OverviewHow It WorksOur StoryContact
Request a Pilot
Contact Us
Request a Pilot
Request a Pilot

Privacy Policy

Effective Date: December 28, 2025

1. Introduction

Claryx Inc. (“Claryx,” “we,” “our,” or“us”) is a genomic biosurveillance company based in the United States thatprovides environmental infectious disease monitoring services for hospitals andother institutions.

We understand that you care about yourpersonal privacy interests, and we take that seriously. This Privacy Noticedescribes Claryx’s policies and practices regarding its collection and use ofyour personal data and sets forth your privacy rights. We recognize thatinformation privacy is an ongoing responsibility, and so we will occasionallyupdate this Privacy Notice as we undertake new personal data practices or adoptnew privacy policies.

2. Data Protection Officer

Claryx is headquartered in Long IslandCity, New York, United States. Claryx has appointed an internal data protectionofficer for you to contact if you have any questions or concerns about Claryx’spersonal data policies or practices. If you would like to exercise your privacyrights, please direct your query to Claryx’s data protection officer. Claryx’sdata protection officer’s name and contact information are as follows:

Data Protection Officer:

Dirk Hackenberger

Claryx Inc.
45-18 Court Square West, Floor 6
Long Island City, NY 11101

Email: support@claryx.com

Phone: +1 (917) 540-7477

3. How we collect and use (process) your personal information

Claryx collects personal informationabout its website visitors and customers. With a few exceptions, thisinformation is generally limited to:

  • name
  • job title
  • employer name
  • work address
  • work email
  • work phone number

We use this information to provideprospects and customers with services.

We do not sell personal information toanyone and only share it with third parties when required.

Claryx may also receive personalinformation about individuals from third parties. Typically, informationcollected from third parties will include further details on your employer orindustry. We may also collect your personal data from a third-party website(e.g. LinkedIn).

4. Protected Health Information (PHI)

Claryx’s services are designed forenvironmental and population-level infectious disease surveillance and are notintended to provide patient-specific diagnostic information. To the extent thatClaryx processes any data that constitutes Protected Health Information (“PHI”)under applicable U.S. health privacy laws, such processing occurs solely onbehalf of and under the direction of Claryx’s customers, pursuant to applicablecontractual agreements, including Business Associate Agreements where requiredby law. When Claryx processes PHI on behalf of healthcare providers, hospitals,or other regulated healthcare organizations, Claryx acts as a BusinessAssociate as defined under the Health Insurance Portability and AccountabilityAct of 1996 (“HIPAA”). In such cases, Claryx processes PHI only as permitted byapplicable Business Associate Agreements and in compliance with the HIPAAPrivacy Rule, Security Rule, and Breach Notification Rule (each as promulgatedby and set out in HIPAA), and as further amended and expanded by the HealthInformation Technology for Economic and Clinical Health Act (“HITECH”) and itsimplementing regulations.

Claryx does not use PHI for marketing,advertising, or any independent commercial purpose, and does not sell PHI. Claryxlimits the use, disclosure, and access to PHI to the minimum necessary toperform services for its customers and to comply with applicable legal andcontractual requirements. Any use or disclosure of PHI is limited to providing,supporting, and securing the Claryx services in accordance with customerinstructions and applicable law. Uses or disclosures of PHI not otherwisepermitted under HIPAA, applicable law, or a valid Business Associate Agreementrequire a valid written authorization from the individual whose PHI is to beused or disclosed, consistent with the requirements of 45 CFR §164.508. Claryximplements administrative, technical, and physical safeguards designed toprotect the confidentiality, integrity, and availability of PHI consistent withthe requirements of the HIPAA Security Rule. These safeguards include accesscontrols, encryption where appropriate, workforce training, monitoring ofsystems for unauthorized access, and periodic risk assessments designed toidentify and mitigate security risks.

5. Security and Incident Response

Claryx maintains an information securityprogram designed to protect personal data and, where applicable, PHI processedon behalf of customers. This program includes administrative, technical, andphysical safeguards designed to protect data from unauthorized access, use,alteration, or disclosure. Claryx maintains procedures to detect, investigate,and respond to security incidents. In the event of a breach of unsecured PHI,Claryx will notify the applicable covered entity without unreasonable delay,and in no case later than sixty (60) calendar days following the discovery ofthe breach, and in accordance with the HIPAA Breach Notification Rule and theterms of applicable Business Associate Agreements.

6. Purpose of processing

Claryx processes personal data for thefollowing purposes:

  • Service delivery and support – to provide, operate, maintain, and support our services, including customer communications and account administration.
  • Security and compliance – to protect the security and integrity of our systems, prevent misuse, and comply with applicable legal obligations.
  • Service improvement and analytics – to analyze usage patterns, improve functionality, and develop new features using aggregated or de-identified data.
  • Research and benchmarking – to generate aggregated and de-identified insights that do not identify individuals or customers. Where PHI may be involved, Claryx applies de-identification or aggregation processes designed to remove personal identifiers consistent with applicable privacy laws, including HIPAA where applicable.
  • Business communications – to respond to inquiries and provide operational or informational updates related to our services.

Claryx does not use personal data for targeted advertising.

7. Use of the claryx.com website

As is true of most other websites, Claryx’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the  internet, browser type, operating system and other usage information about the use of Claryx’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Claryx has a legitimate interest in understanding how members, customers and potential customers use its website. This understanding assists Claryx with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.

8. Cookies and tracking technologies

Claryx uses cookies and similar technologies on its website to enable core site functionality, improve performance, and understand user engagement. These cookies may collect limited technical information such as IP address, browser type, and session duration.

You can adjust your browser settings to refuse cookies or to alert you when cookies are being used. Please note that some website features may not function properly without cookies.

Claryx does not currently use cookies for targeted advertising or sell cookie-derived data to third parties.

9. When and how we share information with third parties

The personal information Claryx collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, Claryx engages third parties to send information to you, including information about our products, services, and events.

A list of our third-party subprocessors currently includes:

  • Microsoft Azure – Cloud hosting, data storage, and compute infrastructure (U.S.)
  • Google Workspace – Corporate email and file storage limited to administrative contact information (U.S.)
  • AWS S3 – Secure data backup and redundancy (U.S.)

These sub processors only access data as necessary to provide contracted services and are bound by confidentiality and data-processing agreements with Claryx. Where subcontractors or service providers may have access to PHI, Claryx requires such subcontractors to enter into appropriate contractual agreements, including Business Associate Agreements where required, and to implement safeguards designed to protect such information in accordance with applicable privacy and security laws.

We do not otherwise reveal your personal data to non-Claryx persons or businesses for their independent use unless: (1)you request or authorize it; (2) it is in connection with Claryx-hosted or Claryx co-sponsored conferences or events, solely for purposes of event registration, attendance management, speaker or sponsor coordination, and event-related communications; (3) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. We may also gather aggregated data about our services and website visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes.

The Claryx website connects with third party services such as Facebook, LinkedIn, X (formerly Twitter), and others. If you choose to share information from the Claryx website through these services,you should review the privacy policy of that service. If you are a member of a third-party service, the aforementioned connections may allow that service to connect your visit to our site to your personal data.

10. Transferring personal data to the U.S.

Claryx operates solely in the United States and does not market its services directly to individuals in the European Union or United Kingdom. Information we collect through our website or services is processed exclusively in the United States in accordance with this Privacy Statement. Claryx applies commercially reasonable safeguards to protect such data consistent with applicable U.S. privacy and security laws. Where PHI is processed, Claryx implements safeguards consistent with the requirements of the HIPAA Security Rule and processes such information only as permitted under applicable Business Associate Agreements with its customers.

Where required by law or contract, Claryx may enter into data-processing agreements with its vendors or customers to ensure appropriate protections for any personal data processed on their behalf

Depending on the circumstance, Claryx also collects and transfers to the U.S. personal data with consent; to perform a contract with you; or to fulfill a compelling legitimate interest of Claryx in a manner that does not outweigh your rights and freedoms. Claryx endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Claryx and the practices described in this Privacy Statement. Claryx also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate.

11. Data Subject rights

Claryx is a U.S.-based company and doe snot intentionally offer services to, or monitor the behavior of, individuals in the European Union or United Kingdom. However, where required by applicable law, including the EU General Data Protection Regulation (GDPR), individuals may have certain data protection rights as described below. Rights available under applicable law may include:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right of data portability
  • Right to object
  • Rights related to automated decision-making including profiling

These rights apply only to the extent required under applicable law based on the individual’s location and Claryx’s legal obligations. Claryx does not provide services directed at individuals inthe EU and this Privacy Notice is intended to provide you with information about what personal data Claryx collects about you and how it is used.

If you wish to confirm that Claryx is processing your personal data, or to have access to the personal data Claryx may have about you, please contact us. If your request relates to PHI maintained by a healthcare provider or other covered entity that uses Claryx services, such requests should be directed to the applicable healthcare provider or covered entity. Claryx will support its customers in fulfilling such requests as required under applicable law and contractual obligations. To the extent Claryx processes PHI as a Business Associate on behalf of a covered entity, individuals may also have the following rights under HIPAA with respect to that PHI, which must be exercised through the applicable covered entity:

  1. the right to access and obtain a copy of PHI
  2. the right to request an amendment to PHI
  3. the right to an accounting of certain  disclosures of PHI
  4. the right to request restrictions onuses and disclosures of PHI
  5. the right to request confidential communications of PHI by alternative means or at alternative locations.

Claryx does not retaliate against any individual for exercising rights under HIPAA, filing a complaint with HHS (as defined below), participating in an investigation, or opposing any practice that the individual believes in good faith violates HIPAA.

You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Claryx might have received the data from Claryx; what the source of the information was (if you didn’t provide it directly to Claryx); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Claryx if it is inaccurate. You may request that Claryx erase that data or cease processing it, subject to certain exceptions. You may also request that Claryx cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Claryx processes your personal data. When technically feasible, Claryx will—at your request—provide your personal data to you.

Reasonable access to your personal data will be provided at no cost. If access cannot be provided within a reasonable time frame, Claryx will provide you with a date when the information will be provided. If for some reason access is denied, Claryx will provide an explanation as to why access has been denied.

For questions or complaints concerning the processing of your personal data, you can email us at support@claryx.com.Alternatively, if you are located in the European Union, you can also have recourse to the European Data Protection Supervisor or with your nation’s data protection authority. These rights apply only where required under applicable law.

12. Data storage and retention

Your personal data is stored by the Claryx on its servers, and on the servers of the cloud-based database management services the Claryx engages, located in the United States. Claryx retains service data for the duration of the customer’s business relationship with Claryx and for a period of time thereafter, to analyze the data for Claryx’s own operations, and for historical and archiving purposes associated with Claryx’s services. Claryx retains prospect data until such time as it no longer has business value and is purged from Claryx systems. All personal data that Claryx controls may be deleted upon verified request from Data Subjects or their authorized agents. PHI processed on behalf of customers is retained only for the duration necessary to provide contracted services and to comply with legal or contractual obligations. Upon termination of services, such information may be returned to the customer or securely destroyed in accordance with the terms of applicable Business Associate Agreements and applicable law. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at: support@claryx.com.

13. Children’s privacy

We do not seek or knowingly collect any Personal Information about children under 13 years of age. If we become awarethat we have unknowingly collected Personal Information from a child under 13years of age, we will make commercially reasonable efforts to delete suchinformation from our database.

If you are the parent or guardian of a child under 13 years of age who has provided us with Personal Information, you may contact us to request it be deleted.

14. Changes to this Privacy Notice

Claryx may update this Privacy Notice from time to time to reflect changes in our practices, technologies, or legal requirements. When updates are made, the “Effective Date” at the top of this Privacy Notice will be revised accordingly. We encourage you to review this Privacy Notice periodically.

15. Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

Claryx Inc.

Attn: Data Protection Officer
45-18 Court Square West, Floor 6
Long Island City, NY 11101

Email:support@claryx.com

Phone: +1 (917)540-7477

If you believe that your privacy right sunder HIPAA have been violated, you have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil (“HHS”).Complaints may be submitted to HHS by mail, fax, or electronically through the HHS Health Information Privacy Complaint Portal, available at:https://www.hhs.gov/ocr/privacy/hipaa/complaints. You may also file a complaint directly with Claryx by contacting the Data Protection Officer at the address listed in Section 2 of this Privacy Notice. Claryx will not retaliate against you for filing a complaint with HHS or with Claryx. All complaints will be investigated promptly and in good faith.

Table of contents

Heading 2
Talk to us:
work@claryx.com

Claryx Updates

We respect your inbox and privacy
Subscribed successfully. Thank you!
Something went wrong. Please try again
Pages
OverviewHow It WorksAboutContact UsBlog
© Claryx 2026, All Rights Reserved
Privacy PolicyTerms of Service

Claryx provides environmental and genomic surveillance to support hospital infection prevention programs. Claryx is not a diagnostic device, and its outputs are not intended for the diagnosis, treatment, or management of individual patients. Clinical decisions remain with the treating care team.
Claryx Inc. is a Delaware corporation headquartered in New York, NY.
Sources:
1. Centers for Disease Control and Prevention. About healthcare-associated infections. Accessed July 16, 2026. https://www.cdc.gov/healthcare-associated-infections/about/index.html
2. Stewart S, Robertson C, Pan J, Kennedy S, Haahr L, Manoukian S, et al. Impact of healthcare-associated infection on length of stay. J Hosp Infect. 2021;114:23-31.
3. Sundermann AJ, Kumar P, Griffith MP, Waggle KD, Rangachar Srinivasa V, Raabe N, et al. Real-time genomic surveillance for enhanced healthcare outbreak detection and control: clinical and economic impact. Clin Infect Dis. 2026;82(1):134-141. doi:10.1093/cid/ciaf216
4. Illustrative model for a 526-bed academic medical center. Inputs and sources: bed count (526) — Definitive Healthcare, 2022; occupancy (80%) and average length of stay (6.2 days) — Association of American Medical Colleges (AAMC); expenses per adjusted inpatient day ($4,201, New York) — KFF; operating margin (2.1%) — Kaufman Hall; fixed-cost split (65%, midpoint) — Rhode Island Hospital global budget model.
5. Scott RD II. The Direct Medical Costs of Healthcare-Associated Infections in U.S. Hospitals and the Benefits of Prevention. Atlanta, GA: Centers for Disease Control and Prevention; 2009. https://stacks.cdc.gov/view/cdc/11550
6. HAIs (72,000): Centers for Disease Control and Prevention, HAI data. https://www.cdc.gov/healthcare-associated-infections/php/data/index.html · Breast cancer (42,140): American Cancer Society, Key Statistics for Breast Cancer.https://www.cancer.org/cancer/types/breast-cancer/key-statistics.html · Motor vehicle (36,640): National Highway Traffic Safety Administration, Traffic Deaths 2025 Early Estimates. https://www.nhtsa.gov/press-releases/traffic-deaths-2025-early-estimates-2024-annual