Privacy Policy

Your privacy is fundamental to our mission. This policy explains how we collect, use, and protect your research data and personal information.

Effective: August 30, 2025

Version 1.0

1. Introduction

Digital Makers Limited operates the AbTrove platform, a cloud-based laboratory information management system designed for antibody and reagent tracking. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Important: This policy was last updated on August 30, 2025. We recommend reviewing it periodically for changes.

2. Information We Collect

We collect the following categories of information when you use AbTrove. The specific information collected depends on your interactions with the platform.

2.1 Personal Information

Name, email address, and institutional affiliation
Account credentials and authentication details
Profile information and communication preferences
Laboratory membership and role assignments

2.2 Research Data

Antibody inventory and catalog information
Experimental protocols and usage records
Laboratory workflows and collaboration permissions
Storage location and organization data
Bulk import/export activities

2.3 Technical Information

IP address, device information, and browser type
Log files, system performance data, and error reports
Usage patterns and feature utilization
Cookies and similar tracking technologies

2.4 Payment Information

Payment method details (processed securely via Paddle)
Billing address and transaction records
Subscription and renewal history

2.5 Communications

Customer support inquiries and helpdesk interactions
Feedback, feature requests, and survey responses
Marketing communication preferences (if you opt in)

3. How We Use and Justify Processing Your Information

We process your personal and research data to operate, improve, and protect the AbTrove platform. Our uses fall into the following categories, and each is supported by a lawful basis for processing under applicable privacy laws (including the NZ Privacy Act 2020, GDPR/UK GDPR, and CCPA/CPRA).

3.1 Service Operations

Provide and maintain core platform functionality
Process and securely store your research data
Enable collaboration and laboratory data sharing
Manage subscriptions and process payments
Provide customer support and respond to technical inquiries

Legal basis: Contract necessity (to provide the service you have requested), and in some cases, legal obligations (e.g., financial recordkeeping).

3.2 Platform Improvement & Security

Analyze usage patterns to improve features and workflows
Develop new tools and capabilities for laboratory management
Monitor system performance and security
Conduct troubleshooting, diagnostics, and bug fixes
Prevent fraud, misuse, and unauthorized access

Legal basis: Legitimate interests (to operate and improve our platform securely and efficiently).

3.3 Communications

Send service updates, announcements, and security notices
Provide billing reminders and account-related notifications
Send marketing communications (only if you have opted in)

Legal basis: Contract necessity (for essential service-related communications); Consent (for marketing emails, which you can opt out of at any time).

4. Data Storage & Security

We take the protection of your data seriously. AbTrove uses industry-standard technical and organizational measures to safeguard both your research data and personal information.

4.1 Security Measures

End-to-end encryption for all data transmission (TLS 1.3)
AES-256 encryption for data at rest
Row-level security with laboratory-based isolation
Granular role-based access controls (Admin, Member, Guest)
Automated backups and disaster recovery systems
Regular security audits and penetration testing
Soft-delete architecture with a 30-day recovery period before permanent deletion

4.2 Data Centers & Infrastructure

Your data may be stored and processed in New Zealand and other regions where we or our trusted service providers operate, including the United States, the European Union, and other jurisdictions. We work with industry-leading infrastructure providers (such as Supabase, Paddle, and cloud hosting partners) that meet internationally recognized standards, including SOC 2 Type II, ISO 27001, and HIPAA-capable environments where relevant.

6. Research Data Ownership

6.1 Your Research Data

You retain full ownership and intellectual property rights to all scientific and research data that you upload to the platform, including antibody inventories, protocols, and related laboratory records.
You control who has access to your research data through our permission system.
You may export or delete your research data at any time, subject to legal or compliance retention requirements.

6.2 Our Role in Handling Your Data

For research data uploaded by you or your institution, we act as a data processor (under GDPR and similar laws). This means we process that data only on your instructions and for the purpose of providing the Service. For account information, billing data, support communications, and platform usage logs, we act as a data controller.

8. Your Rights & Choices

Depending on where you live, you may have specific legal rights regarding your personal information. Regardless of your location, we provide the following options:

8.1 Access & Control

Access and review the personal information we hold about you
Correct inaccurate or incomplete data
Export or download your research data in a portable format
Delete your account and associated data (subject to retention requirements)
Object to certain processing activities (such as analytics or marketing)

8.2 How to Exercise Your Rights

To exercise your rights, contact us at support@abtrove.com. We may need to verify your identity before processing your request. We aim to respond within 30 days (or within the timeframe required by applicable law).

10. Data Retention

We retain personal information and research data only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

10.1 Retention Periods

Account Information: Retained for as long as your account is active. If you close your account, we will delete or anonymize personal information within 30 days, unless legal obligations require longer retention.
Research Data: Retained until you or your institution delete it, or until your account is terminated. Deleted data may remain in backups for a limited period.
Soft-Deleted Data: Retained for 30 days before permanent deletion, allowing you to recover accidentally deleted records.
Activity Tracking: We maintain creation and modification timestamps for records. Deleted records are retained for 30 days before permanent removal. Audit trail data includes the user responsible for record changes and deletions.

12. Children's Privacy

AbTrove is designed for use by professional researchers and institutions. It is not intended for individuals under 18 years of age.

We do not knowingly collect or process personal information from children under 18.
If we become aware that a child has provided us with personal information, we will take immediate steps to delete such data.
Parents or guardians who believe their child has provided information to us should contact support@abtrove.com so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, updates to legal requirements, or modifications to our services.

13.1 Notification of Changes

When we make material changes, we will:

Send an email notice to your registered email address,
Provide a dashboard or in-app notification, and
Update the "Last Updated" date at the top of this Policy.

14. Contact Us

Digital Makers Limited

General Support: support@abtrove.com

For privacy-related requests, please include "Privacy Request" in your subject line and provide sufficient detail for us to understand and process your request.

Last updated: August 30, 2025 • Version 1.0