SubstantiatePro← Back to site

Privacy Policy

Effective: June 5, 2026

This Privacy Policy explains how Friese Regulatory LLC, operating the SubstantiatePro service (the “Service”), collects, uses, shares, and protects information about users of the Service. By accessing or using the Service, you agree to the practices described in this Policy. Please read it carefully.

1. Scope and Application

This Policy applies to information collected through the SubstantiatePro web application, its associated APIs, and any communications between users and our team in connection with the Service. It does not apply to third-party websites, services, or platforms that may be linked from or integrated with the Service; those have their own privacy practices.

This Policy applies to information about individual users of the Service. Information you upload about products, claims, ingredients, or studies is treated as Customer Content under our Terms of Service and is governed by that agreement.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

When you register an account, we collect your name, business email address, business name and contact information, role or title, and credentials necessary to authenticate you. If you sign in through a third-party identity provider, we receive information that provider shares with us per your authorization.

2.2 Billing Information

When you purchase a subscription, our payment processor (a third-party payment processing provider) collects payment card details and billing address on our behalf. We do not store full payment card numbers on our systems. We retain transaction records, invoice information, and the last four digits of your payment method for accounting and customer support purposes.

2.3 Customer Content

Through use of the Service, you upload or provide content including but not limited to product labels, ingredient lists, claims, clinical study PDFs, brand information, regulatory documentation, and marketing materials (“Customer Content”). Customer Content may contain confidential business information. We treat Customer Content as your confidential information and process it only to provide the Service to you, as described in Section 3 and our Terms of Service. Customer Content is governed by the license and confidentiality terms set forth in our Terms of Service.

2.4 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, dossiers generated, claims assessed, queries made, dates and times of access, and the device and browser used. This information is used to operate, improve, and secure the Service.

2.5 Technical Data

We collect technical information such as IP address, browser type, operating system, device identifiers, and similar telemetry. This information helps us deliver the Service, diagnose problems, and prevent abuse.

2.6 Communications

When you contact us by email, support form, or other communication channel, we retain the content of those communications and any associated metadata.

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Service, including generating regulatory analyses, substantiation dossiers, and related outputs you request.
  • To authenticate users, manage accounts, and provide customer support.
  • To process subscriptions, billing, refunds, and related transactions.
  • To communicate with you about the Service, including service announcements, security alerts, and responses to your inquiries.
  • To monitor and analyze usage patterns, diagnose technical problems, and improve the performance and reliability of the Service.
  • To detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service or applicable law.
  • To comply with legal obligations, respond to lawful requests by public authorities, and protect the rights, property, or safety of our users, our company, or others.
  • To send marketing communications about the Service, subject to your right to opt out.

We only collect and use personal information that is reasonably necessary for the purposes described above.

4. AI Model Training and Customer Content

We do not use Customer Content to train any AI models — either our own or those of our third-party AI providers. Customer Content is processed solely to deliver the outputs you request and is not retained by our AI providers beyond the duration necessary to complete the requested operation, in accordance with their respective data processing terms. We do not sell, license, or otherwise share Customer Content with third parties for the purpose of training, fine-tuning, or developing AI models.

Our third-party AI providers operate under terms that prohibit using customer-submitted content for model training. See Section 5 for a list of subprocessors.

5. How We Share Information

We share information only as described in this Policy. Specifically:

5.1 Service Providers and Subprocessors

We engage third-party service providers to perform functions on our behalf. These providers receive only the information necessary to perform their function and are contractually obligated to protect that information. Current subprocessors include:

  • Cloud hosting and infrastructure provider — application hosting and infrastructure
  • Database and authentication services provider — data storage and authentication
  • AI processing provider — large language model inference for regulatory analysis
  • Payment processing provider — subscription billing and payment processing
  • Transactional email delivery provider — transactional email delivery

We conduct due diligence on all subprocessors and maintain data processing agreements that require them to protect information at least as stringently as this Policy.

We will update this list as our subprocessors change. You may request the current list at any time by contacting us at privacy@substantiatepro.com.

5.2 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, information may be transferred as part of that transaction, subject to commercially reasonable obligations to maintain confidentiality and limit use of the information consistent with this Policy.

5.4 With Your Consent

We may share information with your consent or at your direction, including when you ask us to share information with a third party (such as a co-manufacturer, retailer, or consultant).

5.5 No Sale of Personal Information

We do not sell personal information, as that term is defined under applicable law including the California Consumer Privacy Act (CCPA).

6. Data Retention

We retain personal information for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account information: retained for the duration of your subscription and for ninety (90) days after account termination, after which it is deleted or anonymized.
  • Customer Content: retained for the duration of your subscription. Following account termination, Customer Content is retained for thirty (30) days to allow you to export data, after which it is permanently deleted from active systems (subject to any legal or backup retention obligations).
  • Billing records: retained for the period required by applicable tax, accounting, and financial regulations.
  • Backup copies: retained for the period necessary to maintain operational continuity, after which they are overwritten or deleted.

You may request earlier deletion at any time by contacting us, subject to our legal and contractual obligations.

7. Data Security

We maintain appropriate administrative, technical, and physical safeguards designed to protect the information we collect against unauthorized access, alteration, disclosure, or destruction, in accordance with industry standards. These measures include encryption of data in transit and at rest, access controls, regular security reviews, and vendor due diligence.

In the event of a security incident that compromises personal information or Customer Content, we will notify you as soon as commercially practicable and in compliance with applicable law, including any obligations under the California Consumer Privacy Act and California Privacy Rights Act (“CCPA/CPRA”), the FTC Health Breach Notification Rule, and any other applicable breach notification statutes. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights and Choices

Depending on your location, you may have certain rights with respect to information we hold about you, which may include the rights to:

  • Access the information we hold about you.
  • Correct inaccurate or incomplete information.
  • Request deletion of information, subject to our legal and contractual obligations.
  • Object to or restrict certain processing activities.
  • Receive a portable copy of information you provided to us.
  • Withdraw consent to processing where we rely on consent as our legal basis.
  • Opt out of marketing communications. Service-related communications cannot be opted out of while your account is active.

To exercise these rights, contact us at privacy@substantiatepro.com. We will respond within the timeframes required by applicable law. We may need to verify your identity before processing certain requests.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act (“CCPA/CPRA”), including the right to know what personal information we collect, to delete personal information, to correct inaccurate personal information, to opt out of the sale or sharing of personal information (which we do not engage in), to limit use of sensitive personal information, and to non-discrimination for exercising these rights.

For details on the categories of personal information we collect, the purposes for which we use it, and the categories of third parties with whom we share it, please see Sections 2 and 5 of this Policy. We do not sell or share personal information, and we do not use sensitive personal information for purposes that would trigger additional CCPA/CPRA rights to limit use.

To exercise these rights, contact us at privacy@substantiatepro.com. We will respond within the timeframes required by applicable law.

10. International Users and Data Transfers

SubstantiatePro is operated from the United States, and our infrastructure is primarily located in the United States. If you access the Service from outside the United States, your information may be transferred to, processed, and stored in the United States or other countries where our service providers operate. By using the Service, you consent to this transfer.

Where required by applicable law (including the GDPR, UK GDPR, or Swiss law), we implement appropriate safeguards for international data transfers, such as the EU Standard Contractual Clauses or equivalent mechanisms with our service providers.

11. European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), UK GDPR, or applicable Swiss law. The legal bases for our processing include performance of a contract (to provide the Service), legitimate interests (to improve and secure the Service), compliance with legal obligations, and your consent where applicable.

You have the right to lodge a complaint with your local data protection authority.

12. Cookies and Tracking Technologies

The Service uses cookies and similar technologies to maintain authenticated sessions, remember preferences, measure usage, and improve performance. You can manage cookie preferences through your browser settings, but some features of the Service may not function correctly if cookies are disabled.

13. Children’s Privacy

The Service is intended for use by businesses and individuals 18 years of age or older. We do not knowingly collect information from children under 13. If we learn that we have collected information from a child under 13, we will delete that information promptly. If you believe we have collected such information, please contact us at privacy@substantiatepro.com.

14. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or through a prominent notice in the Service before the changes take effect. We encourage you to review this Policy periodically.

15. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, contact us at:

Friese Regulatory LLC
Attn: Privacy
8 The Green, Ste B, Dover, DE 19901
privacy@substantiatepro.com