where US-state regimes recognize it.

How long we keep it

Submission data is retained per the trial-sponsor retention policy: approximately 24 months for accepted submissions, with a shorter window (around 30 days) for entries we classify as spam or suppress. Truncated IP addresses are kept only as long as needed to investigate abuse; full IP addresses are not stored.

Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, or port your information, or to withdraw consent. To exercise these rights, see the data subject access request (DSAR) page. We respond to verified requests within the timeframe required by applicable law.

  • United States (state regimes). Residents of states with consumer privacy laws (e.g., California's CPRA, Virginia's VCDPA, and others as enacted) may make requests via the DSAR page. We honor the Global Privacy Control as an opt-out signal where a state law recognizes it.

  • United Kingdom. Under UK GDPR you may complain to the Information Commissioner's Office ( ico.org.uk).

  • Australia. Under the Privacy Act 1988 you may complain to the Office of the Australian Information Commissioner ( oaic.gov.au).

Supervisory authorities

If you cannot resolve a concern through our DSAR pathway, you may contact the supervisory authority where you live.

  • United States. Contact your state Attorney General's office where state-level privacy law applies. For California-CPRA matters, the formal supervisory authority is the California Privacy Protection Agency ( cppa.ca.gov).

  • United Kingdom. Information Commissioner's Office ( ico.org.uk).

  • Australia. Office of the Australian Information Commissioner ( oaic.gov.au).

Security

Submissions are transmitted over TLS. The Peptilogics-side processing applies role-based access controls; secrets used to authenticate the page to CLEO are mounted server-side only and never exposed to the browser.

Changes

Material changes will be posted on this page with a new "last updated" date and, where required, surfaced through the consent banner.

Cookie and tracking preferences

We use a small set of cookies and tab-session storage to operate the page and, with your consent, to measure how visitors find us. We do not use third-party advertising or analytics SDKs. See our cookie policy for the full inventory.

Manage your preferences