ElevateQC – Data Handling Summary

ElevateQC – Data Handling Summary

1. Purpose

This summary describes ElevateQC’s approach to data handling, privacy, and protection. It is intended to support internal and customer-facing reviews of our practices.

2. Nature of Data Processed

ElevateQC processes laboratory quality control (QC) data submitted by clinical laboratories to support internal quality assurance activities. This data consists of quality control processes and statistical values (e.g., mean, standard deviation, etc.) and metadata related to instruments and analytes. No individually identifiable patient data is collected or processed.

3. No Personal or Identifiable Data

ElevateQC does not access, store, or process any personal health information (PHI) or personally identifiable information (PII). All data submitted by customers must be anonymized and de-identified before use. The platform is not designed for the handling or storage of patient-level data.

4. Data Ownership and Usage

Customers retain ownership of their submitted QC data. ElevateQC may use anonymized, aggregate-level data to improve platform performance and develop benchmarking insights. This usage is statistical and non-identifying by design.

5. Privacy Compliance

Because no personal data is processed, data protection laws such as HIPAA (U.S.), PIPEDA (Canada), and GDPR (EU) do not apply directly to ElevateQC’s services. Nonetheless, ElevateQC applies best practices in privacy, confidentiality, and transparency.

6. Security Measures

ElevateQC maintains robust security controls appropriate for a cloud-based SaaS platform, including:

– Encrypted data transmission (TLS 1.2 or higher)

– Role-based access control and authentication

– Monitoring and vulnerability management

– Secure cloud hosting with data center certifications (e.g., SOC 2, ISO 27001)

7. Subprocessors

ElevateQC may use cloud infrastructure and analytics service providers (e.g., AWS, secure third-party visualization tools), all of whom are contractually obligated to maintain equivalent security standards.

8. Data Retention and Deletion

Customer QC data is retained only for the duration of the service agreement unless otherwise agreed. Customers may request data export or deletion at any time. Upon contract termination, data is removed following ElevateQC’s data retention policy.

9. Contact

For any questions about data handling or to request documentation, contact:

privacy(at)elevate-qc.com