Privacy Policy

1. Introduction

Nanoworld Laboratory ("we", "us", "our") operates PicoFold at picofold.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and a hashed password. We do not store plaintext passwords. Passwords are hashed using bcrypt with a cost factor of 12.

2.2 DNA Sequence Files

When you upload files for analysis, we store your DNA sequence files (FASTA/EMBL/GenBank format) on our servers. Files are stored using UUID-based paths and are accessible only to your account.

2.3 Prediction Results

We store the results of your secondary structure predictions (PDB files, SS assignments) so you can access them later from your dashboard.

2.4 Payment Information

Credit card payments are processed by Stripe. We do not store your full credit card number, CVC, or expiration date on our servers. Stripe handles all payment card data in accordance with PCI DSS standards. We store only transaction records (amount, date, plan, order ID).

For bank transfer invoices, we store your company name, VAT number, and billing email as provided.

2.5 Usage Data

We collect:

• IP addresses (for rate limiting and security)
• Login timestamps and failed login attempts
• Job processing history (timestamps, file IDs, status)
• Credit usage records

2.6 Cookies

We use httpOnly cookies for authentication (access token and refresh token). These are essential cookies required for the service to function. We do not use third-party tracking cookies or advertising cookies.

3. How We Use Your Information

We use your information to:

• Provide and maintain the PicoFold service
• Process your DNA sequence predictions
• Manage your account and credit balance
• Process payments and generate invoices
• Send transactional emails (verification codes, password resets, job notifications)
• Protect against abuse (rate limiting, IP banning after failed logins)
• Monitor and fix errors (via Sentry error tracking)

We do not use your data for advertising, profiling, or selling to third parties.

4. Third-Party Services

Service	Purpose	Data Shared
Stripe	Payment processing	Email, payment card details (handled by Stripe)
Sentry	Error monitoring	Error stack traces, IP (anonymized)
SMTP provider	Transactional email	Email address, message content

We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

5. Data Storage and Security

Your data is stored on our servers. We implement the following security measures:

• Passwords hashed with bcrypt (cost factor 12)
• JWT authentication with httpOnly, SameSite cookies
• Automatic IP banning after repeated failed login attempts
• UUID-based file paths to prevent enumeration
• Rate limiting on all sensitive endpoints
• HTTPS encryption in transit
• Admin operations require password re-authentication

6. Data Retention

• Account data: retained until you delete your account
• Uploaded files and predictions: retained until you delete them or your account
• Payment records: retained for 7 years as required by tax regulations
• Security logs: retained for 90 days

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access your personal data
• Rectify inaccurate data (change email via dashboard)
• Delete your account and all associated data (via dashboard Account tab)
• Export your prediction results (download PDB files)
• Object to processing of your data

To exercise any of these rights, contact us at picofold@proton.me.

8. Children's Privacy

PicoFold is not intended for children under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of any material changes. The "Last updated" date at the top of this page indicates when this policy was last revised.

10. Contact

For privacy-related questions, contact us at:

Nanoworld Laboratory
Email: picofold@proton.me