Privacy Policy

Galen (“we”, “our”, “us”) is an AI-powered cancer research platform that provides programmatic access to biomedical knowledge through its API and developer tools. This Privacy Policy explains how we handle information when you use our services.

When you use the Galen developer platform, we collect:

• Account information — email address used for authentication
• API usage data — request counts, endpoints accessed, and rate limit tracking
• Billing information — processed securely through Stripe (we do not store payment details)

The Galen API is designed with privacy in mind:

• We do not log API request bodies or query parameters
• We do not use tracking pixels, third-party analytics, or advertising cookies
• We do not share your usage data with third parties for marketing purposes

Galen is designed to work with de-identified data only. When using patient interpretation endpoints, users must not include real names, dates of birth, medical record numbers, Social Security numbers, or any other HIPAA-defined identifiers. We do not knowingly collect or process PHI.

The Galen knowledge graph aggregates publicly available biomedical data from multiple databases including ChEMBL, cBioPortal, ClinicalTrials.gov, PubMed, and others. All source data is used in accordance with its respective license terms.

All API communication occurs over encrypted HTTPS connections. API keys are stored as SHA-256 hashes. We employ standard security practices including rate limiting, input validation, and PHI scrubbing on error logs.

Account information is retained while your account is active. API usage metrics are retained for billing and rate limiting purposes. You may request account deletion at any time by contacting us.

Galen is not directed at children under 13. We do not knowingly collect information from children.

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Access — request a copy of your personal data
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data
• Restriction — request we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise these rights, contact us at contact@galenhealth.org. We will respond within 30 days. For data processing agreements, contact us at the same address.

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know — request what personal information we collect, use, and disclose
• Right to Delete — request deletion of your personal information
• Right to Opt-Out — opt out of the sale of personal information
• Non-Discrimination — we will not discriminate against you for exercising your rights

We do not sell personal information. To submit a request, contact contact@galenhealth.org.

We may update this Privacy Policy from time to time. Changes will be reflected by updating the “Effective Date” at the top of this page.

If you have questions about this Privacy Policy, please contact us at contact@galenhealth.org