Privacy Policy
This Privacy Policy explains what personal data Pipette.bio ("Pipette", "we") collects when you use our AI-assisted bioinformatics platform, why we collect it, who it is shared with, and the choices you have. It applies to accounts created on pipette.bio and to use of the Service. It is operated by Variome Analytics from Rajasthan, India.
1. What we collect
| Category | What it includes | Why |
|---|---|---|
| Account | Username, email, password (stored hashed), creation date, tier. | To create and secure your account. |
| Content | Queries you submit, files you upload, conversation history, generated code, intermediate files, results, reports. | To run your analyses and return results. |
| Usage | Session identifiers, task status, credit consumption, LLM token counts, compute duration, queue routing. | To meter usage, bill accurately, and improve performance. |
| Billing | Purchase events, credit balance, invoice identifiers. Card numbers are handled by our payment processor and never touch our servers. | To process payments and keep a ledger. |
| Technical | IP address, browser user-agent, device type, timestamps, server logs, error traces. | To prevent abuse, debug incidents, and meet security obligations. |
| Communications | Emails you send us, support tickets, feedback. | To respond to you. |
2. How we use your data
- Operate the Service: authenticate you, run analyses, store intermediate and final outputs, deliver results.
- Billing and account management: meter credit use, process purchases, issue receipts, enforce caps and limits.
- Security and abuse prevention: detect account takeover attempts, block malicious inputs, investigate policy violations.
- Product improvement: aggregate, non-identifying metrics (queue depth, error rates, runtime distributions).
- Communications: send transactional email (account, billing, job status, security) and, if you opt in or have not opted out, occasional product or marketing email. You can unsubscribe from marketing email at any time.
- Legal compliance: respond to lawful requests, enforce our Terms, protect our rights.
3. What we do not do
- We do not sell your personal data.
- We do not use your queries, files, or results to train AI models, ours or third-party.
- We do not share your content with advertisers.
4. Who we share with
We share the minimum needed with the following categories of processors, each bound by their own terms:
- LLM provider. We send your query text and conversation history for inference under enterprise no-training terms. Portions of file content that the agent inspects during an analysis (e.g. sampled rows, column headers, computed values) may be included in those prompts as observations.
- Cloud infrastructure provider. Hosts our servers, databases, object storage, and compute workers.
- Payment processor. Handles purchases. We receive transaction metadata; card details stay with the processor.
- Email delivery provider. Sends transactional and marketing email.
- Analytics and error reporting. Anonymous or pseudonymous product analytics and crash reporting to improve stability and UX.
- Legal. When required by a valid legal process, or when we believe disclosure is necessary to protect our rights, users, or the public.
5. Data location and transfers
Pipette is operated from India and its infrastructure is hosted in cloud regions chosen for latency and availability, which may be outside your country of residence. By using the Service you acknowledge that your data may be processed and stored in those regions, subject to the safeguards provided by our cloud provider and the terms of this policy.
6. Retention
- Account information is retained while your account is active.
- Session files, reports, and generated outputs are retained so you can resume and review prior work. You can delete specific files from the Data Bucket at any time.
- Billing records are retained as required by applicable accounting and tax law.
- Server logs are retained for a limited period for security and debugging, then rotated.
- On account deletion, your account data and content are removed or anonymized, except where we are required to keep records for legal, tax, or security reasons.
7. Your rights and choices
- Access and export. You can view your session history and download your outputs from the in-app Data Bucket and History.
- Correction. You can update account details from your profile page.
- Deletion. You can delete individual files at any time, and can request account deletion by emailing support@pipette.bio.
- Marketing opt-out. Use the unsubscribe link in any marketing email. Transactional email continues while your account is active.
- Depending on your jurisdiction you may have additional rights (objection, restriction, portability). Contact us and we will honour them where applicable.
8. Security
We implement technical and organizational measures appropriate to the sensitivity of the data: encryption in transit (HTTPS), encrypted storage for credentials and content, scoped access controls, isolated worker containers, per-session file scoping, audit logging, and rate limits. No system is perfectly secure; you accept the inherent risk of using an internet service.
9. Cookies and local storage
We use strictly necessary cookies and local storage to keep you signed in, remember UI preferences (theme, banners you dismissed), and protect against abuse. We do not use cookies for cross-site advertising.
10. Children
The Service is not intended for children under 18. Do not create an account if you are below the age of majority in your jurisdiction.
11. Changes to this policy
We may update this Policy. Material changes will be announced in-product or emailed to your registered address. The "Last updated" date at the top reflects the current version.
12. Contact
Questions, requests, or complaints? Email support@pipette.bio.