Terms & Privacy

This page explains how the ACS NSQIP-IBD Collaborative website (nsqipibd.org) handles information, what the site is and is not, and what rights you have if you visit from the European Union or European Economic Area.

This site is intended for clinicians, researchers, surgical-quality program staff, and members of the Collaborative. It is publicly accessible, but the audience and tone are professional rather than patient-facing.

Joint Data Controllers

The Collaborative is co-led by the institutions and individuals listed below. For matters relating to this website and any communications channel routed through nsqipibd.org, both controllers may be contacted.

"Joint controllers" means the two institutions/persons named above jointly determine the purposes and means of any personal data processing performed via this website. The Collaborative itself is not a separate legal entity.

Terms of Use

For research, education, and quality improvement only

The content on this site — including data summaries, benchmarking visualizations, publications, and any communication generated through the site — is provided for research, professional education, and surgical quality improvement purposes only. It is not medical advice and is not a substitute for clinical judgment, patient evaluation, or treatment decisions made by a qualified clinician. No content on this site should be used to diagnose, treat, or manage an individual patient.

AI-generated content

Portions of this website were created with the assistance of artificial intelligence, and any future communications routed through site addresses (e.g. ai@nsqipibd.org) may be drafted by AI before being reviewed and approved by a human administrator. AI output can contain errors, omissions, and outdated references. Always verify against primary sources before relying on any specific claim, statistic, or recommendation.

No warranty

Information on this site is provided as is, without warranty of any kind, express or implied, including warranties of accuracy, completeness, fitness for a particular purpose, or non-infringement. Site availability, dashboard data, and any communication services may change or be discontinued at any time.

Limitation of liability

To the fullest extent permitted by law, the joint controllers, their institutions, and the Collaborative are not liable for any direct, indirect, incidental, consequential, or punitive damages arising from your use of this site, the dashboard, or any communication channel associated with nsqipibd.org.

Jurisdiction

This site is operated from the United States. Any dispute arising from use of the site is governed by the laws of the State of Ohio (where Cleveland Clinic Foundation is headquartered) for matters relating to site infrastructure, and by the laws of the State of California (where UC San Diego is located) for matters relating to Collaborative governance, in each case without regard to conflict-of-laws principles.

Privacy Policy

What we do not collect

The public site at nsqipibd.org is built to minimize personal-data collection. Specifically:

• No cookies are set by this site. Your browser receives no first-party authentication, tracking, or advertising cookies from us.
• No third-party analytics — no Google Analytics, no Meta Pixel, no advertising trackers, no fingerprinting.
• No forms on the public site collect your name, email, institution, or other personal data.
• No registration is required to view any content on the public site.

The benchmarking dashboard (site access codes)

The benchmarking dashboard at nsqip_ibd_benchmarking_dashboard.html is gated by a 6-character site access code distributed to participating Collaborative sites. The access code is verified entirely in your browser by comparing a hash of the code against a built-in lookup table. Your access code is not transmitted to any server, not stored, not logged, and not associated with any identifier on our side. Once unlocked, the dashboard reveals your site-specific view of de-identified, aggregated benchmarking data; no individual-patient data is shown anywhere on the site.

Server logs

The site is hosted on Cloudflare Pages. Cloudflare retains short-term edge logs (request URL, IP address, user-agent) for security, fraud prevention, and platform reliability purposes. We do not query or analyze these logs except in response to a security incident. See Cloudflare's privacy policy for details.

Mailing list and communication channels

The mailing list operates as follows:

• Eligibility: Membership is restricted to clinicians, surgical-quality program staff, and researchers affiliated with one of the participating Collaborative sites or invited collaborators. The roster is maintained by the PI (Dr. Eisenstein).
• Data stored: Member name, institution/site, role, professional email address, status (active/pending/inactive), and the content of messages exchanged with the system. Data is held in a Cloudflare D1 database (nsqipibd-mail) located in the United States.
• AI drafting: Replies to member queries may be drafted by Anthropic's Claude language model. Every AI draft is queued for human review and explicit approval by an administrator before any outbound message is sent. Nothing auto-sends.
• PHI prohibition: Protected Health Information (PHI) must not be submitted to any address at nsqipibd.org. Inbound messages are scanned for common PHI patterns (names, dates of birth, MRNs, etc.); patterns identified are redacted before any content is shown to AI or human reviewers, and messages flagged as containing PHI are quarantined and may be deleted without reply.
• Outbound delivery: Approved replies are sent via Cloudflare's transactional mail infrastructure. We do not share member email addresses with third parties.
• Opt-out: Members may withdraw from the mailing list at any time by emailing the controllers above; their roster entry will be marked inactive and their email address will not receive further communication.
• Retention: Inbound message content is retained for up to 5 years (consistent with research-record retention norms) or until the member requests deletion, whichever is earlier. Roster metadata is retained while membership is active and for 12 months after withdrawal for audit purposes.

AI & PHI Policy

If you need to discuss a specific patient case for educational or quality-improvement purposes, do so only through the appropriate institutional channels at your home site (HIPAA-compliant secure messaging, IRB-approved research communications, etc.). This site is not a HIPAA-covered communication channel.

Your Rights Under GDPR (EU/EEA Visitors)

If you reside in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) grants you the following rights regarding any personal data we hold about you (which, for visitors to the public site, will typically be none beyond short-term Cloudflare edge logs):

• Right of access — obtain confirmation of what we hold and a copy
• Right to rectification — correct inaccurate personal data
• Right to erasure ("right to be forgotten") — request deletion of your data
• Right to restriction of processing — pause processing while a dispute is resolved
• Right to data portability — receive your data in a structured, commonly-used format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — as easily as it was given
• Right to lodge a complaint — with the supervisory authority in your EU/EEA member state

To exercise any of these rights, email the controllers above with the subject line "GDPR Request". We will respond within 30 days.

Legal basis for processing

• Public site visits: legitimate interest in operating a quality-improvement and educational research website (Article 6(1)(f)).
• Mailing-list membership: consent (Article 6(1)(a)) — members opt in by joining the Collaborative roster and may withdraw at any time.
• Security incident response: legal obligation and legitimate interest (Articles 6(1)(c) and 6(1)(f)).

International data transfer

Our infrastructure (Cloudflare Pages, Cloudflare D1, transactional email) is operated from the United States. If you access this site or send mail to an nsqipibd.org address from the EU/EEA, your data will be transferred to the US. Cloudflare participates in the EU-US Data Privacy Framework and provides GDPR-aligned Standard Contractual Clauses as the transfer safeguard.

Data Breach Notification

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (GDPR Articles 33 and 34). If the breach is likely to result in a high risk, we will also notify affected individuals directly via the email address on file. The internal procedure backing this 72-hour commitment is documented in an incident-response runbook maintained by the joint controllers.

Request Data Deletion

You may request deletion of any personal data we hold (mailing-list membership, message content, etc.) at any time:

We will confirm receipt within 7 days and complete deletion within 30 days, per GDPR Article 17. Some data may be retained longer if required for legal compliance, audit, or to defend against legal claims, in which case we will explain the basis at the time of your request.

Security Disclosure

If you discover a vulnerability in this site or its infrastructure, please report it via our security.txt contact (sholubar@gmail.com). We do not threaten or pursue legal action against good-faith security researchers who follow coordinated disclosure norms.

Contact

For questions about these terms, GDPR requests, deletion requests, or any other privacy matter, contact either of the joint controllers above. For Collaborative governance and PI-level questions, route to Dr. Eisenstein. For website infrastructure, mailing-list operations, or hosting questions, route to Dr. Holubar.