Privacy Policy

Last Updated: August 28, 2023

This Privacy Policy describes how SteepRock, Inc. (“SteepRock,” “we,” “our,” or “us”) collects, uses, and shares information about you while informing you about your rights and choices regarding this use and sharing. This Privacy Policy applies to your use of any of our public websites that post a link to this Privacy Policy and all features, content, and other services that we own, control, and make available through our public-facing websites (collectively, the “Website”). This Privacy Policy does not apply to our information collection activities outside of the Website (unless otherwise stated below or at the time of collection). We will not knowingly share any Information we collect with others in ways different from what is disclosed in this Privacy Policy.

By using our Website, you agree to our Terms of Use and accept our collection, use and disclosure practices as well as other activities as described in this Privacy Policy. If you do not agree and consent, please discontinue your use of the Website.

Information Collection

The following explains what we do with the Information we collect from you, and the choices you have concerning the collection and use of such Information.

Information You Provide

We collect information you provide directly via the Website, such as when you access our content, participate in a survey, fill out a form, or communicate with us.  We may use Service Providers (defined below) to help us collect this information.

The information we collect includes information that identifies you personally (whether alone or in combination). Some examples of information we collect include the following:

  • Contact Data. We collect your first and last name, organization or company, title or position, e-mail address, postal address, phone number, and other similar contact data.

  • Credentials. We may collect passwords, password hints, and other information for authentication and account access.

  • Surveys. SteepRock may, from time to time, conduct various surveys on its website, either for its own benefit or on behalf of a third party. Participation in these surveys is completely voluntary and you therefore have a choice whether or not to disclose such information. Information requested may include information that identifies you personally. SteepRock reserves the right to freely license, sell, rent, or provide the information collected via a survey to a third party, either directly or through an affiliate or a third party. SteepRock may also use the information for purposes of monitoring or improving the use of this website.  You should also be aware that if you voluntarily disclose information in a survey, such information can/may be used by others and may result in unsolicited postal mailings or messages from various third parties.

You may choose to voluntarily submit other information to us through the Website that we do not request, and, in such instances, you are solely responsible for such information.

Information Collected Automatically

We automatically collect information about your device and how your device interacts with our website. We may use Service Providers to collect this information. Some examples of information we collect include the following:

  • Website Use Data. We collect data about the features you use, the pages you visit, the e-mails and advertisements you view, the time of day you browse, your referring and exiting pages, and other similar information. We may use Third Party services (such as Google Analytics which serves as a Data Processor) to help us understand more about visitors to our site.

  • Device Connectivity and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings, and other similar information sent to us by your device. This data also includes IP address, MAC address, device advertising Id (e.g., IDFA or AAID), and other device identifiers.

We do not link Website Use Data or Device Connectivity and Configuration Data to any other personal data that you enter into our website, so to the extent that we have such data, we do not associate it with other information you enter.

For further information on Tracking Technologies and your rights and choices regarding them, see the sections entitled “Third Parties” and “Your Rights and Choices” below.

Information on Behalf of Our Clients

We provide products and services for our clients and collect and process information about individuals at the direction of our clients (“Client Data”). Client Data may include contact data, demographic data, content, service use data, device connectivity and configuration data, and location data, among other information. Our processing of Client Data is governed by the terms of our service agreements with our clients, and this Privacy Policy.

For further information on your rights and choices regarding Client Data, see the section entitled “Your Rights and Choices” below.

Information from Other Sources

We also may obtain information about you from other third-party sources. These third-party sources may include, for example:

  • Service providers from whom we purchase data (such as the American Medical Association)

  • Publicly-available sources such as open government databases or other data in the public domain

For further information on Third Party Services, see the section entitled “Third Parties” below

Use of Information

We may use information about you to:

  • Manage our website, potentially including your registration and account.

  • Perform services under agreements with our clients.

  • Perform services requested by you, such as to respond to your comments, questions, and requests, and provide customer service.

  • Process surveys you complete through the Website.

  • Send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.

  • Prevent and address fraud, breach of policies or terms, and threats or harm.

  • Monitor and analyze trends, usage, and activities.

  • Conduct research, including surveys.

  • Improve the Website or other SteepRock websites, apps, marketing efforts, products and services.

  • Develop and send you direct marketing, including advertisements and communications about our products, offers, promotions, rewards, events, and services.

We also use information about you with your consent to the extent required by law, including to:

  • Serve advertising tailored to your interests on our Website and Services.

  • Fulfill any other purpose disclosed to you and with your consent.

Some of our lawful bases for processing your information stem from our clients on whose behalf we provide services.

Sharing of Information

We share information about you as follows:

  • Service Providers. We may share your information with our agents, vendors, and other service providers (collectively “Service Providers”) in connection with their work on our behalf. Service Providers assist us with services such as payment processing, data analytics, marketing and promotional services, Surveys, website hosting, and technical support. Service Providers are prohibited from using your information for any purpose other than to provide this assistance, although we may permit them to use aggregate information which does not identify you or de-identified data for other purposes.

  • Clients. We share your information with our clients in connection with us processing your information on their behalf.

  • Surveys. Our Surveys may be for our own benefit, jointly sponsored, or offered at the behest of third parties. If you voluntarily choose to complete a Survey, we may share your information with third parties a set forth in the parameters that govern the Survey as well as for administrative purposes and as required by law.

  • Merger or Acquisition. We may share your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

  • Security and Compelled Disclosure. We may share your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also share your information to protect the rights, property, life, health, security and safety of us, the Website or any third party.

  • Consent. We may share your information for any other purpose disclosed to you and with your consent.

Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled “Your Rights and Choices” below.

Third Party Services

Our website may also contain content from and hyperlinks to websites, locations, platforms, social media features such as Twitter and YouTube feeds, interactive mini-programs such as those provided by Google Maps and services operated and owned by third parties (“Third Party Services”). As stated in our Terms of Use, we are not responsible or liable whatsoever, financially or otherwise, for the privacy practices of any other party whether or not their link and/or content appears on the Website. This Privacy Policy applies solely to information collected by us on this Website. We may also be required to disclose Information when required by law or in the good-faith belief that such action is necessary in order to conform to the edicts of the law or comply with a legal process served on our website. Third Party Services may use Tracking Technologies to independently collect information about you and may solicit information from you. The information collected and stored by third parties, whether through our Website, a Third-Party Service, a Third-Party Feature (defined below), or a third party device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage all Visitors and Visitor Participants to carefully read the privacy statements of each and every website that is connected to this Website if it collects any information from you.

Your Rights and Choices

You have the following rights and choices related to the review and update of account information. You may access, update, or remove certain information that you have voluntarily submitted to us through the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below.

We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. California residents and data subjects in Europe have additional rights as set forth in the sections entitled “Your California Privacy Rights” and “Privacy Rights of Residents of the European Union, United Kingdom, and Switzerland” below.

Tracking Technology Choices

  • Cookies. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.

  • Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms.  For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

Please be aware that if you disable or remove Tracking Technologies some parts of the Website may not function correctly.

Analytics

You can opt-out of your data being used by Google Analytics through cookies by visiting https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.

Emails

You can opt-out of receiving promotional e-mails from us at any time by following the instructions as provided in e-mails to click on the unsubscribe link or e-mailing us at the e-mail address set forth in the section entitled “Contact Us” below with the word UNSUBSCRIBE in the subject field of the e-mail. Please note that you cannot opt-out of non-promotional e-mails, such as those about your account, transactions, servicing, or SteepRock’s ongoing business relations, without terminating your use of our services.

Please note that your opt-out is limited to the e-mail address, device, and phone number used and will not affect subsequent subscriptions.

Any California residents under the age of eighteen (18) who have registered to use the Website and posted content or information on the Website, can request that such information be removed from the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.

Your California Privacy Rights

To the extent our clients are subject to the California Consumer Privacy Act, we act as a data processor and process personal data collected for such clients, and any related communications from data subjects, pursuant to our clients' instructions. California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.

Any California residents under the age of eighteen (18) who have registered to use the Website and posted content or information on the Website, can request that such information be removed from the Website by sending an e-mail to the e-mail address set forth in the section entitled “Contact Us” below. Requests must state that the user personally posted such content or information and detail where the content or information is posted. We will make reasonable good faith efforts to remove the post from prospective public view.

Privacy Rights of Residents of the European Union, United Kingdom, and Switzerland

We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (together the “DPF”) as set forth by the U.S. Department of Commerce. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov. The official list of Data Privacy Framework participants can be found at https://www.dataprivacyframework.gov/s/participant-search.  

We have certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. We have also certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. 

EU, UK, and Swiss data protection law makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). With regard to your personal data, we are a data controller of information that we collect when you enter your information into the “Contact Us” section of the Website and with respect to any Website Use Data or Device Connectivity and Configuration Data considered to be personal data under the law. Otherwise, we generally serve as a data processor with respect to the personal data we collect through the Website and otherwise on behalf of our clients. For example, SteepRock provides public-facing websites for our clients through which you may enter personal data in order to participate in surveys, grants or projects conducted by our clients.

Accessing your personal data  If you are a data subject in the European Union, United Kingdom, or Switzerland, you have the right to access, rectify, or erase any personal data we have collected about you through the Website. You also have the right to data portability and the right to object to our processing of personal data. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights with respect to personal data collected by us as a data controller, contact us as set forth in the section entitled “Contact Us” below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

SteepRock acknowledges that you have rights in connection with Client Data. If your information has been processed by SteepRock on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to SteepRock, please provide the name of the SteepRock client on whose behalf we processed your information. We will refer your request to that client and will work with them to ensure that your request is processed as required by applicable law Additional information is available on the  privacy policy page on the applicable client's website for information about their specific privacy practices. In order to avoid any delays in processing a request, any questions that you may have related to personal data processed by such clients and your rights under data protection law should be directed to the client (the data controller) rather than to SteepRock.

The Federal Trade Commission has jurisdiction over SteepRock’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, SteepRock commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Binding Arbitration: Under certain circumstances you may exercise your option to enter into binding arbitration to determine if we have violated our obligations under this DPF Principles and whether such violation has been fully or partially remediated.  Eligibility for arbitration and the arbitration procedures are described in the Data Privacy Framework Annex I: Arbitral Model available at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

Liability:  SteepRock, when transferring data to third parties as a data controller, remains liable under the DPF Principles if such data is processed in a manner inconsistent with the DPF Principles. 

Children

Protecting the privacy of minors is especially important to us. For that reason, no part of our website is structured to attract and we never knowingly collect or maintain information at our website from any Visitor that we have actual knowledge is a minor under thirteen (13) years of age. We do not knowingly collect personal information as defined by the U.S. Children’s Privacy Protection Act (“COPPA”) in a manner that is not permitted by COPPA. If you are a parent or guardian and believe SteepRock has collected such information in a manner not permitted by COPPA, please contact us as set forth in the section entitled “Contact Us” below, and we will remove such data to the extent required by COPPA.

Data Security

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect your information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information.

International Transfer

We are based in the U.S. and the information we collect is governed by U.S. law.  If you are accessing the Website from outside of the U.S., please be aware that information collected through the Website may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. To the extent permitted by law, your use of the Website or provision of any information to us constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy. If your data is collected in Europe, we will transfer your personal data subject to appropriate or suitable safeguards.

Changes to this Privacy Policy

If changes to this Privacy Policy become necessary, they will be posted on this page and on our website so all Visitors and Visitor Participants will be aware of them. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our website indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your e-mail address.

Contact Us

If you have any questions, complaints, or a dispute on the handling of your personal information or about SteepRock’s Privacy Policy or this website Privacy Policy or the practices described herein, you may contact our Privacy Officer by phone at: +1-718-576-1406 (ask for the Privacy Officer) or via the Internet at: http://www.steeprockinc.com, or by registered or certified mail to:

By Email:

Privacy@SteepRockInc.com

By Mail:

SteepRock, Inc.
c/o Adria Stapleton, Privacy Officer
67 Lower Church Hill Rd
Washington, CT 06794Your use of this Website is subject to SteepRock’s Terms of Use.

Phone

Want to speak with us directly?

Enter your phone number and we will give you a call

We can help you achieve your goals

For more than 20 years, SteepRock has served as a recognized thought leader and best in class strategic partner across the pharmaceutical, biotech, medical device, animal health, and nutrition industry segments. Your success is our success. We deliver technology, information and analytics to help support the most critical business decisions shaping the healthcare landscape and support the entirety of your business with AI making you and your team more efficient and responsive.

Products

OLA™ (Opinion Leader Analytics™)

AI Analytics

OLMS™ (Opinion Leader Management System™)

SteepRock ECHO (Engagement Capture for Holistic Observation™)

AI Speaker Qualifier

Identification & Profiling

ISTS (Investigator Sponsored Trial Solution)

GGS (Grants, Giving & Sponsorships Solution)

HEP (HCP Engagement Platform)

Use Cases

Marketing / Commercial Operations / Market Access

Sales / Key Account Management

Medical Affairs / MSL / Pipeline

Research & Development

Business Development / Corporate Affairs

Copyright © 2025 SteepRock Inc. SteepRock is a registered trademark of SteepRock, Inc. All rights reserved.

Privacy Policy.

Terms of Use.

Responsible Disclosure.

Phone

Want to speak with us directly?

Enter your phone number and we will give you a call

We can help you achieve your goals

For more than 20 years, SteepRock has served as a recognized thought leader and best in class strategic partner across the pharmaceutical, biotech, medical device, animal health, and nutrition industry segments. Your success is our success. We deliver technology, information and analytics to help support the most critical business decisions shaping the healthcare landscape and support the entirety of your business with AI making you and your team more efficient and responsive.

Products

OLA™ (Opinion Leader Analytics™)

AI Analytics

OLMS™ (Opinion Leader Management System™)

SteepRock ECHO (Engagement Capture for Holistic Observation™)

AI Speaker Qualifier

Identification & Profiling

ISTS (Investigator Sponsored Trial Solution)

GGS (Grants, Giving & Sponsorships Solution)

HEP (HCP Engagement Platform)

Use Cases

Marketing / Commercial Operations / Market Access

Sales / Key Account Management

Medical Affairs / MSL / Pipeline

Research & Development

Business Development / Corporate Affairs

Copyright © 2025 SteepRock Inc. SteepRock is a registered trademark of SteepRock, Inc. All rights reserved.

Privacy Policy.

Terms of Use.

Responsible Disclosure.

Phone

Want to speak with us directly?

Enter your phone number and we will give you a call

We can help you achieve your goals

For more than 20 years, SteepRock has served as a recognized thought leader and best in class strategic partner across the pharmaceutical, biotech, medical device, animal health, and nutrition industry segments. Your success is our success. We deliver technology, information and analytics to help support the most critical business decisions shaping the healthcare landscape and support the entirety of your business with AI making you and your team more efficient and responsive.

Products

OLA™ (Opinion Leader Analytics™)

AI Analytics

OLMS™ (Opinion Leader Management System™)

SteepRock ECHO (Engagement Capture for Holistic Observation™)

AI Speaker Qualifier

Identification & Profiling

ISTS (Investigator Sponsored Trial Solution)

GGS (Grants, Giving & Sponsorships Solution)

HEP (HCP Engagement Platform)

Use Cases

Marketing / Commercial Operations / Market Access

Sales / Key Account Management

Medical Affairs / MSL / Pipeline

Research & Development

Business Development / Corporate Affairs

Copyright © 2025 SteepRock Inc. SteepRock is a registered trademark of SteepRock, Inc. All rights reserved.

Privacy Policy.

Terms of Use.

Responsible Disclosure.