Logo

Privacy Policy

Last updated: March 13, 2026

1. Introduction

MOCRA Adverse Event Reporter ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Organization name
  • Password (encrypted)

Adverse Event Report Data

When submitting adverse event reports, we collect:

  • Patient information (age, sex, weight, race/ethnicity)
  • Event descriptions and outcomes
  • Product information (names, NDC codes, lot numbers)
  • Reporter contact information
  • Product label images and photographs
  • Medical history and lab data

Usage Data

We automatically collect certain information about your device and how you interact with our service:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited and time spent
  • Referring website

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our service
  • Process adverse event reports
  • Send deadline reminders and notifications
  • Generate FDA-compliant PDF forms
  • Improve our service and develop new features
  • Comply with legal obligations
  • Prevent fraud and ensure security

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Sensitive personal information is encrypted at rest using AES-256
  • Database access is restricted using Row Level Security (RLS)
  • Regular security audits and vulnerability assessments
  • Data is hosted on SOC 2 Type II certified infrastructure

5. Data Retention

We retain adverse event report data according to FDA regulations:

  • Cosmetics reports: 6 years (3 years for small businesses)
  • Draft reports: 30 days after last activity
  • Account information: Until account deletion

You may configure custom retention periods in your account settings, provided they meet FDA minimum requirements.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

FDA and Regulatory Agencies

Adverse event reports may be submitted to the FDA or other regulatory agencies as required by law.

Service Providers

We use third-party service providers who need access to your information to perform services on our behalf:

  • Supabase (database and storage hosting)
  • Vercel (application hosting)
  • Stripe (payment processing)
  • Resend (email delivery)

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information (subject to legal retention requirements)
  • Portability: Request transfer of your data to another service
  • Objection: Object to certain processing of your information

To exercise these rights, contact us at privacy@adverseeventreporter.com

8. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. You can control cookies through your browser settings.

9. HIPAA Compliance

While adverse event reports may contain protected health information (PHI), consumers submitting reports are generally not covered entities under HIPAA. However, we implement HIPAA-level security practices to protect all health information.

10. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. The "Last updated" date at the top indicates when this policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@adverseeventreporter.com
Address: [Company Address]

← Back to Home