efflux

Privacy Policy

Last Updated: November 2025

At Efflux Biosimulations ("Efflux," "we," "us," or "our"), we are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, share, and protect information when you use our chromatography modeling and simulation platform and services.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Registration: When you create an account, we collect your full name, email address, and password (encrypted).
  • Contact Forms: When you contact us or request a demo, we collect your name, email address, organization name, and any information you choose to include in your message.
  • Project Data: When using our simulation platform, we store your project configurations, including biomolecule properties, column specifications, experimental data uploads, method parameters, and simulation results.
  • Profile Information: Any additional information you add to your user profile or organization settings.

1.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, device information, operating system, and referring URLs.
  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns.
  • Cookies: We use essential cookies for authentication and session management. See Section 6 for more details.

1.3 Information We Do Not Collect

We do not use third-party advertising networks, marketing pixels, or behavioral tracking tools. We do not sell your personal information to third parties.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve our chromatography simulation platform and tools.
  • Account Management: To create and manage your user account, authenticate your identity, and provide customer support.
  • Communications: To respond to your inquiries, provide technical support, send product updates, and conduct sales outreach for demo requests.
  • Product Improvement: To analyze usage patterns, develop new features, and enhance platform performance.
  • Security: To detect, prevent, and address technical issues, fraud, and security threats.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. Data Sharing and Third Parties

3.1 Service Providers

We share data with trusted third-party service providers who assist in operating our platform:

  • Supabase: Our database and authentication provider, hosted in the European Union, processes and stores user account data and project information on our behalf.
  • Simulation API Services: External computational services that process simulation parameters to generate chromatography predictions.

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Business Transfers

If Efflux is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 What We Don't Share

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share your proprietary project data with other users or third parties without your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data is encrypted in transit using HTTPS/TLS and at rest in our database.
  • Authentication: Secure password requirements (minimum 10 characters) and email verification for new accounts.
  • Access Controls: Restricted access to personal data on a need-to-know basis.
  • Input Validation: Sanitization of user inputs to prevent security vulnerabilities.
  • Regular Monitoring: Continuous monitoring for security threats and vulnerabilities.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention and Deletion

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Your account data and projects are retained while your account remains active.
  • Account Deletion: If you request account deletion, we will delete your personal information within 30 days, except where we are required to retain certain data for legal or regulatory compliance.
  • Backup Systems: Deleted data may persist in backup systems for a limited time but will be rendered inaccessible and will be permanently deleted according to our backup rotation schedule.
  • Contact Requests: Information from contact forms and demo requests is retained for 2 years for business purposes.

6. Cookies and Tracking Technologies

6.1 Essential Cookies

We use essential cookies that are necessary for the operation of our platform, specifically for user authentication and session management. These cookies are required for the platform to function properly and cannot be disabled.

6.2 No Advertising or Analytics Cookies

We do not currently use advertising cookies, third-party analytics cookies (such as Google Analytics), or behavioral tracking technologies. If this changes in the future, we will update this policy and provide you with appropriate notice and control options.

7. Your Rights and Choices

7.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Right to Restrict Processing: Request that we limit how we use your personal data.
  • Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Right to Object: Object to our processing of your personal data for certain purposes.
  • Right to Withdraw Consent: Withdraw consent for processing based on consent at any time.

7.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information (subject to certain exceptions).
  • Right to Opt-Out: Opt out of the sale of your personal information (note: we do not sell personal information).
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at contact@effluxbio.com. We will respond to your request within 30 days. You may also update certain information directly through your account profile settings.

8. International Data Transfers

Our primary database and infrastructure are hosted in the European Union through Supabase. If you access our services from outside the EU, your information will be transferred to and processed in the EU. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable data protection laws.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

10. Enterprise Customers and Data Processing

For enterprise customers, we recognize that you retain ownership of your proprietary project data, simulation configurations, and experimental results. We act as a data processor for this information. Data Processing Agreements (DPAs) are available upon request for enterprise customers to ensure GDPR compliance and clarify data handling responsibilities.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email (if you have an account) and/or by posting a prominent notice on our website. The "Last Updated" date at the top of this policy indicates when it was most recently revised. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at contact@effluxbio.com