Privacy Policy

How we collect, use, and protect your data

Last updated: April 2026

This Privacy Policy explains how Paraclyst ("we", "us", or "our") collects, uses, and protects your personal data when you use our platform and website. We are the data controller for the personal data we process. Please read this carefully. If you have questions, contact us at privacy@paraclyst.com.

1. What data we collect

We collect only what is necessary to provide the service:

  • Name and email address when you create an account
  • Organisation name and your role within it
  • Lab data, experiment records, and research content you upload
  • Usage data (pages visited, features used) to improve the platform
  • Feedback submissions you choose to send us
  • Technical data such as browser type and IP address for security and error logging

We do not collect payment card details directly. Any billing is handled by our payment processor.

2. How we use your data

We use your data to:

  • Provide and operate the Paraclyst platform
  • Authenticate your identity and secure your account
  • Respond to support requests and feedback
  • Improve the platform based on usage patterns
  • Send you essential service communications (account changes, security alerts)
  • Comply with legal obligations

We do not use your data for advertising. We do not sell your data to any third party.

3. Lawful basis for processing (GDPR)

If you are located in the European Economic Area, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract — processing your account data and lab content is necessary to deliver the service you signed up for
  • Legitimate interests — we process usage and technical data to maintain security and improve the platform, provided this does not override your fundamental rights
  • Legal obligation — we may process data when required to comply with applicable law
  • Consent — where we rely on consent (such as optional marketing emails), you may withdraw it at any time

4. Your rights under GDPR

If you are in the EEA, you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure — request deletion of your data where there is no overriding lawful reason to retain it
  • Right to restriction — ask us to limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to lodge a complaint — you have the right to complain to your national data protection supervisory authority if you believe we have not handled your data lawfully

To exercise any of these rights, contact us at privacy@paraclyst.com. We will respond within 30 days.

5. Your rights under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights:

  • Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to deletion — request that we delete your personal information, subject to certain exceptions
  • Right to opt out of sale — we do not sell personal information. There is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, contact us at privacy@paraclyst.com.

6. Data retention

We retain your personal data for as long as your account is active or as needed to provide the service. If you close your account, we will delete your personal data within 90 days unless we are required by law to retain it longer. Lab data and research content you have uploaded will be deleted along with your account unless you have exported it beforehand.

7. Data storage and transfers

Your data is stored on Supabase, a cloud database provider. Data may be stored in data centres located in the European Union or the United States depending on your account region. Where data is transferred outside the EEA, it is protected by appropriate safeguards in accordance with GDPR requirements.

8. Third-party services

We use a small number of third-party services to operate the platform:

  • Supabase — database and authentication
  • Vercel — hosting and infrastructure
  • Vercel Blob — file and attachment storage

We do not share your data with any other third parties for their own purposes.

9. Security

We take reasonable technical and organisational measures to protect your data. This includes TLS encryption in transit, encrypted storage at rest, row-level security policies ensuring users can only access their own organisation's data, and secure authentication. No system is perfectly secure, and we cannot guarantee absolute security, but we take these obligations seriously.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes we will notify users by email or an in-app notice.

11. Contact

For any privacy-related questions, requests to exercise your rights, or complaints, please contact us at privacy@paraclyst.com.

← Back to Home