top of page
Information We Collect
Information You Provide
Information Collected Automatically
Information from Third Parties
How We Use Information
How We Share Information
Service Providers and Subprocessors
Protected Health Information
Washington and Nevada Consumer Health Data
Other State Privacy Rights
Cookies and Similar Technologies
Data Retention
Data Security
Children
Geographic Scope
Third-Party Links
Changes to This Privacy Policy
Contact Us

Privacy Policy
Last updated: May 20th, 2026

This Privacy Policy describes how Provenance Insight ("Provenance Insight," "we," "us," or "our") collects, uses, shares, and protects information about you when you visit our websites at http://www.pitrials.com and any other websites or web-based applications that link to this Privacy Policy, and when you otherwise interact with us in connection with our consulting, advisory, research, analytical, and related professional services (collectively, the "Services").

By using the Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

This Privacy Policy should be read together with our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.


Important Limitations on Scope
This Privacy Policy does not apply to protected health information ("PHI") that we receive in our role as a business associate under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"). When we receive PHI under a written Business Associate Agreement ("BAA") with a covered entity or another business associate, that PHI is governed by the applicable BAA, the underlying engagement agreement, HIPAA, and other applicable federal and state health-information privacy laws — not by this Privacy Policy. The section titled Protected Health Information below describes how PHI is handled.

This Privacy Policy also does not apply to information governed by a separately executed engagement agreement, non-disclosure agreement, or other written contract between Provenance Insight and a client. Where such an agreement governs specific information you provide to us in the course of a consulting engagement, the terms of that agreement control with respect to that information.


Information We Collect
We collect information in three ways: information you provide directly, information collected automatically when you use the Services, and information we receive from third parties.


Information You Provide
You may provide information to us when you:

  • Contact us through a form, email link, or other communication channel on the Services;

  • Subscribe to communications or request information about our work;

  • Inquire about, negotiate, or enter into a consulting engagement;

  • Attend a meeting, webinar, conference, or other event we host or participate in;

  • Apply for a role, contractor position, or subject-matter expert engagement with us;

  • Submit Feedback as described in our Terms of Service; or

  • Otherwise communicate with us.


The information you provide may include your name, business affiliation and title, email address, phone number, mailing address, the contents of your communications, professional background and credentials (if you are an expert or applicant), and any other information you choose to share.


Information Collected Automatically
When you visit the Services, we and our service providers may automatically collect certain information about your device and your interactions with the Services, including:

  • IP address and approximate geographic location derived from it;

  • Browser type, operating system, device identifiers, and screen resolution;

  • Referring and exit pages, pages viewed, links clicked, and time spent on pages;

  • Date and time of access; and

  • Diagnostic and performance information.

We collect this information using cookies, pixel tags, server logs, and similar technologies provided by us and by third-party analytics and infrastructure providers (which currently may include Wix.com and similar services that host or support the Services).


Information from Third Parties
We may receive information about you from third parties, including:

  • Our clients, when they engage us and provide information about their personnel, advisors, or other contacts in connection with an engagement;

  • Subject-matter experts in our network who refer or introduce you to us;

  • Publicly available sources, such as professional and corporate websites, regulatory filings, and scientific publications, when conducting research relevant to an engagement; and

  • Service providers that help us operate the Services (for example, email and analytics providers).



How We Use Information
We use the information we collect to:

  • Operate, maintain, secure, and improve the Services;

  • Respond to your inquiries, fulfill your requests, and communicate with you;

  • Provide, evaluate, and improve our consulting and advisory services;

  • Conduct research relevant to client engagements (subject to confidentiality obligations in the applicable engagement agreement);

  • Send you administrative messages, updates, and information about our work, where permitted;

  • Recruit and evaluate candidates for employment, contractor positions, and subject-matter expert roles;

  • Detect, investigate, and prevent fraud, security incidents, and violations of our Terms of Service or applicable law;

  • Comply with legal obligations and respond to lawful requests from public authorities; and

  • Establish, exercise, or defend legal claims.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or targeted advertising, as those terms are defined under applicable state privacy laws.


How We Share Information
We share information in the following circumstances:

  • Service providers. We share information with vendors and contractors that perform services on our behalf, such as website hosting, email delivery, analytics, cybersecurity, and professional services (e.g., accounting and legal). These providers are permitted to use information only to perform services for us.

  • Subject-matter experts and subcontractors. We may share information with experts in our network or subcontractors engaged to support a client matter, subject to appropriate confidentiality obligations.

  • Clients. Where you interact with us in connection with a specific client engagement, we may share relevant information with that client as part of our deliverables, subject to the engagement agreement.

  • Business transfers. If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or other corporate transaction, information may be transferred to the counterparty or successor entity as part of that transaction.

  • Legal and protective disclosures. We may disclose information when we believe in good faith that disclosure is necessary to comply with applicable law or legal process, to enforce our Terms of Service or other agreements, to protect the rights, property, or safety of Provenance Insight or others, or to investigate fraud or security issues.

  • With your direction or consent. We may share information at your direction or with your consent.



Service Providers and Subprocessors
To operate the Services and run our business, we engage third-party vendors (each a "service provider" or "subprocessor") that may have access to information on our behalf. We require these vendors to use information only to provide services to us and to protect it consistent with applicable law.
The categories of service providers we use include:

  • Website hosting and infrastructure (e.g., the platform on which our website is hosted);

  • Email, calendar, file storage, and productivity tools used to operate our consulting practice;

  • Customer relationship management ("CRM") and contact management tools;

  • Analytics providers that help us understand website traffic and usage;

  • Cybersecurity and fraud-prevention services;

  • Communications and collaboration platforms (e.g., videoconferencing, secure messaging);

  • Professional advisors, including legal, accounting, and tax advisors; and

  • Subject-matter experts and subcontractors engaged to support specific client engagements, under appropriate confidentiality obligations.

We do not authorize our service providers to sell personal information or to use it for their own marketing or advertising purposes. When a service provider handles PHI on our behalf in connection with a BAA engagement, that service provider is engaged under appropriate written agreements (including, where required by HIPAA, subcontractor BAAs).


Protected Health Information
As described in our Terms of Service, certain engagements may involve our access to or review of PHI. In those engagements, we operate as a business associate under a written BAA executed before we receive PHI. Our use and disclosure of PHI is governed by:

  • The applicable BAA;

  • The underlying engagement agreement;

  • HIPAA and its implementing regulations; and

  • Any other applicable federal or state health-information privacy laws.

The Services are not a HIPAA-compliant channel for transmitting PHI. Do not submit PHI to us through this website, including through any contact form, general email link, or other public-facing channel, unless we have specifically directed you to a secure, authorized channel established under an executed BAA. If you inadvertently transmit PHI to us through an unauthorized channel, please contact us at the address below so that we can address the disclosure appropriately.


Washington and Nevada Consumer Health Data
This section provides disclosures required under the Washington My Health My Data Act, RCW 19.373 ("MHMDA"), and Nevada's consumer health data privacy law, Nev. Rev. Stat. ch. 603A (as amended by SB 370), and applies to Washington and Nevada consumers as defined under those laws.

We do not knowingly collect consumer health data from website visitors through the Services. The Services are an informational and business-development website for our consulting practice; they are not a patient-facing intake tool, symptom tracker, or health-data collection portal. We ask that you not submit health information about yourself or any identifiable individual through the Services.

To the extent we receive consumer health data in other contexts, the following disclosures apply:

  • Categories of consumer health data we may collect. In limited circumstances, in the course of a consulting engagement, we may receive consumer health data such as information related to a specific health condition, diagnosis, treatment, medical history, biometric measurement, or use of a healthcare service. Substantially all such data is received in our role as a business associate handling PHI under a BAA, and that data is exempt from MHMDA under RCW 19.373.060 because it is governed by HIPAA.

  • Sources. When we receive consumer health data outside the BAA/PHI context, we receive it from the consumer directly (for example, where the consumer voluntarily provides it in a communication to us) or from a client that has directed us to review the data as part of an engagement.

  • Purposes of collection and use. We use consumer health data solely for the purposes of the specific engagement under which it is received, including providing the deliverables requested by the client. We do not use consumer health data for marketing, advertising, profiling, or to train artificial intelligence or machine learning models.

  • Categories of consumer health data shared. We do not sell consumer health data. To the extent we share consumer health data, we share it only with: (a) the client that engaged us, as part of our deliverables under the engagement; (b) subcontractors, service providers, or subject-matter experts engaged to support that engagement, under appropriate confidentiality obligations; and (c) other parties as required by law or with the consumer's consent.

  • Categories of third parties with whom we may share. Clients (covered entities and other business associates), subject-matter experts, subcontractors, service providers supporting our operations (e.g., secure file storage and email), legal and professional advisors, and government authorities where legally required.


Your rights as a Washington or Nevada consumer. Subject to applicable exemptions, you have the right to:

  • Confirm whether we are collecting, sharing, or selling your consumer health data, and to access that data;

  • Withdraw consent from our collection or sharing of your consumer health data;

  • Request deletion of your consumer health data; and

  • Appeal a denial of any of the above requests (Washington residents).

To exercise these rights, contact us at the address listed under Contact Us below. We will respond within the timeframes required by applicable law. If we deny a Washington resident's request, that resident may appeal that decision by replying to our denial with a request for reconsideration; if the appeal is denied, the resident may submit a complaint to the Washington State Attorney General at www.atg.wa.gov/file-complaint. Nevada residents may submit complaints to the Nevada Attorney General.

We do not sell consumer health data. We have not sold consumer health data in the preceding twelve months and have no plans to do so.


Other State Privacy Rights
Depending on where you live, you may have additional rights with respect to personal information we hold about you under state consumer privacy laws, including those of California (California Consumer Privacy Act, as amended by the California Privacy Rights Act), Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia, among others. Depending on your state of residence, these rights may include the right to:

  • Confirm whether we process personal information about you and access that information;

  • Correct inaccurate personal information;

  • Request deletion of personal information;

  • Obtain a portable copy of personal information you have provided to us;

  • Opt out of the sale of personal information, targeted advertising, or certain profiling (we do not engage in any of these activities); and

  • Appeal a denial of any of the above requests.

To exercise these rights, contact us at the address listed under Contact Us. We may need to verify your identity before responding to your request, and certain exemptions may apply. You may also be entitled to designate an authorized agent to make a request on your behalf.


Cookies and Similar Technologies
We use cookies and similar technologies to operate the Services, remember your preferences, measure traffic and engagement, and improve performance. You can usually configure your browser to refuse cookies or to alert you when cookies are being sent; however, disabling cookies may affect the functionality of the Services.
Our website is hosted on Wix.com, and Wix uses certain cookies to support the operation of the site. For more information on Wix's use of cookies, please refer to Wix's cookie policy.
We do not respond to "Do Not Track" browser signals at this time. We honor Global Privacy Control ("GPC") signals where required by applicable law.


Data Retention
We retain information for as long as needed to fulfill the purposes for which we collected it, including for the duration of any client engagement and for a reasonable period thereafter, to comply with our legal, accounting, tax, and reporting obligations, to resolve disputes, and to enforce our agreements. When information is no longer needed for these purposes, we will delete or anonymize it.


Data Security
We use reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, alteration, and disclosure. No method of transmission over the internet or storage system is completely secure, however, and we cannot guarantee absolute security. You are responsible for protecting your account credentials and the security of your own devices and communications channels.


Children
The Services are not directed to children, and we do not knowingly collect personal information from minors.
Children under 13. The Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act ("COPPA"). If you are under 13, do not use or provide any information through the Services. If we learn that we have collected personal information from a child under 13, we will delete that information. If you believe a child under 13 has provided personal information to us, please contact us at the address below.
Individuals under 18. By accessing or using the Services, you represent that you are at least 18 years of age. If you are under 18 and lack sufficient authority to access or use the Services, please do not use them.


Geographic Scope
The Services are intended for use in the United States. If you access the Services from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. Information collected through the Services will be processed and stored in the United States, where data-protection laws may differ from those of your country of residence.
We do not knowingly collect personal information from individuals located in the European Economic Area, the United Kingdom, or other jurisdictions outside the United States. If you are located in such a jurisdiction and believe we hold personal information about you, please contact us.


Third-Party Links
The Services may contain links to third-party websites that are not operated or controlled by us. We are not responsible for the privacy practices of those websites, and this Privacy Policy does not apply to them. We encourage you to review the privacy policies of any third-party sites you visit.


Changes to This Privacy Policy
We may modify this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on the Services and updating the "Last updated" date above. If we have your email on file, we may also notify you by email. Your continued use of the Services after the updated Privacy Policy takes effect constitutes your acceptance of the changes.


Contact Us
If you have questions about this Privacy Policy, wish to exercise any of the rights described above, or want to report a privacy concern, please contact us at:
Provenance Insight Attn: Privacy Bainbridge Island, WA Email: [privacy@pitrials.com]

bottom of page