This Privacy Policy explains how QAI Labs Ltd. ("QAI Labs," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with the NOVA-3 platform, our websites, the interactive playground/demo, the developer API, and related services (collectively, the "Service").
QAI Labs Ltd. is a Delaware corporation with its principal office in Sugar Land, Texas, USA. We provide NOVA-3, a computer-aided design platform for multi-specific antibodies used by professionals at pharmaceutical and biotechnology organizations and by researchers.
This Policy applies to personal information we process when you visit our websites, register for or use the Service, communicate with us, or otherwise interact with us. It does not apply to third-party websites or services that we do not control.
For enterprise Customers, our processing of personal information contained in customer-submitted data may also be governed by a separate Data Processing Agreement ("DPA"), which controls in the event of a conflict with this Policy with respect to that data.
When you create an account or register for the Service, we collect information such as your name, work email address, organization or affiliation, job role, and account credentials.
When you use the Service, we automatically collect information such as IP address, device and browser type, operating system, pages and features accessed, API request metadata, timestamps, referring URLs, and diagnostic and performance logs.
We and our analytics providers use cookies and similar technologies to operate, secure, and improve the Service and to understand usage. See our Cookie Policy for details.
When you contact us (for example, by email or support request), we collect the contents of your communications and related contact details.
You may submit scientific data, antibody sequences, structures, parameters, and related files to the Service ("Customer Content"). Customer Content is generally scientific and technical in nature and is processed on the Customer's behalf. To the extent Customer Content contains any personal information, we process it as a service provider/processor under the instructions of the Customer, and such processing may be governed by a DPA for enterprise Customers. The Customer is responsible for the lawfulness of the Customer Content it submits.
We use personal information to:
Where the EU or UK General Data Protection Regulation applies, we rely on the following legal bases:
We do not sell personal information. We share personal information only as described below:
These providers process personal information on our behalf under contractual confidentiality and data-protection obligations. We identify subprocessors by category only; enterprise Customers may obtain our current subprocessor list and additional commitments under a DPA.
QAI Labs is based in the United States, and the Service is operated from and supported by providers in the U.S. and other countries. When we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures where appropriate.
We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods depend on the type of information and the purpose for which it was collected. Customer Content is retained in accordance with the applicable order, agreement, or DPA, and is deleted or returned upon termination as described there or in our documentation. When information is no longer needed, we delete or anonymize it.
We maintain administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit and at rest, access controls, network protections, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. For more information about our security practices, please refer to our Security page or contact security@qailabs.co.
If you are in the EEA, UK, or Switzerland, you have the right to:
Where we process Customer Content on behalf of a Customer, please direct requests to that Customer; we will assist the Customer in responding as required.
If you are a California resident, you have the right to:
QAI Labs does not sell personal information and does not "share" personal information for cross-context behavioral advertising as those terms are defined under California law. We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, contact us at privacy@qailabs.co. We will respond within the time required by applicable law. We may need to verify your identity before fulfilling a request, and you may use an authorized agent where permitted by law.
The Service is intended for professional and business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have collected such information, please contact privacy@qailabs.co so we can delete it.
The Service generates computational predictions about antibody designs from the data you submit. These Outputs are for research and informational purposes only and require independent experimental validation. We do not use your personal information to make decisions that produce legal or similarly significant effects about you solely by automated means without human involvement.
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Policy with a new "Last updated" date and, where appropriate, provide additional notice. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
If you have questions or requests regarding this Privacy Policy or your personal information, please contact:
QAI Labs Ltd. Sugar Land, Texas, USA Privacy: privacy@qailabs.co Security: security@qailabs.co Website: https://qailabs.co
EU/UK Representative. Where required under Article 27 of the GDPR or UK GDPR, our designated EU/UK representative can be reached at the contact details published here: _[EU/UK Representative name and address — to be inserted]_. EEA and UK individuals may contact our representative regarding the processing of their personal information.