Privacy Policy

oriGENapi, Inc. ("oriGENapi," "we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our platform, website, and related services (collectively, the "Services"). As a pharmaceutical supply chain platform, we adhere to the highest standards of data protection, including compliance with HIPAA, GDPR, and applicable state and federal regulations.

1. Information We Collect

We collect information you provide directly when you create an account, place orders, or interact with our platform. This includes business contact information (name, title, email, phone number), company details (legal name, DEA license numbers, state pharmacy licenses), billing and payment information, and procurement records. We also collect information automatically through cookies, server logs, and analytics tools, including IP addresses, browser type, device identifiers, pages visited, and usage patterns within the platform.

When you use our compliance verification features, we may process regulatory documentation such as Certificates of Analysis (COAs), Drug Master Files (DMFs), and facility audit reports. If our Services involve any Protected Health Information (PHI) as defined under HIPAA, we process such data strictly in accordance with applicable Business Associate Agreements and HIPAA regulations.

2. How We Use Your Information

We use the information we collect to operate and improve the oriGENapi platform, process orders and manage supplier relationships, verify regulatory compliance documentation, provide customer support and onboarding assistance, communicate product updates, industry news, and service changes, enforce our Terms of Service and protect against fraud, and comply with legal obligations including pharmaceutical regulatory requirements.

We may also use aggregated, de-identified data for analytics purposes such as market trend analysis, platform performance benchmarking, and supply chain optimization research. Such aggregated data cannot be used to identify any individual or organization.

3. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances: with verified suppliers on the platform as necessary to fulfill your orders and procurement requests; with service providers who assist us in operating the platform (hosting, payment processing, analytics) under strict contractual data protection obligations; when required by law, regulation, or legal process, including FDA, DEA, or state pharmacy board inquiries; to enforce our agreements or protect the rights, safety, and property of oriGENapi, our users, or the public; and in connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.

4. Data Security

We implement industry-leading security measures to protect your data. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Our infrastructure is SOC 2 Type II certified and undergoes annual third-party penetration testing and vulnerability assessments. We maintain comprehensive access controls with role-based permissions, multi-factor authentication, and audit logging for all platform actions.

Our data centers are located in the United States and are HIPAA-compliant, with physical security measures including biometric access controls, 24/7 monitoring, and redundant systems for business continuity. We maintain a documented incident response plan and will notify affected users within 72 hours of discovering any data breach, in compliance with applicable breach notification laws.

5. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, including the right to access, correct, or delete your data; the right to restrict or object to certain processing activities; the right to data portability; and the right to withdraw consent where processing is based on consent. For users subject to GDPR, we serve as a data controller and will honor all applicable data subject rights. California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected and the right to opt out of the sale or sharing of personal data.

To exercise any of these rights, please contact our Data Protection Officer at privacy@origenapi.com. We will respond to verified requests within 30 days.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, analyze platform usage, and improve our Services. Essential cookies are required for the platform to function and cannot be disabled. Analytics cookies help us understand usage patterns and optimize the user experience. You may manage your cookie preferences through your browser settings or our cookie preference center. We do not use cookies for third-party advertising.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our Services. Regulatory and compliance documentation, including COAs, order records, and audit trails, may be retained for a minimum of seven years in accordance with FDA and DEA recordkeeping requirements. After the applicable retention period, data is securely deleted or anonymized.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email notification at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy, our data practices, or your rights, please contact us: