idicine← Back to home

Legal

Research Data Processing Agreement

Effective Date: May 18, 2026  ·  Last Updated: May 19, 2026

This Research Data Processing Agreement (this “Agreement” or “DPA”) is the standard form agreement that governs the disclosure of de-identified aggregate research outputs by Idicine (“Idicine”) to a third-party research partner (“Partner”). Idicine is currently registered in the Netherlands, with a contact address in San Francisco, California; we expect to re-incorporate as a Delaware corporation in the future, at which point references to “Idicine” in this Agreement will refer to that successor entity. This page is the public reference text of the Agreement. The binding instrument in any specific engagement is the executed counterpart signed by both parties; this page may be incorporated by reference into that counterpart.

Idicine operates the Bio-Outcome Intelligence Engine, an internal research program described in Privacy Policy §32, Consumer Health Data Privacy Policy §8, and Genetic, Biomarker and Bio-Matching Consent §27. This Agreement applies only to disclosures of aggregate outputs of that program that have been de-identified to the standards set out in Section 4. No raw or identifiable consumer health data is shared under this Agreement under any circumstances.

1. Definitions

  • Aggregate Output means statistical, categorical, or model-derived information produced by the Bio-Outcome Intelligence Engine that has been de-identified in accordance with Section 4.
  • Consumer Health Data has the meaning given in the Washington My Health My Data Act (RCW 19.373) and includes blood type, biomarker, genetic, and self-reported health information that any consumer has provided through the Idicine Service.
  • De-Identification Standard means the HIPAA Safe Harbor methodology, informed by the principles of the Expert Determination standard under 45 C.F.R. § 164.514(b), supplemented by suppression of any row, cell, or output describing fewer than ten distinct users (k-anonymity ≥ 10). This partner-disclosure threshold is deliberately stricter than the k-anonymity ≥ 5 floor Idicine applies to its own internal research outputs.
  • Service means the Idicine mobile application, website, Bio Chats, matching features, and related services.
  • Sub-Processor means any third party engaged by Partner to process Aggregate Outputs in connection with the Permitted Purpose.
  • Permitted Purpose means the specific scientific, academic, or research-and-development purpose described in the executed Statement of Work that accompanies the executed counterpart of this Agreement.

2. Scope and Subject Matter

This Agreement governs Partner's receipt, processing, storage, and use of Aggregate Outputs disclosed by Idicine under a written Statement of Work executed by both parties. The duration of processing, the categories of data, and the categories of consumers covered are described in the Statement of Work.

This Agreement does not authorize Idicine to disclose, and Idicine does not disclose, raw Consumer Health Data, individual user identifiers, account identifiers, device identifiers, IP addresses, or any other directly or indirectly identifying information. Partner acknowledges this constraint as material to the Agreement.

3. Lawful Basis and Consumer Consents

Idicine represents that every consumer whose data contributes to an Aggregate Output disclosed to Partner has granted opt-in consent to both research participation and research partner sharing, as described in the Consent documentation referenced above. Idicine maintains an immutable audit log of these consents and may provide aggregate audit summaries to Partner on request, subject to applicable privacy protections.

4. De-Identification

Idicine performs all of the following before any Aggregate Output is transferred to Partner:

  • Removal of direct identifiers (names, contact information, device identifiers, account identifiers, IP addresses, and similar) in conformance with HIPAA Safe Harbor under 45 C.F.R. § 164.514(b)(2);
  • A statistical risk assessment of the candidate output applying the principles of the Expert Determination standard under 45 C.F.R. § 164.514(b)(1); where the structure or sensitivity of an Aggregate Output warrants a formal Expert Determination, that determination is obtained from a qualified expert before the output is transferred;
  • Suppression of any row, cell, count, or other output describing fewer than ten distinct users (k-anonymity ≥ 10);
  • Addition of differential-privacy noise to numeric outputs where appropriate to the dataset and the disclosure context.

5. No Re-Identification

Partner publicly and contractually commits not to attempt, directly or indirectly, to re-identify any individual whose data may have contributed to an Aggregate Output. Without limitation, Partner shall not:

  • Combine, cross-reference, or link Aggregate Outputs with any external dataset for the purpose or effect of re-identifying any individual;
  • Apply browser, device, behavioral, network, biometric, or genetic fingerprinting techniques to Aggregate Outputs;
  • Use Aggregate Outputs to make decisions about any individual whose data may have contributed to them, including decisions regarding insurance, employment, credit, education, housing, or healthcare access;
  • Disclose Aggregate Outputs to any third party except a Sub-Processor approved under Section 7.

Partner shall promptly notify Idicine of any actual or suspected re-identification or re-identification attempt by Partner, its personnel, or any third party.

6. Permitted Purpose; Use Restrictions

Partner shall process Aggregate Outputs only for the Permitted Purpose described in the Statement of Work. Without limiting the generality of the foregoing, Partner shall not use Aggregate Outputs:

  • For targeted advertising, cross-context behavioral advertising, profiling for marketing, or any other purpose described in Cal. Civ. Code § 1798.140(ad) as a sale or share;
  • To train large language models or other machine-learning systems for any purpose outside the Permitted Purpose;
  • To make or support eligibility, underwriting, pricing, or coverage decisions in insurance, lending, employment, education, or housing;
  • To inform pharmaceutical or supplement marketing campaigns directed at individuals or population segments where such marketing is regulated as a sale or share of consumer health data under applicable law.

7. Sub-Processors

Partner shall not engage any Sub-Processor to process Aggregate Outputs without (i) providing Idicine at least thirty (30) days' prior written notice and an opportunity to object, and (ii) entering into a written agreement with the Sub-Processor that imposes obligations no less protective than this Agreement. Partner remains fully liable for the acts and omissions of its Sub-Processors.

8. Security

Partner shall implement and maintain administrative, technical, physical, and organizational security measures designed to protect Aggregate Outputs against unauthorized access, disclosure, alteration, or destruction. At a minimum, Partner shall: (i) encrypt Aggregate Outputs at rest and in transit; (ii) restrict access to personnel with a need-to-know for the Permitted Purpose; (iii) maintain access logs; (iv) require multi-factor authentication for personnel with access to Aggregate Outputs; (v) maintain a written information security program reviewed at least annually; and (vi) promptly install security updates for systems used to process Aggregate Outputs.

9. Audit and Records

Once per year, and on reasonable advance written notice, Partner shall make available to Idicine information necessary to demonstrate compliance with this Agreement, including completed standard security questionnaires, copies of relevant security certifications (such as ISO/IEC 27001, SOC 2 Type II), and records of Sub-Processors. In addition, on Idicine's reasonable request following a material concern, Partner shall permit an audit by Idicine or its authorized representative on reasonable advance notice and during normal business hours, subject to confidentiality obligations.

10. Breach Notification

Partner shall notify Idicine without undue delay, and in any event within seventy-two (72) hours, after Partner becomes aware of any actual or reasonably suspected unauthorized access, disclosure, alteration, destruction, or loss of Aggregate Outputs or any actual or suspected re-identification incident. Notice shall include the nature of the incident, the data involved, mitigating steps taken, and Partner's plan for remediation. Partner shall cooperate with Idicine in any regulatory notification or consumer notification required by applicable law, including the FTC Health Breach Notification Rule (16 C.F.R. Part 318), where applicable.

11. Consumer Rights

If Partner receives a request from a consumer purporting to exercise a right under any applicable consumer privacy law (including but not limited to MHMDA, NV SB 370, CT SB 3, CO CPA, CCPA, or GDPR) with respect to data processed under this Agreement, Partner shall forward such request to Idicine without undue delay and shall assist Idicine, at Idicine's reasonable expense, in responding to such request, including by ceasing further processing of any Aggregate Output associated with the requesting consumer if and to the extent re-identification of that consumer's contribution is technically possible (which the De-Identification Standard is designed to prevent).

12. Return or Destruction

Upon expiration or termination of this Agreement or of the applicable Statement of Work, and at Idicine's written direction, Partner shall return or destroy all Aggregate Outputs in its possession or control (including any copies held by Sub-Processors), other than Aggregate Outputs that Partner is required to retain under applicable law (in which case Partner shall continue to apply this Agreement to those retained outputs).

13. Confidentiality

Partner shall keep Aggregate Outputs and any other non-public information of Idicine in strict confidence. Partner shall use the same degree of care to protect Aggregate Outputs as it uses to protect its own most sensitive confidential information, and in no event less than reasonable care.

14. Indemnification

Partner shall indemnify, defend, and hold harmless Idicine and its officers, directors, employees, and agents from and against any third-party claim, action, or proceeding, and any related liabilities, damages, fines, penalties, costs, and reasonable attorneys' fees, arising out of or relating to Partner's breach of this Agreement, Partner's violation of applicable law in connection with the processing of Aggregate Outputs, or any re-identification attempt or incident by Partner or its Sub-Processors.

15. Liability

Nothing in this Agreement excludes or limits a party's liability for (i) fraud or fraudulent misrepresentation; (ii) death or personal injury caused by negligence; (iii) statutory penalties imposed by a regulator for the indemnifying party's violation of law; or (iv) any other liability that cannot lawfully be excluded or limited. Subject to the foregoing, neither party shall be liable to the other for indirect, incidental, special, consequential, or punitive damages, except in cases of breach of Sections 5 (No Re-Identification), 6 (Permitted Purpose), or 13 (Confidentiality), where direct and reasonably foreseeable damages remain recoverable in full.

16. Term and Termination

This Agreement begins on the effective date of the executed counterpart and continues until terminated. Either party may terminate (i) for material breach, with thirty (30) days' written notice and an opportunity to cure, or (ii) for convenience on ninety (90) days' written notice. Idicine may suspend processing under this Agreement immediately upon written notice if Idicine reasonably believes Partner is in material breach or that continued processing poses a privacy or security risk to consumers.

17. Governing Law and Jurisdiction

This Agreement is governed by the laws of the State of California, without regard to its conflict-of-laws principles. The state and federal courts located in San Francisco County, California shall have exclusive jurisdiction over any dispute arising out of or relating to this Agreement, subject to any binding arbitration agreement in the executed counterpart or Statement of Work.

18. Order of Precedence

In the event of conflict between this Agreement and any Statement of Work, this Agreement controls unless the Statement of Work expressly identifies the specific Section of this Agreement that it modifies and is signed by an authorized representative of both parties.

19. Updates to This Reference Text

Idicine may publish updates to this reference text. The version applicable to any executed counterpart is the version in effect on the effective date of that counterpart, unless the counterpart expressly incorporates a different version by date.

20. Contact

For questions about this Agreement, partnership inquiries, or to request an executed counterpart, contact:

Idicine
5214F Diamond Hts Blvd
San Francisco, CA 94131
legal@idicine.com
privacy@idicine.com

In plain terms:Partners only ever see statistics computed over groups of ten or more anonymous users. They contractually promise not to try to figure out who any individual is. Raw user data never leaves Idicine's servers.