INDBridge · Q BRIDGE AI
The AI-first platform for FDA IND submissions — drugs & biologics, CDER + CBER. Specialist Claude agents draft CMC, nonclinical, clinical, and eCTD modules; named regulatory leads e-sign at nine human gates; a tamper-evident hash-chained audit records every action. Built for 21 CFR Part 11. Validated to GAMP-5 Category 5.
Inside the platform
INDBridge replaces the traditional first-IND consulting engagement. 14 specialist Claude agents draft CMC, nonclinical, clinical, and eCTD modules in parallel — built day-one for the 2024–2026 FDA mandate wave (DEPICT, Optimus, iPSP, ICH M11, AI/ML PCCP, RACE Act), with 7-day SUSAR and 15-day serious-unexpected reporting per 21 CFR 312.32.
Drug candidate data (small molecule, biologic, gene therapy, cell therapy) classified by intended route and indication. The Pre-IND Meeting agent drafts the FDA Q-list and assembles the briefing package. CBER vs CDER routing is locked at Gate 1.
CMC agents draft drug substance + drug product modules per ICH Q1–Q13: specification, manufacturing process, batch analysis, stability, container closure. ICH Q5A–Q5E for biologics. CMC SME countersigns.
Pharmacology, ADME, and toxicology drafts. iPSP per FDASIA §505B. Carcinogenicity, repro-tox, and genotoxicity per ICH M3(R2) / S-series. Nonclinical Lead approves.
Machine-readable ICH M11 protocol authoring. DEPICT (FDORA §3601) Diversity Action Plan for Phase 3. Project Optimus dose optimization for oncology. Decentralized-trial elements and RACE Act pediatric oncology assessment.
The IB is drafted from CMC + nonclinical + clinical. FDA Forms 1571, 1572, 3674, 3454/3455, 3500A, and 356h are filled via pikepdf AcroForm and packaged into the eCTD.
A 30-rule Refuse-to-File analyzer runs pre-submission. The eCTD package is validated against FDA technical conformance, then submitted via FDA ESG (AS2 + S/MIME envelope + WebTrader receipt poll).
The 30-day review clock is tracked from the ESG MDN receipt, with clinical-hold cliff alerting and CEO escalation. Annual Reports (312.33), Protocol Amendments (312.30), and IND Safety Reports (312.32 — 7-day SUSAR + 15-day serious-unexpected) all live in the same audit chain.
The platform
Every artifact is drafted by a specialist agent, grounded in live FDA/ICH sources, signed by a named human, and recorded in a tamper-evident audit chain. Nothing reaches the FDA without a signed Gate-9 release.
9-Gate human-in-the-loop
Each gate is a signed PDF manifest binding the signer + timestamp + artifact hash + intent string. WebAuthn 2FA is mandatory on every signature, replay-bound to the artifact reviewed per 21 CFR Part 11 §11.200(a). Sign-offs are immutable in the hash-chained audit ledger.
Source-of-truth doctrine
ICH guidance citations, ClinicalTrials.gov NCT numbers, IND numbers, and consensus-standard references are looked up against live FDA / ICH sources at submission time. The query, the result hash, and the snapshot are logged. An agent that can't ground a claim refuses to emit it.
Mock-FDA fixture
A mock FDA ESG gateway (AS2 + WebTrader) emulates the FDA's response surface — Acknowledgement Letter, Clinical Hold Letter, MDN receipt. Your sponsor's first real submission is their second; the first is the rehearsal.
Clocks & safety reporting
The 30-day FDA review clock is tracked from the ESG MDN receipt, with clinical-hold cliff alerting at T-60/30/14/7/3/1 and CEO escalation. 7-day SUSAR + 15-day serious-unexpected reporting per 21 CFR 312.32 and annual reports per 312.33 — all in the same audit chain.
Security & privacy
Personal data, patient data, and regulatory artifacts share a tenant boundary and an audit boundary. Nothing crosses it without a signed record. Current production stack: Vercel + Fly + Supabase (all SOC 2 Type II); AWS healthcare-grade migration is committed for the first 30 days of Customer-1 implementation.
Hosting · current state + AWS roadmap
Production today runs on three SOC 2 Type II sub-processors: Vercel (web edge), Fly.io (FastAPI + agents), and Supabase Pro (Postgres with Row-Level Security on every tenant table). At Customer-1 signing the platform migrates to AWS healthcare-grade (Days 1–30): Aurora PostgreSQL Multi-AZ, ECS Fargate, S3 with KMS CMKs + Object Lock Compliance mode, AWS Shield Advanced, AWS Audit Manager. AWS BAA executed at the Day 30 milestone.
Identity
Login is bearer-JWT with a mandatory FIDO2/WebAuthn second factor when enrolled. Every Gate signature additionally requires the e-signature PIN and a fresh WebAuthn assertion bound to the artifact hash — replay-resistant per 21 CFR Part 11 §11.200(a). Per-tenant SSO via SAML/OIDC.
Data protection
AES-256 at rest, TLS 1.3 in transit, per-tenant Row-Level Security at the database tier. Per-sponsor S/MIME certs for FDA ESG live in a managed secrets store. No customer data is used to train models.
Personal data
Personal and patient identifiers are scoped to the records that require them, with retention boundaries and deletion paths. Data Subject Access Requests are first-class operations. Sub-processors documented per region. HIPAA BAA scope covers the customer and all clinical-trial data.
Audit & forensics
Every action appends to a SHA-256 hash-chained ledger anchored to a genesis event. AWS S3 Object Lock in Compliance mode strengthens 21 CFR Part 11 §11.10(e). A standalone verifier walks the chain on demand.
Operations
Sentry error reporting, OpenTelemetry traces, and structured logs retained per policy. RPO 0 / RTO 60s on Aurora Multi-AZ. Quarterly DR tabletop. Access reviews on a fixed cadence.
See it for yourself
Sign in to the live platform, or have our team walk you through it on your sponsor pipeline and compliance footprint. White-label agreements for regulatory consulting firms.
Contact
Whether you're running your first IND or your fortieth — Vamsy will walk you through the live platform on your sponsor base, engagement volume, and compliance footprint. White-label agreements sign in 21 days.
Tell us a little about your firm and we'll be in touch within one business day.