Privacy Policy
MolTrace processes account data, project metadata, spectral files, analysis outputs, usage logs, support communications, billing metadata, and audit events to provide the platform, secure customer workspaces, improve reliability, and support regulatory review.
Data we collect
Section titled “Data we collect”- Account and organization information
- Uploaded spectral files and raw FID archives
- Analysis results, reports, approvals, and audit trail events
- Usage, diagnostics, support, and security logs
- Billing and subscription metadata handled by payment processors
How data is used
Section titled “How data is used”Data is used to operate MolTrace, process analyses, generate reports, enforce security controls, provide support, maintain auditability, and improve product reliability. Customer data must not be used for model training unless the customer has explicitly opted in through an approved data-use agreement.
Retention
Section titled “Retention”Retention depends on workspace settings, customer contracts, GxP obligations, and applicable law. Default questionnaire values for legal review are:
| Record type | Draft retention position |
|---|---|
| Analytical files and generated reports | 7 years unless a customer contract requires a different validated retention period. |
| Audit logs | Indefinite retention for regulated workspaces unless legal counsel approves a shorter period. |
| Account and support records | Retain while the account is active, then delete or archive according to the contract. |
Rights and contact
Section titled “Rights and contact”Customers may request access, correction, export, deletion, portability, or restriction where applicable. Privacy requests should route to privacy@moltrace.com.
Policy generator questionnaire
Section titled “Policy generator questionnaire”Use these structured answers when generating the production Privacy Policy, then send the output to counsel before publishing.
| Question | Draft answer |
|---|---|
| Product type | SaaS / cloud software for scientific analysis and regulated documentation support. |
| Personal data | Email, name, organization, role, support communications, usage logs, billing metadata. |
| Customer data | Spectral files, raw FID archives, project metadata, reports, approvals, and audit events. |
| Processors | AWS for storage and compute, Stripe for payments, Postmark for email. Verify the live processor list before launch. |
| Hosting regions | AWS eu-west-1 and us-east-1 unless a customer agreement specifies otherwise. |
| Regulatory regimes | GDPR, UK GDPR, and CCPA/CPRA where applicable. Add other regimes as operations expand. |
| User rights | Access, rectification, erasure, portability, restriction, objection where applicable, and complaint routes. |
Legal review gate
Section titled “Legal review gate”This page is live as the customer-facing policy location, but final production language must be approved by legal counsel before paid onboarding.