simrogateBack to Home

Privacy Policy

Effective Date: April 3, 2026

Last Updated: April 3, 2026

1. Introduction

This Privacy Policy ("Policy") describes how Aurigate Technologies Inc., operating as Simrogate ("Simrogate," "we," "us," or "our"), collects, uses, discloses, and otherwise processes personal information in connection with our website located at simrogate.com (the "Website"), our AI-powered lot release compliance platform (the "Platform"), and all related services, tools, and applications (collectively, the "Services").

Simrogate provides an intelligent lot release compliance platform designed for FDA-regulated manufacturers, including pharmaceutical, biotechnology, medical device, and dietary supplement companies. Our Services facilitate automated rules evaluation, supplier quality management, certificate of analysis processing, and regulatory compliance workflows.

This Policy applies to all individuals who access or use our Services, including visitors to our Website, prospective customers, registered users, and authorized personnel of our customer organizations. By accessing or using our Services, you acknowledge that you have read and understood this Policy.

IF YOU DO NOT AGREE WITH THE PRACTICES DESCRIBED IN THIS POLICY, YOU SHOULD NOT ACCESS OR USE OUR SERVICES.

2. Definitions

For purposes of this Policy, the following terms shall have the meanings set forth below:

  • 2.1 "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, IP addresses, device identifiers, and any other information defined as "personal data," "personal information," or equivalent terminology under applicable data protection laws.
  • 2.2 "Customer Data" means any data, including Personal Data, that is submitted, uploaded, or otherwise transmitted to the Platform by or on behalf of a customer in connection with the customer's use of the Services. Customer Data includes, without limitation, lot release records, certificates of analysis, quality control data, supplier information, and batch manufacturing records.
  • 2.3 "Service Data" means data collected or generated through the operation of the Services, including usage analytics, log data, performance metrics, and aggregated or de-identified data derived from Customer Data.
  • 2.4 "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
  • 2.5 "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
  • 2.6 "Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.

3. Our Role: Controller and Processor

Simrogate operates in dual capacities with respect to Personal Data:

3.1 Simrogate as Controller

Simrogate acts as the Controller for Personal Data that we collect directly from visitors to our Website, prospective customers, marketing contacts, and users who create accounts on our Platform. This includes information collected through contact forms, demo requests, event registrations, newsletter subscriptions, and account registration processes.

3.2 Simrogate as Processor

When our customers upload or transmit Customer Data to the Platform -- including lot release records, certificates of analysis, quality control data, batch manufacturing records, and related documentation -- Simrogate acts as a Processor on behalf of the customer (who is the Controller). In such cases, our Processing of Customer Data is governed by the terms of our Data Processing Agreement ("DPA") with the applicable customer, and the customer's own privacy policy governs the relationship between the customer and its personnel whose Personal Data may be contained within Customer Data.

Customers are responsible for ensuring that they have obtained all necessary consents and authorizations, and have provided all required notices, prior to submitting Personal Data to the Platform.

4. Information We Collect

4.1 Information You Provide to Us

We collect Personal Data that you voluntarily provide when you interact with our Services, including:

  • Account Registration: Name, email address, job title, company name, phone number, and password when you create an account on our Platform.
  • Contact and Inquiry Forms: Name, email address, company name, job title, phone number, and the content of your message when you submit a contact form, request a demo, or inquire about our Services.
  • Customer Support: Information you provide when you contact our support team, including the content of support tickets, chat transcripts, and email correspondence.
  • Billing and Payment: Billing name, billing address, and payment method details. Note that payment card information is processed directly by our third-party payment processor and is not stored on our systems.
  • Event Participation: Information you provide when registering for webinars, conferences, or other events hosted or sponsored by Simrogate.
  • Customer Data: Data uploaded to the Platform by authorized users, which may include lot release records, certificates of analysis, laboratory results, supplier quality information, batch records, and other compliance-related documentation.

4.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

  • Log Data: Internet Protocol (IP) address, browser type and version, operating system, referring URLs, pages visited, date and time of access, and clickstream data.
  • Device Information: Device type, unique device identifiers, screen resolution, language preferences, and time zone.
  • Usage Analytics: Feature usage patterns, session duration, interaction data, navigation paths, and search queries within the Platform.
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, pixel tags, and similar tracking technologies, as further described in Section 8 of this Policy.

4.3 Information from Third Parties

We may receive Personal Data about you from third-party sources, including:

  • Business Partners: Referral partners, resellers, and integration partners who refer you to our Services.
  • Public Sources: Publicly available professional profiles, company websites, and regulatory databases.
  • Single Sign-On Providers: If you choose to authenticate using a third-party identity provider (e.g., Microsoft Entra ID, Okta), we may receive your name, email address, and profile information from such provider.

5. How We Use Your Information

We process Personal Data for the following purposes, relying on the corresponding lawful bases where applicable under the General Data Protection Regulation ("GDPR") or equivalent legislation:

  • 5.1 Service Delivery and Performance
    To provide, operate, maintain, and improve the Services, including processing lot release workflows, generating compliance reports, and facilitating supplier quality management.
    Lawful Basis: Performance of a contract; Legitimate interests.
  • 5.2 Account Administration
    To create and manage your account, authenticate your identity, and provide technical support.
    Lawful Basis: Performance of a contract.
  • 5.3 Communication
    To send transactional communications (e.g., account confirmations, lot release notifications, security alerts) and, where you have opted in, marketing communications about our products, services, and industry events.
    Lawful Basis: Performance of a contract; Consent; Legitimate interests.
  • 5.4 Analytics and Product Improvement
    To analyze usage patterns, diagnose technical issues, measure the effectiveness of our Services, and develop new features and functionality.
    Lawful Basis: Legitimate interests.
  • 5.5 Security and Fraud Prevention
    To detect, investigate, and prevent unauthorized access, security incidents, fraud, and other malicious activity, and to maintain the integrity and availability of our Services.
    Lawful Basis: Legitimate interests; Legal obligation.
  • 5.6 Legal and Regulatory Compliance
    To comply with applicable laws, regulations, legal processes, or governmental requests, including FDA regulations, Health Canada requirements, and other regulatory obligations applicable to our customers.
    Lawful Basis: Legal obligation.
  • 5.7 Artificial Intelligence and Machine Learning
    To train, validate, and improve our AI models used for automated rules evaluation, predictive analytics, anomaly detection, and compliance recommendations. We use only de-identified and aggregated Service Data for model training purposes. We do NOT use identifiable Customer Data to train general-purpose AI models without explicit written consent.
    Lawful Basis: Legitimate interests; Consent (where applicable).

6. How We Share Your Information

We do not sell your Personal Data. We have not sold Personal Data in the preceding twelve (12) months and have no plans to do so.

We may share your Personal Data in the following circumstances:

  • 6.1 Sub-Processors and Service Providers
    We engage third-party service providers ("Sub-Processors") who process Personal Data on our behalf to support the delivery of our Services. These Sub-Processors are contractually obligated to process Personal Data only as instructed by us, to maintain appropriate security measures, and to comply with applicable data protection laws. Categories of Sub-Processors include cloud infrastructure providers, email delivery services, payment processors, analytics platforms, and customer support tools. A current list of Sub-Processors is available upon request.
  • 6.2 Professional Advisors
    We may share Personal Data with our legal counsel, auditors, accountants, and other professional advisors in connection with the services they provide to us.
  • 6.3 Legal Requirements
    We may disclose Personal Data if required to do so by law or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or regulatory inquiry; (b) protect and defend the rights or property of Simrogate; (c) prevent or investigate possible wrongdoing in connection with the Services; or (d) protect the personal safety of users of the Services or the public.
  • 6.4 Corporate Transactions
    In the event of a merger, acquisition, reorganization, bankruptcy, or other similar transaction, your Personal Data may be transferred to the acquiring entity or successor organization. We will provide notice of any such transfer and any choices you may have regarding your Personal Data.
  • 6.5 With Your Consent
    We may share your Personal Data with third parties when you have provided your explicit consent to do so.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your interactions with our Services. Cookies are small data files stored on your device that help us improve our Services and your experience.

7.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the operation of our Services, including authentication, session management, and security features. These cookies cannot be disabled.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
  • Analytics Cookies: Help us understand how visitors interact with our Website and Platform by collecting and reporting information anonymously.
  • Marketing Cookies: Used to track visitors across websites to display relevant advertisements. We use these only with your consent where required by applicable law.

7.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

8. International Data Transfers

Simrogate is headquartered in Toronto, Ontario, Canada. Your Personal Data may be transferred to, stored in, and processed in Canada and other jurisdictions where our Sub-Processors operate, which may include the United States and the European Economic Area ("EEA").

Where Personal Data is transferred from the EEA, the United Kingdom, or Switzerland to a jurisdiction that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, including:

  • European Commission Standard Contractual Clauses ("SCCs") approved pursuant to Commission Implementing Decision (EU) 2021/914;
  • UK International Data Transfer Addendum to the EU SCCs, as issued by the UK Information Commissioner's Office;
  • Binding Corporate Rules, where applicable; and
  • Any other transfer mechanisms recognized under applicable data protection laws.

Canada has received an adequacy decision from the European Commission for transfers of personal data from the EEA under the Personal Information Protection and Electronic Documents Act ("PIPEDA"). Where Personal Data is processed within Canada, such transfer is supported by this adequacy finding.

9. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, unless a longer retention period is required or permitted by law.

  • 9.1 Customer Data: We retain Customer Data for the duration of the applicable subscription agreement. Upon termination or expiration of the subscription, Customer Data will be retained for a period of ninety (90) days to facilitate data export and transition. After this 90-day post-termination period, Customer Data will be securely deleted or de-identified, unless retention is required by applicable law or regulation.
  • 9.2 Account Data: We retain account information for as long as your account remains active and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.
  • 9.3 Marketing Data: We retain marketing contact information until you opt out of marketing communications or request deletion. Upon opt-out, we will retain only the minimum information necessary to honor your preference (e.g., email address on a suppression list).
  • 9.4 Log and Analytics Data: We retain log data and usage analytics for a period of up to twenty-four (24) months from the date of collection, after which such data is aggregated or deleted.
  • 9.5 Audit Logs: In compliance with FDA 21 CFR Part 11 and related regulatory requirements, electronic records and audit trails associated with lot release decisions and quality events may be retained for longer periods as required by applicable regulations.

10. Data Security

Simrogate implements and maintains comprehensive administrative, technical, and physical security measures designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • Encryption at Rest: All Customer Data and Personal Data stored within our systems is encrypted using AES-256 encryption.
  • Encryption in Transit: All data transmitted between your device and our Services is encrypted using TLS 1.2 or higher.
  • Access Controls: Role-based access controls (RBAC) ensure that only authorized personnel can access Personal Data, with access limited to what is necessary for the performance of their duties.
  • Audit Logging: Comprehensive audit logging of all access to and modifications of Customer Data, in compliance with FDA 21 CFR Part 11 requirements for electronic records and electronic signatures.
  • SOC 2 Compliance: Our security controls are designed in alignment with the AICPA SOC 2 Type II framework, covering security, availability, processing integrity, confidentiality, and privacy trust service criteria.
  • Infrastructure Security: Our Platform is hosted on enterprise-grade cloud infrastructure with built-in redundancy, disaster recovery, and 24/7 monitoring.
  • Incident Response: We maintain a documented security incident response plan and will notify affected customers and relevant supervisory authorities of any data breach in accordance with applicable law.

NOTWITHSTANDING THE FOREGOING, NO METHOD OF TRANSMISSION OVER THE INTERNET AND NO METHOD OF ELECTRONIC STORAGE IS COMPLETELY SECURE. WHILE WE STRIVE TO USE COMMERCIALLY REASONABLE MEANS TO PROTECT YOUR PERSONAL DATA, WE CANNOT GUARANTEE ITS ABSOLUTE SECURITY.

11. Your Rights

Depending on your jurisdiction, you may have certain rights with respect to your Personal Data, as described below. To exercise any of these rights, please contact us using the information provided in Section 14.

11.1 Rights Under the General Data Protection Regulation (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR (or equivalent local legislation):

  • Right of Access: The right to obtain confirmation as to whether your Personal Data is being processed and, if so, to access such data and receive a copy thereof.
  • Right to Rectification: The right to request the correction of inaccurate Personal Data and the completion of incomplete Personal Data.
  • Right to Erasure: The right to request the deletion of your Personal Data where there is no compelling reason for its continued processing, subject to applicable legal retention requirements.
  • Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object: The right to object to the processing of your Personal Data on grounds relating to your particular situation, including processing based on legitimate interests or for direct marketing purposes.
  • Right to Restriction of Processing: The right to request the restriction of processing of your Personal Data in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on your consent, the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.
  • Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

11.2 Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: The right to request disclosure of the categories and specific pieces of Personal Data we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share your Personal Data.
  • Right to Delete: The right to request the deletion of your Personal Data, subject to certain exceptions.
  • Right to Correct: The right to request the correction of inaccurate Personal Data.
  • Right to Opt-Out of Sale or Sharing: The right to opt out of the sale or sharing of your Personal Data. As stated in Section 6, we do not sell your Personal Data.
  • Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising any of your CCPA/CPRA rights.

11.3 Rights Under the Personal Information Protection and Electronic Documents Act (PIPEDA)

If you are located in Canada, you have the following rights under PIPEDA and applicable provincial privacy legislation:

  • Right of Access: The right to request access to your Personal Data held by Simrogate and to be informed of its use and disclosure.
  • Right to Correction: The right to challenge the accuracy and completeness of your Personal Data and to have it amended as appropriate.
  • Right to Withdraw Consent: The right to withdraw your consent to the collection, use, or disclosure of your Personal Data, subject to legal or contractual restrictions and reasonable notice.
  • Right to Complain: The right to file a complaint with the Office of the Privacy Commissioner of Canada regarding our handling of your Personal Data.

11.4 Exercising Your Rights

We will respond to all verified requests within the timeframes required by applicable law. To verify your identity, we may ask you to provide information that matches our existing records. If you are an authorized agent submitting a request on behalf of a consumer, we may require proof of authorization. We will not charge a fee for processing your request unless the request is manifestly unfounded or excessive.

12. Children's Privacy

Our Services are not directed to individuals under the age of sixteen (16) and are designed for use by businesses and professionals in the life sciences and manufacturing industries. We do not knowingly collect Personal Data from children under the age of 16. If we become aware that we have inadvertently collected Personal Data from a child under 16, we will take reasonable steps to delete such data promptly. If you believe that we have collected Personal Data from a child under 16, please contact us immediately using the information provided in Section 14.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes to this Policy:

  • For material changes, we will provide at least thirty (30) days' prior notice by posting the updated Policy on our Website and, where appropriate, by sending an email notification to the email address associated with your account.
  • For non-material changes, we will post the updated Policy on our Website and update the "Last Updated" date at the top of this page.

Your continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the revised terms. We encourage you to review this Policy periodically to stay informed about how we protect your Personal Data.

14. Contact Information

If you have any questions, concerns, or requests regarding this Policy or our data practices, please contact us at:

Aurigate Technologies Inc. (d/b/a Simrogate)

Attn: Privacy Office

Toronto, Ontario, Canada

Email: privacy@simrogate.com

For requests related to Customer Data processed on behalf of our customers, please contact the relevant customer organization directly, as they are the Controller of such data.

15. Governing Law

This Policy and any disputes arising out of or relating to this Policy shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to conflict of law principles. Any legal action or proceeding relating to this Policy shall be brought exclusively in the courts of competent jurisdiction located in Toronto, Ontario, Canada.