Updated Feb 14, 2025

Introduction:
DataPrudence values your privacy and is committed to protecting personal information in accordance with applicable laws. This Privacy Policy explains our privacy practices in clear terms​– detailing what data we collect, how we use and store it, when we might share it, and the rights you have regarding your information. DataPrudence provides AI-powered bioinformatics and data analysis solutions for the biotechnology and life sciences industry​, and in doing so, we handle both business data and personal data with utmost care. We comply with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other privacy laws, to ensure that your information is collected and processed lawfully, transparently, and fairly. By interacting with our website or using our services, you agree to the practices described in this Privacy Policy.

Information We Collect

1. Information You Provide: We collect personal information that you voluntarily provide to us. This may include your name, email address, phone number, job title, company/organization, or other contact details – for example, when you:

• Fill out a contact or inquiry form on our site (to request a consultation, ask a question, or get information about our services).
• Email us or communicate by phone for support or information.
• Subscribe to our newsletter or updates (if we offer these).
• Register for an account or event (such as a webinar or demo, if applicable).

In these cases, you will know what data you provide because you type it in or tell it to us directly. We will use this information only for the purpose for which you provided it – for instance, to respond to your inquiry, schedule a consultation, provide the service you requested, or send you the communications you signed up for. If we ask for personal data for optional purposes (like signing up for marketing emails), we will either ask for your consent or give you a clear opportunity to opt out.

2. Information We Collect Automatically: When you visit our website, we may automatically collect certain technical information about your visit, via cookies or similar tracking technologies and our server logs. This data may include: your IP address and domain name, your browser type and operating system, the date and time of your visit, the pages or content you viewed, and the webpage that referred you to our site​. We collect this usage information to understand how visitors use our site, to maintain security (for example, detecting intrusion attempts), and to improve our website’s performance and content. This automatically collected data is generally not used to identify you personally; it is aggregated and analyzed to help us administer the site. For example, we might use it to see which service pages are most frequently visited or to diagnose technical issues. We may also use cookies to remember your preferences and enhance user experience. You can set your browser to refuse cookies or alert you when cookies are being used. (Note: Our [Cookie Policy] will provide more details on how we use cookies, if applicable.)

3. Information from Clients or Third Parties: In the course of providing services, our client (e.g., a research institution or company) may supply us with data that includes personal information (such as de-identified patient data or researcher contact info). In such cases, we act as a data processor handling that data on behalf of the client (the data controller). We process such data only under the client’s instructions and as permitted by our contract. Any personal data within client-provided datasets is treated as highly confidential and is protected in line with this Privacy Policy and our Data Usage Policy. We do not actively collect personal information from third-party sources about individuals, except as needed to perform services at a client’s direction or as part of routine business (for example, verifying a business customer’s credentials or credit, in which case we would obtain only what is lawful and necessary).

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, political opinions, health or genetic data tied to an identified person, etc.) from website visitors or marketing contacts. If you are applying for a job with us, separate privacy notices may apply to recruitment data. Our services are not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If we learn that a child’s personal information was inadvertently collected, we will delete it.

How We Use Personal Data

DataPrudence uses the personal information we collect for the following purposes, and we ensure that each use has an appropriate legal basis under GDPR (such as your consent, our legitimate interest, or fulfilling a contract) and is consistent with CCPA’s purpose limitations:

• To Provide and Improve Services: We use contact information and any project-related data to deliver the services or information you have requested. For example, if you engage us for a bioinformatics analysis project, we will use the data you and your organization provide (which may include personal data within research datasets) to perform and deliver that analysis. We may also use feedback or usage patterns to improve our service offerings and develop new features. All data is utilized only for legitimate business purposes and in accordance with the purposes for which it was collected​
• Communication: We use your contact details to communicate with you. This includes responding to inquiries or support requests, sending service-related announcements or administrative information (such as updates to our terms or this policy), and contacting you about project status if you are a client. If you have signed up for our newsletter or marketing emails, we will send you informational content about our services, industry insights, or events. You can opt out of marketing communications at any time, as described below. We will not spam you – communications will be purposeful and relevant to your relationship with us.
• Analytics and Site Personalization: Automatically collected website data (e.g. via cookies) is used to analyze trends and traffic on our site, so we can make improvements (for instance, optimizing popular pages or navigation). It may also help personalize your experience, such as remembering your language preference or presenting content tailored to your interests on future visits. Any analytics are performed on aggregate data; we do not use this data to profile individual visitors for advertising.
• Legal Compliance and Preventing Misuse: We may process personal information as required to comply with applicable laws, regulations, and legal processes. For example, keeping transaction records for accounting and tax purposes, or disclosing information in response to lawful requests by public authorities (such as complying with a court order). Additionally, we use data to enforce our agreements and policies and to prevent fraud, security incidents, or other misuse. This could include using certain data to investigate a technical issue or to protect against cybersecurity threats.
• Business Operations: If necessary, we might use contact information for routine business operations such as invoicing, auditing, or for merger/acquisition related due diligence (should that situation arise). In all such cases, access to personal data is limited to those who need it for that specific purpose and is protected accordingly.

We will not use your personal data in a manner that is materially different from the purposes above without informing you and obtaining consent if required. If we ever need to process your data for a new purpose, we will update this Privacy Policy or provide you a just-in-time notice explaining the new use. Our goal is to ensure you understand how your data is used and that we strive to honor the expectations set when your data was collected.

How We Share Information

DataPrudence does not sell your personal information to data brokers or marketers​. We only share personal data under these circumstances:

• With Service Providers (“Processors”): We may share information with third-party companies that provide services on our behalf, such as cloud hosting providers, data storage/backup services, email delivery services, customer relationship management (CRM) software, or analytics tools. These providers are contractually bound to keep your information confidential and secure and to use it only for the specific services we have requested. For example, if we use a cloud platform to store analysis results, any personal data on that platform is subject to strict security controls and the provider cannot access or use it except as needed to keep the service running. We perform due diligence on our vendors to ensure they meet high data protection standards.
• Within Our Corporate Group: If DataPrudence becomes part of a group of related companies (e.g., subsidiaries or affiliates), we may share data with them as necessary to perform the services and maintain operations. Any such entities will follow the same privacy commitments described here.
• For Legal Reasons: We may disclose personal information if required to do so by law or in response to valid legal requests (for example, responding to a subpoena, regulation, court order, or government request). We may also disclose information if we believe in good faith that it is necessary to investigate or protect against harmful activities to DataPrudence, our clients, or others (such as suspected fraud, security threats, or violations of our terms). We will only disclose the minimum amount of information necessary and will object to overbroad requests when appropriate.
• Business Transfers: In the event of a potential or actual merger, acquisition, financing, sale of company assets, or transition of service to another provider, personal information may be transferred to a successor or affiliated company as part of that process. If such a transfer occurs, we will ensure the new owner is bound to respect the terms of this Privacy Policy regarding your personal data, and we will provide notice to users if their personal information will be subject to a different privacy policy. You would then have the opportunity to discontinue using our services or exercise any rights you have with respect to your data.

Aside from the scenarios above, you have control over any other sharing. We do not share your personal data with third parties for their own marketing purposes. If we ever propose to share data in a way not covered by this Privacy Policy, we will obtain your consent. For example, if a partner organization or research collaborator might be of interest to you, we would ask if you wish to have your contact info shared – and we would respect your choice.

In all cases of sharing, we aim to anonymize or aggregate data when possible. For instance, we might publish aggregated statistics about how many analyses we’ve done (which could include aggregated data derived from client projects), but this would never include personal information or any identifying detail about individuals. Any third party who receives personal data from us is required to handle it with the same level of protection we do.

Data Security and Retention

We employ comprehensive security measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include technical safeguards (such as encryption, network firewalls, secure protocols) and organizational safeguards (such as access controls limiting which employees can see your data, and confidentiality agreements with staff and contractors). For example, when you submit information through our website, it is transmitted using Secure Socket Layer (SSL) encryption​. Stored data is encrypted or pseudonymized where feasible, and our databases are protected by authentication and authorization mechanisms. We also maintain physical security measures for any on-premise systems. Our team is trained on data protection best practices to ensure awareness of security and privacy in their daily work​. Despite all these precautions, please understand that no method of transmission or storage is completely secure. The internet by its nature cannot guarantee 100% security of data​. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot warrant absolute security. You share and transmit data at your own risk, but be assured we take every reasonable step to secure it. In the unlikely event of a data breach that affects your personal data, we will notify you and the appropriate regulatory authorities as required by law, and we will take immediate steps to remediate the issue.

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, accounting, or reporting requirements. The exact duration depends on the type of data and the context: for example, if you are a client, we may retain your contact and project information throughout the duration of our business relationship and for a period after its conclusion (to maintain records of the services provided, handle any follow-up, or comply with record-keeping obligations). If you subscribed to marketing emails, we retain your email on our mailing list until you unsubscribe or ask us to delete it. Web server logs containing IP addresses are generally rotated and purged periodically, unless needed for security analysis. When personal data is no longer needed, we will either delete it or anonymize it (so it can no longer be associated with you). If deletion is not immediately possible (for instance, if the data is stored in backups), we will isolate it and secure it until deletion is feasible.

Your Rights and Choices

You have significant rights regarding your personal data, and DataPrudence is dedicated to honoring these rights in line with GDPR, CCPA, and other applicable laws. Below is a summary of your rights and how you can exercise them:

• Right to Access & Data Portability: You have the right to request a copy of the personal information we hold about you and to obtain information about how we process it​. This is often called a Subject Access Request. We will provide you with the data in a structured, commonly used format. For EU individuals, you also have the right to data portability – meaning we can, at your request, provide your data in a machine-readable format or transmit it to another controller where technically feasible.
• Right to Rectification: If you believe that any personal data we have is incorrect or incomplete, you have the right to request that we correct or update it​. We welcome such updates and will make corrections promptly.
• Right to Erasure: You can ask us to delete your personal information in certain circumstances​. For example, if the data is no longer necessary for the purpose it was collected, or if you withdraw consent (where the processing was based on consent), or if you object to processing and we have no overriding legitimate grounds to continue. We will comply with deletion requests unless an exemption applies – for instance, we may need to retain some data to comply with a legal obligation or to exercise or defend legal claims. If we cannot delete data you requested, we will explain the reason (e.g., legal retention requirements) to you. Under CCPA, this is known as the Right to Delete, which allows California consumers to request deletion of personal data collected from them.
• Right to Object or Restrict Processing: You have the right to object to certain processing of your data. For example, you can object to processing for direct marketing at any time, and we will stop using your data for that purpose. You can also object if you feel our processing is infringing on your rights, or ask us to restrict processing while a complaint is being resolved. Under GDPR, in some cases you can request that we limit processing (for instance, not delete but just hold your data) if you contest its accuracy or our right to use it. Under CCPA, you have the right to opt out of the sale of personal information​

Note: DataPrudence does not sell your personal data​

If we ever engaged in any activity that qualifies as a “sale” under CCPA (such as exchanging data with a third party for valuable consideration), we would provide a clear “Do Not Sell My Personal Information” link on our website and honor opt-out requests. Additionally, if you have previously given us consent to process your data (e.g., for receiving newsletters), you have the right to withdraw consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

• Right to Non-Discrimination: Especially under CCPA, you have the right not to receive discriminatory treatment for exercising any of your privacy rights​. This means we will not deny you services, charge you a different price, or provide a lesser quality of service because you exercised your rights. We treat all users equally, whether or not they choose to exercise privacy rights.
• Right to Information (Transparency): You have the right to be informed about our data practices in a concise, transparent, intelligible, and easily accessible form​. This Privacy Policy is one of the ways we fulfill this right by explaining who we are, what data we collect, and how we use it. If you have any questions that are not fully answered by this document, you also have the right to contact us and receive further information.
• Additional EU Rights: If GDPR applies, you also have the Right not to be subject to automated decisions that produce legal or similarly significant effects on you, unless certain conditions are met (DataPrudence does not make such automated decisions about individuals in a privacy-impactful way without human involvement). You also have the Right to Data Portability (mentioned above) and the Right to lodge a complaint with a Data Protection Authority in your country if you believe we have not complied with privacy laws.
• California “Shine the Light” (CA Civil Code §1798.83): Separate from CCPA, California residents may request a disclosure of what personal information we share with third parties for their direct marketing purposes. However, as noted, we do not share data with third parties for independent direct marketing without consent, so this is generally not applicable.

Exercising Your Rights: To make any request regarding your personal data, please contact us at the email or mailing address provided on our website (for privacy requests, emailing our designated privacy contact is best). Please include your name, contact information, and a description of your request (e.g., “I would like a copy of my data” or “Please delete my account information”). We may need to verify your identity by asking for additional information, to ensure we do not disclose or delete data at the request of someone impersonating you. Verification might involve confirming details we already have on file or asking for a piece of identification (we will only use this info to verify and will delete it afterwards). We will respond to your request within the timeframe required by law – typically within one month for GDPR requests​ and within 65 days for CCPA requests (with the possibility to extend once for an additional 65 days with notice). There is no fee for making a request, though excessive or repetitive requests may incur a reasonable fee as permitted by law. If you are an authorized agent making a request on behalf of another individual, please provide proof of authorization (such as a signed permission from the individual or proof of power of attorney) along with the request. We also encourage direct communication whenever possible.

International Data Transfers

DataPrudence is based in the United States, and the data we collect is typically processed in the U.S. If you are located outside the U.S. (for example, in the European Economic Area), be aware that your personal information may be transferred to and stored on servers in a country with different data protection laws than your home jurisdiction. However, we take steps to ensure that appropriate safeguards are in place to protect your information in line with this Privacy Policy and applicable law. For instance, for personal data from the EU, we rely on legal mechanisms such as the European Commission’s Standard Contractual Clauses (SCCs) for data transfer, which contractually require your data to receive an equivalent level of protection as it would under EU law. We also only transfer data to third-country recipients (like our U.S.-based cloud providers) that have committed to GDPR-compliant practices. By using our services or providing us with your information, you consent to the transfer of your personal data to the U.S. and other jurisdictions as necessary, subject to these safeguards.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make updates, we will change the “Last Updated” date at the top of this document. For any significant changes, we will provide a more prominent notice – such as a banner on our website or an email notification – to inform you. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use our services or website after updates to the policy, we will take that as acknowledgement of the changes. Of course, if the changes require your consent (e.g., if we begin collecting new types of personal data), we will obtain that consent as required by law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are committed to resolving any issues and answering your questions to the best of our ability. You can reach our privacy team at:

Email: cs@dataprudence.com

We will respond as promptly as possible. If you feel we have not addressed your privacy-related inquiry or issue satisfactorily, you may also contact your local data protection authority (for EU residents) or file a complaint with regulators. However, we sincerely welcome the opportunity to work with you directly to resolve any concerns.

Your privacy is of fundamental importance to DataPrudence. We handle personal data with care, keeping it secure and using it only as described in this policy. Our practices are designed to give you transparency and control over your information​. We appreciate the trust you place in us when you share your data, and we aim to continually earn that trust by upholding strong privacy and data protection standards. Thank you for reading our Privacy Policy.