Skip to main content

Privacy Policy

Last Updated: October 2025

TL;DR: We protect your research data, don't sell it, don't use it to train public AI models, and give you full control to access or delete it anytime.

Welcome to Smarts.bio ("we," "us," or "our").

Your privacy matters to us. This Privacy Policy explains what information we collect, how we use it, and your rights when using our platform and related services (the "Service").

By using Smarts.bio, you agree to this Privacy Policy. If you don't agree, please don't use the Service.

1. Information We Collect

We collect information in several ways:

1.1 Information you provide directly

  • Account details: name, email, institutional affiliation, login credentials
  • Research files or data: biological datasets, genomic sequences, bioinformatics files, analysis parameters, and results
  • Messages, feedback, or support requests
  • Agent conversations: we store chat history so you can revisit past conversations and to improve agent performance using aggregated, anonymized data
  • Users may delete individual conversations or all chat history at any time; deleted chats are removed from active systems within 14 days

1.2 Information collected automatically

  • Technical data: IP address, browser, OS, device identifiers
  • Usage data: pages visited, actions, timestamps, feature usage, query patterns
  • Cookies and analytics (Google Analytics, Mixpanel)

1.3 Non-personal data

  • Anonymized and aggregated data to enhance analytics and system performance
  • Processed using data masking, aggregation, and removal of identifiers

2. How We Use Information

We use your information to:

  • Operate and maintain the Service
  • Process and analyze uploaded files to provide bioinformatics insights
  • Store and display past agent conversations for your convenience
  • Improve AI agent accuracy using aggregated, anonymized usage patterns
  • Enhance functionality, performance, and user experience
  • Communicate updates, announcements, and support messages
  • Ensure security, prevent abuse, and comply with legal obligations
  • Detect patterns of organizational use requiring institutional agreements
  • Enforce compliance with institutional account requirements

Important: We do not use uploaded research data or personally identifiable chat content to train public or third-party AI models. Any agent improvements are based solely on aggregated, anonymized patterns.

3. How We Share Information

We don't sell or rent your personal or research data. Sharing occurs only in the following cases:

  • Service providers – trusted partners for hosting, analytics, and operations:
    • Amazon Web Services (AWS)
    • Google Analytics
    • Mixpanel
    • Email service providers
  • Legal requirements – compliance with laws, court orders, or to protect our rights
  • Business transfers – mergers, acquisitions, or asset sales under equivalent protection terms
  • With your consent – when you explicitly authorize sharing

We never share your research data with other users unless you explicitly choose to collaborate or share specific projects.

4. International Transfers & Compliance

Data Location: Smarts.bio is based in the U.S.; data is stored primarily on AWS US East (N. Virginia). Backups may replicate to additional regions for redundancy.

International Users: By accessing the Service outside the U.S., you consent to data transfer and processing in the U.S.

Privacy Frameworks: We comply with GDPR, UK GDPR, CCPA/CPRA, FERPA (educational institutions), and PIPEDA (Canada).

  • Legal basis for EU/UK users: performance of contract, consent, legal obligations, or legitimate interests.

5. Data Retention & Deletion

  • Active accounts: Retain account info, research files, and chat history while active
  • Account deletion:
    • Personal info, research files, and conversations removed from active systems within 14 days
    • Backups retained 90 days for disaster recovery, then permanently deleted
    • Metadata in logs retained 12 months for security auditing
    • Aggregated or anonymized data may be retained indefinitely
  • Data portability: You can request your data in machine-readable formats (JSON/CSV or original files)
  • Inactive accounts: Accounts inactive >2 years may be deleted after notice

6. Cookies & Analytics

6.1 Cookie Consent

We use a unified cookie consent system across all smarts.bio services (website, web application, and bio-viewers). Your consent preferences are shared across domains using a secure cookie (cookie-consent) with domain .smarts.bio, which means your choice on any platform applies to all others. Your preferences are remembered for 365 days.

  • On the marketing website (smarts.bio): A cookie consent banner appears when you first visit, allowing you to choose which types of cookies to accept.
  • In the web application (chat.smarts.bio): If you haven't previously consented on the website, you'll be asked for analytics consent after your first successful login. This post-login approach allows you to first authenticate (essential cookies only) before deciding whether to help improve the platform with usage analytics.
  • In the bio-viewers (view.smarts.bio): The same cookie consent system applies. If you haven't previously consented on the website or app, a banner will appear on your first visit allowing you to manage your cookie preferences.
  • Shared preferences: Your consent given on any platform applies to all three. You only need to consent once across all smarts.bio services.

6.2 Types of Cookies We Use

  • Essential cookies: Required for the website and web application to function properly. These include:
    • Website (smarts.bio): Login sessions, security features, and core functionality
    • Web Application (chat.smarts.bio): Authentication cookies (auth_token and auth_user) that store your login session and profile information. These cookies expire after 7 days and are configured with secure settings in production (HTTPS-only, SameSite protection)
    • Bio-viewers (view.smarts.bio): Authentication cookies (auth_token) for viewing files from authenticated workspaces. File viewing can be done without authentication for publicly shared files. These cookies are shared from the web application and follow the same security settings

    These cookies cannot be disabled as they are necessary for the services to work.

  • Analytics cookies: Mixpanel helps us understand how users interact with our website, web application, and bio-viewers. These cookies collect anonymous, aggregated data about page views, user interactions, feature usage, and traffic sources. These cookies are only activated if you explicitly consent to them. If you reject analytics cookies, no tracking scripts will be loaded, and no data will be sent to Mixpanel. Google Analytics is used only on the marketing website (smarts.bio), not in the web application or bio-viewers.
  • Marketing cookies: May be used in the future for advertising and personalized content. Currently not in use. You can opt-out of these cookies through the cookie consent banner.
  • Preference cookies: Store your cookie consent choices and other user settings to improve your experience.

6.3 How to Manage Your Cookie Preferences

You have full control over your cookie preferences:

  • Marketing website (smarts.bio): When you first visit, you can choose to "Accept All", "Reject Non-Essential", or "Customize" your preferences. The "Customize" option lets you enable or disable specific cookie categories (analytics, marketing).
  • Web application (chat.smarts.bio):
    • First visit: An informational notice explains that essential authentication cookies are used
    • After first login: If you haven't already consented on the website, you'll be asked whether you want to help improve the platform with anonymous usage analytics. You can choose "Help Improve" (opt-in to Mixpanel) or "No Thanks" (essential cookies only)
    • Changing preferences: You can modify your analytics preferences at any time through your account settings (future feature) or by clearing the cookie-consent cookie and revisiting any platform
  • Bio-viewers (view.smarts.bio): The same cookie consent banner used on the marketing website appears on your first visit if you haven't already consented on another platform. You can choose to "Accept All", "Reject Non-Essential", or "Customize" your preferences.
  • Unified preferences: Your consent choice on any platform applies to all three. Accepting analytics on the website enables Mixpanel across all smarts.bio services, and vice versa
  • Browser settings: You can also control cookies through your browser settings, though this may affect website and application functionality

6.4 What Happens When You Reject Cookies

If you reject analytics or marketing cookies on any platform:

  • No Mixpanel or Google Analytics tracking scripts will be loaded
  • No analytics data will be collected or sent to third parties
  • All platforms (website, web application, and bio-viewers) will continue to function normally
  • Only essential cookies necessary for authentication and core functionality will be active
  • Your rejection preference applies across all smarts.bio domains

Essential authentication cookies (auth_token, auth_user) are required for the web application to function and cannot be rejected. If you choose to block these cookies through browser settings, you will not be able to log in or use the application.

6.5 Third-Party Cookie Policies

For more information about how our analytics providers handle data:

6.6 Do Not Track (DNT)

We respect Do Not Track (DNT) browser signals. If you have DNT enabled, analytics cookies will not be activated even if you previously consented to them. However, you must still interact with our cookie consent banner to confirm your preferences.

7. Data Security

Technical safeguards: TLS 1.3 encryption in transit, AES-256 at rest, RBAC with MFA, firewalls, intrusion detection, DDoS mitigation, regular vulnerability scans

Operational safeguards: personnel background checks, security training, incident response, encrypted backups

Limitations: No system is 100% secure; you are responsible for login credential confidentiality

Breach notification: We notify affected users via email within 72 hours of discovering a data breach

8. Your Rights

Depending on location, you may:

  • Access or receive a copy of your data
  • Correct or update information
  • Request deletion of account, files, or conversations
  • Object to or restrict processing
  • Withdraw consent for optional processing (analytics, marketing)

Exercising your rights: Email privacy@smarts.bio with your name, email, request, and verification info. We respond within 30 days (extensions possible for complex requests).

Complaints: EU/UK users can contact local data protection authorities; U.S. users can contact their state attorney general.

9. Children's Privacy

  • Intended for users 18+
  • We don't knowingly collect data from under-18s
  • Educational accounts for supervised minors (13–17) require institutional oversight

If you believe someone under 18 has provided us with personal information, contact us at privacy@smarts.bio and we'll delete it promptly.

10. Enterprise & Institutional Customers

  • Data Processing Addendum (DPA): HIPAA, FERPA, GxP, custom residency, or BAA requirements available
  • Institutional control: Administrators may enforce data retention, access, or deletion policies

Contact enterprise@smarts.bio for details.

11. Changes to This Policy

  • Material changes: notice on website 30 days in advance; email if rights are significantly reduced
  • Continued use after changes indicates acceptance
  • Version history available on request
  • The "Last Updated" date at the top reflects the latest version

12. Contact Us

Privacy inquiries: privacy@smarts.bio

Data Protection Officer: nir@smarts.bio

Security issues: security@smarts.bio

For urgent security matters, please use security@smarts.bio.