Privacy Policy

Privacy Policy

Effective Date: March 18, 2026

CatalystLab ("we", "us", "our") operates the catalystlab.tech web application (the "Service"). This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and your rights as a user.

01 Information We Collect

1.1 Information You Provide Directly

When you use CatalystLab, you may provide us with the following:

  • Account information: your name, email address, and password when you create an account.
  • Profile information: your institution, research field, position, and academic interests.
  • Research inputs: text, hypotheses, abstracts, research questions, or any content you enter into CatalystLab instruments.
  • API keys: your Gemini API key and optionally your CORE API key.
  • Payment information: processed by Paddle.
  • Communications: emails or messages you send to our support team.

1.2 Information Collected Automatically

When you use the Service, we may automatically collect:

  • Usage data, device and browser information, IP address, and cookies/local storage for authentication.

02 How We Use Your Information

We use the information for Service Delivery, Account Management, and Product Improvement.

03 Data Storage & Retention

CatalystLab uses Supabase as our database and authentication provider. API keys are stored only in your browser's localStorage.

04 Sharing of Your Information

We do not sell, rent, or trade your personal information. We share data only with trusted third-party providers (Supabase, Google Gemini API, Paddle, Vercel) as necessary to operate CatalystLab.

05 Cookies & Local Storage

We use strictly necessary cookies for authentication and localStorage for your preferences and saved sessions.

06 Your Rights & Choices

You have rights regarding access, correction, deletion, data portability, withdrawal of consent, and opting out of analytics. Contact us at legal@catalystlab.tech.

07 Children's Privacy

CatalystLab is not directed to individuals under the age of 13.

08 International Data Transfers

CatalystLab is operated by an individual based in Bangladesh. Data may be stored in the US or EU.

09 Security

We implement industry-standard security measures, including TLS 1.3 encryption, RLS policies, and bcrypt password hashing.

10 Changes to This Policy

We may update this policy. Material changes will be notified by email and dashboard notice at least 14 days in advance.

11 Contact

For privacy inquiries, contact legal@catalystlab.tech.