Skip to content
request demo

Privacy Policy

Last updated: Jan 2026

Privacy Statement Summary

This Privacy Policy ("Policy") explains how your information is collected, used, and disclosed by ZoomRx Inc. ("We" or "Us" or "Our"). This policy applies where we are acting as a Data Controller with respect to the personal data of the doctors, healthcare professionals, and other participants involved in our market research activities. This also applies to data relating to individuals who visit our website and use other services; in other words, where we determine the purposes and means of the processing of that personal data.

At ZoomRx, we take all reasonable measures to ensure that the privacy of all visitors to the Ferma.AI website is protected. This privacy policy explains how ZoomRx collects, processes and uses data collected from the users. We will never sell, share, or use your personal information other than as described here.

By using our platform, you consent to this policy. Please do not use the platform if you do not agree to the terms laid out in this policy. Your continued usage of the platform following changes to this policy will be deemed your acceptance to those changes.

Quick Reference

Field

Details

Who will use your data?

ZoomRx Inc.

Who are we?

We are a full-service strategic healthcare consulting agency providing primary market research across all stages of the drug lifecycle. We are market leaders in Promotional Effectiveness Tracking; ATU and Brand Equity Tracking; and Chart Audits with integrated Health Care Professionals (HCPs)-Patient recorded dialogue. We also provide advanced market demand and opportunity assessment and communication testing. Our Customer Engagement Center of Excellence team offers advanced analysis, secondary data integration, and interactive real-time dashboards. Our Ferma.AI team offers an Artificial Intelligence tool for conference coverage and competitive intelligence.

What for? (Purpose)

We collect, store, and process data in order to provide our AI tooling services for conference coverage and competitive intelligence. If you contact us using our Schedule a Demo form, by email, or by any other means, we will respond to your enquiry and may also send you information that we think you will be interested in. By using our platform, you consent to this policy. We will not use or share your data with anyone except as described in this Privacy Policy. As per our legal obligations, we may need to send details to relevant authorities or any other organisation that requires them by law.

How do we collect your personal data?

Most of the personal information we process is provided directly by you. For example: if you sign up and create an account on our website; if you send us direct messages through ZoomRx's social media platforms (Facebook, Twitter, LinkedIn, Instagram); or based on the information collected by cookies and similar technologies when you visit our website. We receive, collect and store any information you enter on our platform during onboarding or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

What data will be collected / stored?

We collect and store only a limited amount of data – we collect only the data we require to manage our relationship with you. This includes: any information you enter on our platform during onboarding or provide us in any other way; the Internet protocol (IP) address used to connect your computer to the Internet; session information collected via software tools; and any other information that you choose to share with us.

How long will data be stored?

Your data will be stored only for as long as strictly necessary to provide our services, to meet our obligations to you, and to meet our legal obligations. For more information, please contact us about our Data Retention Policy.

Who can access my data?

We will never sell, share, or otherwise distribute your data to any other third party other than as described here. We will share your information with any regulator or legal body that requests it, as well as any parties relevant to the application process. Access to your data is strictly controlled. For more information, please contact us about our Information Security Policy.

How is my data kept secure?

Information will generally be stored in our secure databases, which are located in the United States. We use industry-standard security protocols/technology to secure your data. Where data is transferred from the UK and/or EU to other countries we will take all appropriate precautions to protect your data including establishing DPA/SCC's and completing risk assessments.

About Privacy Policy

This policy sets out how we will use and share the information that you give us. By using our platform, you consent to this policy. Please do not use the platform if you do not agree to the terms laid out in this policy. Your continued usage of the platform following changes to this policy will be deemed your acceptance to those changes.

The General Data Protection Regulation (GDPR) describes how organisations must collect, handle, process, and store personal information. These rules apply regardless of whether data is stored electronically, on paper, or on other materials. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully. GDPR is underpinned by eight important principles. Personal data must:

  • Be processed fairly and lawfully
  • Be obtained only for specific, lawful purposes
  • Be adequate, relevant, and not excessive
  • Be accurate and kept up to date
  • Not be held for any longer than is necessary
  • Be processed in accordance with the rights of the data subjects
  • Be protected in appropriate ways
  • Not be transferred outside our borders, unless that country or territory also ensures an adequate level of protection

We take these responsibilities seriously; this document describes our approach to data protection. This policy helps to protect us from data security risks, including:

  • Breaches of confidentiality. For instance, information being given out inappropriately.
  • Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
  • Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
  • Any other loss or damage caused as a result of our failure to meet our data protection obligations
  • Any other risk associated with processing your data

Who We Are And How To Contact Us

ZoomRx Inc. is registered in the US and India. The Data Protection Lead is Kendall Anderson. You can contact us in any of the following ways:

  • Email: kendall.anderson@zoomrx.com

  • US Address: ZoomRx, 245 Main Street, Floor 2, Cambridge, Massachusetts 02142, USA

  • India Address: ZoomRx, 2nd Floor, Block-B, Global Infocity Park, Kodandarama Nagar, Perungudi, Chennai, Tamil Nadu 600096

 

Our UK Representative:

Under Article 27 of the UK Data Privacy Act, we have appointed a UK Representative to act as our data protection agent. Our nominated UK Representative is: GDPR Local Ltd.

  • Contact: Adam Brogden - contact@gdprlocal.com
  • Tel: +44 1772 217800
  • Address: 1st Floor Front Suite, 27-29 North Street, Brighton, England, BN1 1EB

Who This Privacy Policy Applies To

Processing of your data is required in order to offer you our services. This policy relates to every data subject that chooses to share their personal data with us; data subjects where we collect, store, or process their data in order to provide our services; and all other data subjects whose data we process in order to operate and develop our company.

This policy applies to individuals who have shared their data with ZoomRx Inc. as a participant in any capacity. It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the GDPR. This can include:

  • Names of Individuals

  • Contact details

  • Email addresses

  • Telephone/mobile numbers

  • Any other information relating to individuals as required to provide our services and to run and develop our company

Our Lawful Basis

This section describes our lawful basis for processing: We will only use your personal data for the purposes for which we collected it and as you would reasonably expect your data to be processed and only where there is a lawful basis for such processing, for example:

Personal data we receive will be used for the purposes it was provided, including but not limited to:

  • To operate our consulting and market research services
  • To respond to queries from you regarding our services
  • To manage and administer the relationships between you and us
  • To notify you about changes to our services and to otherwise communicate with you
  • To obtain feedback from you regarding us and our services
  • To operate, develop, protect our business

In accordance with your preferences, we may also use your personal information to provide you with information about services, promotions, and offers that may be of interest to you. This document explains how you can change whether to receive this information. Please note that, even if you choose not to receive this information, we may still use your personal information to provide you with important services and communications, including communications in relation to any purchases you make or services you use.

Purpose/Activity Type of data Lawful basis for processing
To process and deliver the products and services you request (a) Identity, (b) Contact, (c) Marketing and Communications (a) Performance of a contract with you, (b) Consent
To manage our ongoing relationship with you which will include notifying you about changes to our terms, services or privacy policy, to maintain our records (a) Identity, (b) Contact, (c) Profile, (d) Marketing and Communications (a) Performance of a contract with you, (b) Necessary to comply with a legal obligation, (c) Necessary for our legitimate interests to keep our records updated and to study how customers use our services, (d) Consent
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity, (b) Contact, (c) Technical (a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, (b) Necessary to comply with a legal obligation, (c) Consent
To use data analytics to improve our website, services, marketing, customer relationships and experiences (a) Technical, (b) Usage (a) Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy, (b) Consent
To make suggestions and recommendations to you about services that may be of interest to you (a) Identity, (b) Contact, (c) Technical, (d) Usage, (e) Profile (a) Necessary for our legitimate interests to develop our services and grow our business, (b) Consent

How To Change Your Preferences

We operate in line with GDPR data protection guidelines. We respect your rights and will respond to any request for access to personal information and requests to delete, rectify, transfer, data and to stop processing. We will also advise you on how to complain to the relevant authorities. Any requests or objections should be made in writing to the Data Controller, or you can visit our website or email us to contact us to change your preferences at any time.

Where you give your consent for us to process your data you can contact us to amend or withdraw your consent at any time. You can also choose to object to processing and request deletion of your data. We respect all user rights as defined in GDPR. If you have any comments or wish to complain, please contact us.

 

How We Store & Process Your Data

Your data will be collected, stored, and processed primarily in the US and India. Information will generally be stored in our databases, which are located in the United States. Where we transfer your data outside the UK, we will ensure we take appropriate precautions to protect this data. Your data will be stored only for as long as strictly necessary to ensure we have records of services and other interactions. For more information, please contact us about our Data Retention Policy.

We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for processing. Information may be used in the following ways:

  • We may use your data to notify you about our products or services or keep you updated on issues that we think are of interest to you, where permissible or if you have opted in to receiving such notifications.

  • Provide Ferma services, which includes updating, securing and troubleshooting, as well as providing support. We will not utilize this data in ways incompatible with the primary purpose why this data was collected and authorized.

  • We will use your data to administer and optimize your experience on our website and send you information and materials you request.

  • We may use your data to comply with applicable laws or regulations

We may be legally obliged to disclose your personal information without your knowledge to the extent that we are required to do so by law; in connection with any ongoing or prospective legal proceedings; in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Data Security & Integrity

We implement commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. We restrict access to data collected on the Ferma platform to individuals who may need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Any personal information submitted by you will be dealt with in accordance with our terms and conditions set forth herein.

To enhance the protection of information sent to or from our Website over the Internet, we implement the following security features:

  • HTTPS - We require that a "secure session" be established through the use of Hypertext Transfer Protocol Secure (HTTPS), which is a combination of the Hypertext Transfer Protocol (HTTP) and the Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol. This is done any time you supply or access information in one of our secure online areas. HTTPS creates a private conversation that only your computer and our systems can understand. HTTPS encodes information as it is being sent over the Internet between your computer and our systems helping to ensure that the transmitted information remains confidential. 

You will only receive marketing communications from us if you have:

  • Requested information from us

  • Used our services previously

  • Provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications

  • Not opted out of receiving marketing

  • Where we believe you will be interested in our services and we have a valid legitimate interest to process your information

Our Obligations

We are a Data Controller. In relation to the information that you provide to us, we are legally responsible for how that information is handled. We will comply with the GDPR in the way we use and share your personal data.

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • Request access to your personal data.

  • Request correction of your personal data.

  • Request erasure of your personal data.

  • Object to processing of your personal data.

  • Request restriction of processing your personal data.

  • Request transfer of your personal data.

  • Withdraw consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.

Third Parties

Personally Identifiable Information will not be shared with any third parties, except that we may disclose your information if we believe we are required to do so by law, if we need to do so to protect someone's safety or our rights or property, or in order to comply with this policy or other policies that may be applicable.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know such data. They will only process your personal data per our instruction, and they are subject to a duty of confidentiality. We will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. If you have any queries or concerns about your data usage, please contact us.

Cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes, and then the data is removed from the system.

Overall, cookies help us provide you with a better website experience by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

As well as your ability to accept or reject cookies, we also require your permission to store cookies on your machine, which is why when you visit our site, you are presented with the ability to accept our terms of use, including the storage of cookies on your machine. Should you not accept, then you are free to leave our website, at any time.

OpenAI APIs - Terms & Conditions

  • Limitations of Liability: ZoomRx is not liable for any damages or losses that may arise from the use of OpenAI APIs.
  • Intellectual Property Rights: OpenAI APIs are the property of OpenAI and ZoomRx does not own any intellectual property rights in the APIs.
  • API Usage: ZoomRx is using the OpenAI APIs under OpenAI's terms of service and agrees to comply with these terms.
  • API Limitations: The OpenAI APIs are subject to limitations, such as usage limits or access restrictions, that may affect the performance of the application.
  • API Changes: OpenAI may make changes to the APIs, including changes to functionality, terms of service, or pricing, and ZoomRx may need to make corresponding changes to the application.

API Data Collection: The OpenAI APIs may collect data from the application, such as user input or usage data; this data is subject to OpenAI's privacy policy.

API Data Sharing & Security: OpenAI implements commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Please see OpenAI's Privacy Policy for more information: https://openai.com/policies/privacy-policy

For California, Virginia, Colorado, Utah, and Connecticut Residents

Your Rights Under State Privacy Laws

Pursuant to the state regulations, and subject to certain exceptions and limitations, residents of the above states can contact ZoomRx to exercise the rights described below with respect to certain personal information that ZoomRx holds about them. To the extent those rights apply to you, they are described below. ZoomRx also handles certain personal information on behalf of ZoomRx customers. You should contact those customers to exercise any rights you may have with respect to that personal information.

Right to Know About Personal Information Collected, Used, or Disclosed

You have the right to request that we provide you with details about the personal information we collect, use, and disclose. ZoomRx reserves the right to verify your identity to our satisfaction, including by asking you to log into your account if you have one.

You are entitled to receive the following:

  • The categories of your personal information that ZoomRx has collected in the preceding 12 months
  • The categories of sources from which that information was collected
  • The business/commercial purpose for the collection
  • The categories of third parties with whom ZoomRx shares personal information
  • The specific pieces of personal information ZoomRx has collected about you (subject to some exceptions)

Because ZoomRx has disclosed personal information to third parties in the last 12 months, you are also entitled to receive:

  • The categories of personal information that ZoomRx has disclosed in the past 12 months
Right to Request Deletion of Personal Information

You have the right to request deletion of the personal information we have collected about you (subject to some exceptions). You can submit your request as described above, and we reserve the right to conduct the verification described above.

Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights

You have the right not to receive unlawful discriminatory treatment by ZoomRx for the exercise of your privacy rights.

Right to Opt-Out of Collection, Use, and Disclosure of Personal Information

You have the right to opt-out of the collection, use, and disclosure of your personal information by ZoomRx. You may request to opt-out by sending an email to kendall.anderson@zoomrx.com.

Categories of Personal Information Collected

ZoomRx collects personal information from research participants during and after registration with a panel, including, without limitation, during participation in a survey and in connection with the receipt and redemption of rewards and incentives and/or during the Application/Services registration and download process.

The categories of personal information we may collect include "Identifiers" such as:

  • Name
  • Address(es)
  • Telephone number(s) (including home, cell, and/or business telephone numbers)
  • Email address(es)
  • Internet Protocol address
  • Unique device identification number (such as identifiers for analytics or advertising)
  • Network provider user ID (a number uniquely allocated to you by your network provider)
  • Media Access Control (MAC) address
  • In the iOS app, we collect a unique identifier provided by Apple for devices
  • Unique cookie identifiers
  • Information about your device (e.g., device operating system, network provider, device type, browser type, etc.)
  • Geolocation
  • Cookies and similar technology
  • Social media information
  • Professional or employment-related information, including occupation
  • Education information
  • Demographic information

Contacting Us, Exercising Your Information Rights and Complaints

 
If you have any questions or comments about this Privacy Policy, wish to exercise your information rights in connection with the personal data you have shared with us, or wish to complain, please contact:
  • Name: Kendall Anderson
  • Email: kendall.anderson@zoomrx.com or ZoomRx's Ferma Team at info@ferma.ai
  • US Address: ZoomRx, 245 Main Street, Floor 2, Cambridge, Massachusetts 02142, USA
     
  • India Address: ZoomRx, 2nd Floor, Block-B, Global Infocity Park, Kodandarama Nagar, Perungudi, Chennai, Tamil Nadu 600096

We will process data protection requests within 30 days. Subject Access Requests (SARs) are usually free, but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.

If you remain dissatisfied, then you have the right to apply directly to the relevant Supervisory Authority.

This Privacy Policy may be revised periodically and this will be reflected by the "effective date" below. Please revisit this page to stay aware of any changes. Your continued use of the website constitutes your agreement to this Privacy Policy and any amendments.

Questions?

 If you have any questions about this Privacy Policy, please contact us: