Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect personal information that you provide directly to us, including:

• Name and contact information (email address, institutional affiliation)
• Professional information (research institution, academic position, field of study)
• Account credentials (username and encrypted password)
• Student verification information (educational email address for discount eligibility)
• Payment information (processed securely through Stripe - we never store full credit card details)
• Communications and correspondence with our support team

1.2 Research and Technical Data

When you use our protein structure prediction services, we collect:

• Protein sequences submitted for analysis
• Job parameters and configuration settings
• Prediction results and structural data
• Usage patterns and service tier preferences
• Technical metadata (file formats, submission timestamps, processing times)

1.3 Automatically Collected Information

We automatically collect certain information when you visit our website:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, navigation patterns)
• Geographic location (country/region based on IP address)
• Cookies and similar tracking technologies (see Section 5)
• Performance and error logs for service improvement

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: Processing protein structure predictions using AlphaFold2 and AMBER refinement
• Account Management: Creating and maintaining your user account and preferences
• Payment Processing: Handling transactions and billing through our payment provider
• Customer Support: Responding to inquiries, troubleshooting issues, and providing technical assistance
• Service Improvement: Analyzing usage patterns to optimize performance and develop new features
• Communication: Sending job completion notifications, service updates, and important announcements
• Security: Protecting against fraud, unauthorized access, and system abuse
• Legal Compliance: Fulfilling legal obligations and enforcing our Terms of Service
• Research (Anonymized): Improving prediction algorithms using aggregated, de-identified data

3. Research Data Confidentiality

We understand the sensitive and proprietary nature of computational biology research. We are committed to maintaining the highest standards of confidentiality:

• Strict Confidentiality: All protein sequences and prediction results are treated as confidential research data
• No Data Sharing: We never sell, license, or share your sequences or results with third parties
• Limited Access: Only authorized personnel with legitimate operational needs can access job data
• Automatic Deletion: Input sequences are deleted immediately after processing; results are deleted after 90 days unless downloaded
• Anonymized Analytics: If we use data to improve algorithms, it is aggregated and completely anonymized
• Publication Rights: You retain full rights to publish and patent discoveries based on our predictions

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information or research data. We may share information only in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist in operating our business:

• Cloud Infrastructure: AWS/GCP for secure data centers in Florida
• Payment Processing: Stripe for secure transaction handling (PCI DSS compliant)
• Email Services: Resend for transactional notifications
• Analytics: Privacy-focused analytics tools for service improvement

All service providers are bound by strict confidentiality agreements and data processing addendums. They may only access data necessary to perform their specific functions.

4.2 Legal Requirements

We may disclose information when required by law or in response to:

• Court orders, subpoenas, or other legal processes
• Government or regulatory agency requests (including export control compliance)
• Situations where disclosure is necessary to protect rights, safety, or property
• Investigation of suspected fraud or Terms of Service violations

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. You will be notified of any such change in ownership or control.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption: TLS 1.3 for data in transit; AES-256 encryption for data at rest
• Secure Infrastructure: SOC 2 compliant data centers in Florida, USA
• Access Controls: Multi-factor authentication and role-based access restrictions
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Secure Coding: Regular security audits and penetration testing
• Vulnerability Management: Continuous monitoring and rapid patch deployment

5.2 Organizational Safeguards

• Employee security training and confidentiality agreements
• Principle of least privilege for data access
• Incident response procedures for potential breaches
• Regular backup and disaster recovery processes

5.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information or research data, we will notify you within 72 hours via email and provide details about the incident and remediation steps.

6. Data Retention

We retain your information for different periods depending on the type:

• Input Sequences: Deleted immediately after prediction processing completes
• Prediction Results: Stored for 90 days, then automatically deleted unless you download them
• Account Information: Retained while your account is active, plus 1 year after closure
• Payment Records: Retained for 7 years to comply with financial regulations
• Usage Logs: Retained for 1 year for security and performance analysis
• Support Communications: Retained for 3 years for quality assurance

You may request early deletion of your data at any time by contacting privacy@protogenbio.com. Some data may need to be retained longer to comply with legal obligations.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

7.1 Types of Cookies

• Essential Cookies: Required for website functionality, authentication, and security
• Analytics Cookies: Help us understand usage patterns and improve our services
• Preference Cookies: Remember your settings and display preferences
• Session Cookies: Maintain your login state and job submission progress

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may limit website functionality and prevent you from using our services. We do not use advertising or tracking cookies.

8. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information and research data
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Request deletion of your personal information and research data (subject to legal requirements)
• Portability: Receive your data in a structured, machine-readable format (JSON, CSV, PDB files)
• Opt-out: Unsubscribe from marketing communications (service notifications will continue)
• Restriction: Limit how we process your information
• Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at privacy@protogenbio.com or use the account settings dashboard. We will respond within 30 days.

9. International Data Transfers

Protogen Bio operates from Florida, USA. All data is processed and stored in secure data centers located in the United States. If you are accessing our services from outside the U.S., please be aware that:

• Your information will be transferred to and processed in the United States
• U.S. data protection laws may differ from those in your jurisdiction
• We implement appropriate safeguards to protect your data regardless of location
• By using our services, you consent to this international data transfer

For users in the European Economic Area (EEA), we comply with GDPR requirements through standard contractual clauses and ensure adequate data protection measures.

10. Compliance with Data Protection Regulations

We are committed to complying with applicable data protection laws:

• GDPR (EU): For European users, we comply with General Data Protection Regulation requirements
• CCPA (California): California residents have additional rights under the California Consumer Privacy Act
• HIPAA: While not a covered entity, we implement HIPAA-grade security for research data
• FERPA: Educational research data is handled with appropriate student privacy protections

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will promptly delete the information. Parents or guardians who believe we may have collected information from a child should contact us immediately.

12. Third-Party Links

Our website may contain links to third-party resources, publications, or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through:

• Email notification to your registered email address
• Prominent notice on our website
• In-app notification when you log in

The "Effective Date" at the top indicates when the policy was last revised. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

For EU users exercising GDPR rights, please clearly state "GDPR Request" in your email subject line. We will respond within the legally required timeframe.