Last Updated: April 2026
HealthMatch Pty Ltd (ABN 77 618 446 905), its subsidiaries and affiliates, including HealthMatch United States Inc. (collectively, "HealthMatch," "we," "our," or "us") respect your privacy and are strongly committed to transparency.
This Privacy Notice (our "Privacy Notice" or "Notice") describes: (i) the types of information we may collect from or about you or that you may provide when you (a) visit our website, healthmatch.io, and interact with or otherwise use any of the content, features, products, or services offered or otherwise made available through it (collectively, the "Platform"), and (b) communicate with us (whether by phone, email, SMS/text, or through other means), such as when you authorize us to request and retrieve your specific medical records for eligibility verification for a clinical trial in which you have expressed interest; (ii) our practices for collecting, using, disclosing, retaining, protecting, and otherwise processing that information; and (iii) your rights and choices with respect to such information.
Please note that our privacy practices may vary depending on where you live. See the jurisdiction-specific disclosures in this Privacy Notice for additional information that may apply to you.
Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to communicate with us or use our Platform. By communicating with us or accessing or using our Platform, you agree to this Privacy Notice. This Privacy Notice may change from time to time (see Changes to Our Privacy Notice). Your continued communications with us and/or use of our Platform after we make changes indicates your acceptance of those changes, so please check this Privacy Notice periodically for updates.
HealthMatch operates a clinical trial matching platform that connects individuals with relevant clinical trials by matching their self-reported health profile to study eligibility criteria. Users may complete a health questionnaire on the Platform before or after creating an account. Where health questionnaire responses are collected prior to account creation, those responses are not associated with any personally identifiable information until the user registers an account. Health questionnaire responses collected prior to account creation are stored temporarily and deleted within 24 hours if the user does not register an account. If you complete a health questionnaire but do not create an account, no personally identifiable information is retained by HealthMatch.
Once a user has both a registered account and a completed health profile, HealthMatch uses the matched profile to display relevant clinical trials. If a user chooses to apply to a specific trial, we ask for the user's explicit consent before sharing any identifying information or health profile data with the relevant trial site.
HealthMatch uses automated matching technology to compare your health profile against the eligibility criteria of clinical trials listed on our Platform. This process determines which trials are displayed to you and, where applicable, whether you are presented to a trial site as a potentially eligible applicant. The matching logic is based on the inclusion and exclusion criteria defined in each trial's protocol — it does not involve inferences about you beyond what you have provided. If you believe a match result is incorrect or that you have been excluded from a trial in error, you may contact us at privacy@healthmatch.io to request a human review of your eligibility assessment.
In addition to individual participants, we also serve B2B customers including (i) clinical trial sites and sponsors, (ii) clinical research organisations ("CROs"), and (iii) pharmaceutical, biotechnology, and academic research institutions (collectively, "B2B customers").
We collect Personal Data directly from participants and users of our Platform — not on behalf of, or as directed by, our B2B customers. Participant health profile data is only shared with a specific trial site when a participant affirmatively applies to that trial and consents to that disclosure. We do not sell participants' Personal Data to B2B customers. Clinical trial sites and sponsors that receive participant data are independent data controllers in respect of that data, and we are not responsible for their privacy or data security practices following receipt.
This Privacy Notice applies to all Personal Data that HealthMatch collects directly from you through the Platform and through direct communications with us. Depending on where you live, you may have additional rights and protections under applicable law — please refer to the jurisdiction-specific supplements and addenda at the end of this Privacy Notice for disclosures and rights that may apply to you.
We collect two basic types of information from you when you provide it to us or when you use or interact with our Platform or through our advertising and media across the Internet: Personal Data and non-Personal Data.
"Personal Data" means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. However, Personal Data does not include any anonymized, deidentified, or aggregated information.
Non-Personal Data includes information that does not personally identify you or information that has been de-identified or anonymized (collectively, "non-Personal Data"). When we combine non-Personal Data with Personal Data, we treat the combined information as Personal Data.
We collect your Personal Data from various sources, including:
Through the Platform we collect Personal Data provided directly by users, including contact details, health and eligibility information, and consent preferences, for the purpose of matching participants with relevant clinical trials and supporting trial recruitment workflows with study sites and sponsors.
Thus, we collect certain types of Personal Data directly from you when you access or use our Platform, including your: (i) name; (ii) postal code (for trial matching purposes), and postal address where you have authorised us to retrieve medical records on your behalf; (iii) email address; (iv) telephone number (including mobile number); (v) online identifiers; (vi) unique personal identifier; (vii) medical information (including medical history, mental/physical condition, disability or diagnosis, and mental/physical treatment by a health care professional); (viii) age; (ix) racial or ethnic origin; (x) ancestry; (xi) current or future pregnancy (we may ask you to indicate whether you are currently pregnant, breastfeeding, or planning a pregnancy); and (xii) genetic information, including information about specific genetic variants or mutations where relevant to a clinical trial's eligibility criteria, or as received through authorised medical record retrieval.
We also may collect the same or other types of information (which may include Personal Data and/or non-Personal Data) that you choose to submit to us or may otherwise provide through your use of our Platform, such as when you fill out a form or communicate with us. This includes, for example:
We, our partners, service providers or other vendors may automatically collect certain information when you visit and interact with our Platform or open our emails. The information we collect automatically may include Personal Data, or we maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us improve our Platform to deliver a better and more personalized service. Such automatically collected information may include:
We and our service providers or partners use cookies and other tracking technologies to provide functionality, measure and analyse user behaviour on the Platform, and support conversion tracking and affiliate attribution. Some of the technologies we and our service providers or partners may use include:
Cookies (or browser cookies). These are small text files that may be placed on your computer or device by us or our service providers and partners when you visit our Platform. Some of these cookies are essential to the operation of the Platform (for example, session and security cookies) and cannot be disabled without affecting your ability to use it. Others are managed by us (first-party cookies) or by third parties (third-party cookies) for analytics, performance, and attribution purposes. Cookies may enable us, our vendors, or third parties to recognise you across sessions and relate your use of the Platform to other information about you. We may use cookies to: understand how users navigate the Platform; and support conversion tracking and affiliate attribution, including measuring whether a user who arrived via an affiliate link subsequently registered or applied to a trial.
Web Beacons. A web beacon is a small piece of code (also called a pixel tag or clear gif) embedded in pages or emails that fires when the page or email is loaded. Web beacons may transmit information including a unique identifier associated with your browser or device, the time and date of the page view, and the page on which the beacon is placed. They are used to measure page views and track conversion events. Pages of our Platform and our emails may contain web beacons.
Local Storage and Similar Technologies. In addition to cookies, we and our service providers use browser local storage and similar client-side storage mechanisms to support Platform functionality — including preserving your session state, storing in-progress questionnaire responses before account creation, and enabling consistent analytics and feature delivery across sessions.
Server-Side Tracking. We use server-side technologies that transmit conversion data — such as hashed email address, hashed phone number, and conversion event details — directly from our servers to third-party platforms (including Meta) for the purpose of measuring platform effectiveness and referral attribution. This transfer occurs server-to-server and does not rely on browser-based cookies or web beacons.
Platform Interaction and Performance Monitoring Tools. Our Platform uses analytics and session recording tools that execute code in your web browser to help us understand how users interact with the Platform. This may include recording mouse movements, navigation pathways, and interactions with pages and content on our Platform, including pages where you respond to health questionnaires.
These tracking technologies may be deployed by us and/or by our service providers or partners on our behalf. We may combine information collected through these means with other information we hold about you for the purposes of improving our Platform and our trial matching service.
Your choices. Users in certain jurisdictions where consent is required by law will be presented with a cookie consent banner on their first visit to the Platform, through which they may accept or decline non-essential cookies and tracking technologies. For users in other jurisdictions, our use of non-essential cookies, analytics, and tracking technologies is based on our legitimate interest in understanding how the Platform is used and improving our services. Regardless of your location, you may request that we disable non-essential tracking in connection with your use of the Platform by contacting us at privacy@healthmatch.io. Residents of certain states may also opt out of the sale or sharing of personal data — including data transferred via conversion pixels and server-side tracking integrations — as described in the Your Privacy Rights section, or by broadcasting a Global Privacy Control (GPC) signal from a supported browser.
We may also create certain information about you. When we associate this information with other Personal Data about you, we consider this information to be Personal Data. This information includes information associated with your account with us (if one exists); records of calls or other communications we may have with you; and inferences drawn from other information we collect to create a profile reflecting your preferences, characteristics, and behaviour.
In certain instances, we may also collect limited Personal Data from third parties, such as our affiliate partners who refer potential study participants to our Platform, clinical trial sites who share study-related information with us (e.g., screening outcomes and enrollment status), and medical record and health information exchange providers in cases where a participant has explicitly authorized us to request and receive their specific medical records for eligibility verification purposes.
We use information that we collect about you or that you provide to us, including any Personal Data:
We do not sell, share, or disclose your Personal Data for purposes other than those outlined in this Privacy Notice, including any applicable jurisdiction-specific addendum or supplement appended to this Privacy Notice. However, we may disclose aggregated, de-identified, or anonymised information about our users or clinical trial participants that does not identify any individual, without restriction.
We disclose your information as needed to fulfil the purposes described in this Privacy Notice and as permitted by applicable law.
When We Work with Service Providers and Business Partners. We may share Personal Data with our service providers and business partners who support the operation of our Platform and business. These include providers of website and data hosting, data warehousing, analytics and session recording, event tracking, feature management, messaging services (including email and SMS), customer communications, and survey administration. We require these service providers and business partners by contract to use your Personal Data only to perform the services we have engaged them to provide, and not to retain, use, or disclose it for any other purpose.
When We Work with Affiliate Partners. We share limited data with affiliate partners who refer users to our Platform, solely for the purpose of attributing referrals and reporting on outcomes such as trial applications and enrolment. Affiliates do not receive Personal Data for their own marketing or other purposes.
When We Work with Clinical Trial Sites and Sponsors. We share trial-related Personal Data with clinical trial sites involved in trials you have applied to or enrolled in, including screening outcomes and enrolment status. We may also share information in connection with surveys conducted for research or sponsor insight purposes.
When We Work on Business Transactions. If we become involved with a merger, corporate transaction, or other situation involving the transfer of some or all of our business assets, we may share your Personal Data with business entities or individuals involved in the negotiation or transfer.
When Sharing Helps Us Protect Safety and Lawful Interests. We may disclose your Personal Data where necessary to: comply with applicable federal, state, or local laws; respond to a court order, subpoena, or other legally binding request from law enforcement or regulatory authorities; cooperate with law enforcement concerning conduct we believe may violate applicable law; exercise or defend legal claims; enforce our agreements or policies; or protect the rights, property, or safety of HealthMatch, our users, or others.
When You Give Consent. We may share Personal Data about you with other parties if you give us permission or direct us to do so.
In addition to the rights described in the Your Privacy Rights section below, we provide the following mechanisms for managing your Personal Data and communications preferences.
Cookies and Tracking Technologies. Where required by applicable law, you will be presented with a cookie consent banner on your first visit to the Platform, through which you can accept or decline non-essential cookies and tracking technologies by category. Users in applicable jurisdictions can also access and update their cookie preferences at any time via the Cookie Settings link in the footer of our Platform. If you are not presented with a cookie consent banner, you may also adjust your browser settings to refuse all or some cookies, though please note that certain parts of our Platform may be inaccessible or may not function properly if you do so. You can find more information about cookies at www.allaboutcookies.org.
Marketing Communications — Email. We may use your email address to contact you about clinical trial opportunities, platform updates, news, and other communications that may be of interest to you, with your consent where required by law. You can manage your email preferences by category — including opting out of specific communication types — at any time via your account settings or by clicking the link in any email you receive from us. Please note that opting out of marketing communications will not affect essential account and service-related emails such as onboarding and trial match notifications.
Marketing Communications — Calls and Text Messages. If you have opted in to receive calls and/or SMS messages from us, we may use your mobile telephone number to contact you about clinical research opportunities or related updates. In some cases these communications may be sent using automated systems; in others they will be manually initiated. Message frequency may vary and message and data rates may apply. You may opt out at any time by texting STOP in response to any text message you receive from us or by contacting us at privacy@healthmatch.io.
By opting in to receive such communications, you confirm that: (i) you are providing your prior express written consent to receive recurring mobile messages or calls at the telephone number you provided; (ii) you have the authority to provide that consent for the number you supplied; and (iii) your consent is not a condition of using our Platform or services. Messages and calls may be sent by us directly or by third parties acting on our behalf.
In addition to the choices made available to you with regard to the Personal Data that we have collected about you, you may access, correct, or permanently delete the Personal Data we hold about you at any time. You can do this directly through your account settings, or by contacting us at privacy@healthmatch.io.
We will action your request promptly and confirm once your data has been deleted, subject to any legal obligations that require us to retain certain information. We may not accommodate a request to correct or update your Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
The laws in some jurisdictions may provide you with additional rights and disclosures regarding our processing of your Personal Data. To learn more about our processing activities and any additional privacy rights with respect to such data that may be applicable to you as a resident of, or an individual otherwise located in, one of these jurisdictions, please see the relevant privacy addendum for your jurisdiction that is appended to this Privacy Notice.
Please note that certain categories of data or entities may be partially or fully exempt from applicable privacy laws; where relevant, this is addressed in the applicable jurisdiction-specific addendum.
The laws in some jurisdictions provide you with additional rights and disclosures regarding our processing of your Personal Data. Please refer to the section applicable to your jurisdiction below.
California residents — Your California Privacy Rights and Disclosures
Colorado, Connecticut, Maryland, Nebraska, New Jersey, Nevada, Texas, and Washington residents — Your US State Privacy Rights and Disclosures
Canadian residents — Your Canadian Privacy Rights and Disclosures
Australian residents — Your Australian Privacy Rights and Disclosures
Brazilian residents — Your Brazilian Privacy Rights and Disclosures
Mexican residents — Your Mexican Privacy Rights and Disclosures
Argentine residents — Your Argentine Privacy Rights and Disclosures
If your jurisdiction is not listed above, the rights and choices described in the main body of this Privacy Notice apply to you. You may contact us at privacy@healthmatch.io at any time with questions about how we process your Personal Data.
We implement appropriate technical and organisational measures to protect your Personal Data against accidental loss, unauthorised access, use, alteration, and disclosure. These measures include encryption of personal data in transit and at rest, access controls limiting data access to authorised personnel, and regular security assessments of our systems and infrastructure.
The security of your account also depends on you. You are responsible for keeping your password confidential and for any activity that occurs under your account. We ask that you do not share your password with anyone and that you notify us immediately at privacy@healthmatch.io if you suspect any unauthorized access to your account.
While we take our security obligations seriously, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining appropriate safeguards and to notifying you and relevant authorities in the event of a breach that affects your Personal Data, in accordance with our obligations under applicable law.
Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they "do not track" your online activities. Except as otherwise described in this Privacy Notice (including any jurisdiction-specific addendum) with respect to legally required browser based opt outs, we do not recognize or respond to browser-initiated DNT signals, as there currently is no accepted standard for how a website or online service should respond to this signal.
Some browsers and browser extensions also support the Global Privacy Control (GPC) signal, as specified at globalprivacycontrol.org. Where required by applicable law — including in California, Texas, Colorado, New Jersey, Nevada, and Connecticut — we treat a valid GPC signal as an opt-out request from the sale or sharing of your personal data. GPC signals are processed at the browser level and apply to the specific browser and device from which the signal is transmitted.
To provide our Platform, we transfer and process your Personal Data in the United States, regardless of the country where you reside or access our Platform. The United States may have data protection laws that differ from those in your jurisdiction.
Where we are required by applicable law to put in place safeguards for the international transfer of your Personal Data, we do so in accordance with those requirements. For jurisdiction-specific information about cross-border transfers and the applicable safeguards, please refer to the relevant addendum for your jurisdiction appended to this Privacy Notice.
Please note that public authorities in the United States may, in certain circumstances, be entitled to access your Personal Data under applicable US law.
Our Platform may contain links to third party websites or services that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or services. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy notices of these parties, which we suggest you review.
Our Platform is not intended for children under 18 years of age and we do not knowingly collect Personal Data from anyone under 18. If you are under 18, do not use or provide any information through our Platform. If we learn we have collected Personal Data from a child under 18, we will delete that information promptly. If you believe we may have any information from or about a child under 18, please contact us at privacy@healthmatch.io.
We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected it and in accordance with our legal obligations, our records retention practices, or as otherwise permitted or required by law.
If you have set up an account with us, we will retain your Personal Data associated with that account for as long as your account remains open. We do not automatically delete accounts or associated Personal Data — if you wish to have your Personal Data deleted, you may do so at any time by submitting a deletion request through your account settings or by contacting us at privacy@healthmatch.io (subject to the statutory exceptions described below).
We may also need to retain Personal Data in order to exercise our legal rights or defend legal claims involving you. We will delete this information once it is no longer needed for such purposes.
We may also retain some or all of your Personal Data when your information is subject to one of the following exceptions:
We may change this Privacy Notice at any time. If we make material changes to how we treat our users' Personal Data, we will notify you by posting a notice on the home page of our Website. Non-material changes will be reflected in an updated version of this Privacy Notice, and the date it was last revised will be identified at the top of the page.
You are responsible for ensuring we have a current and deliverable email address for you. We encourage you to review this Privacy Notice periodically to stay informed of any updates.
If you have any questions or concerns regarding our Privacy Notice, please contact us at:
HealthMatch Pty Ltd (ABN 77 618 446 905)