CHARSTAN
Trust CenterStandards

Privacy Policy

Last updated: April 2026

How CHARSTAN protects and handles your data

Data We Collect

We collect information you provide directly, such as your name, email address, organization details, and role when you create an account or interact with our platform.

  • Account registration information (name, email, organization)
  • QMS workflow data you create (documents, CAPAs, audits, deviations)
  • Usage analytics (pages visited, features used, session duration)
  • Technical data (browser type, IP address, device information)

How We Use Your Data

Your data is used solely to provide, maintain, and improve CHARSTAN Intelligence Platform services.

  • Delivering QMS platform functionality and AI-powered insights
  • Maintaining audit trails and regulatory compliance records
  • Improving platform performance and user experience
  • Sending critical system notifications and compliance alerts
  • Generating anonymized, aggregated analytics for service improvement

Data Storage & Retention

All data is stored in encrypted, SOC 2-compliant cloud infrastructure with geographic controls.

  • Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Database backups with point-in-time recovery
  • Data retained as required by applicable regulatory frameworks (e.g., GxP, FDA 21 CFR Part 11)
  • Account data deleted upon verified request, subject to legal retention requirements

Data Protection Measures

We implement enterprise-grade security controls to protect your information.

  • Role-based access control (RBAC) with principle of least privilege
  • Session management with secure, HTTP-only cookies
  • Regular security assessments and penetration testing
  • Incident response procedures aligned with ISO 27001
  • Employee security training and background checks

Data Sharing & Third Parties

We do not sell your data. We share data only as described below.

  • AI service providers (OpenAI, Anthropic) — for platform intelligence features only, under strict data processing agreements
  • Email delivery (SendGrid) — for transactional notifications only
  • Cloud infrastructure providers — for hosting and data storage
  • Legal or regulatory authorities — when required by law

Your Rights

You have the following rights regarding your personal data:

  • Right to access — request a copy of your personal data
  • Right to rectification — correct inaccurate information
  • Right to erasure — request deletion of your data (subject to legal retention)
  • Right to data portability — receive your data in a structured format
  • Right to object — opt out of specific data processing activities
  • Right to withdraw consent — at any time, without affecting prior processing

Contact Us

For privacy-related inquiries, data access requests, or to exercise your rights:

privacy@charstan.com

Install CHARSTAN

Add to your home screen for quick access across all your devices.

Made with Emergent