LabticleLabticle

Labticle Privacy Policy

Effective date: 2026-06-11 Legal entity: Labticle Ltd. Registered address: Lagos, Nigeria Contact: privacy@labticle.com

This Privacy Policy explains how Labticle collects, uses, shares, stores, and protects personal data when people use the Labticle website, web application, public profiles, public lab pages, forms, messaging, notifications, analytics, and related services.

This policy is written for an international SaaS product. It must be reviewed by qualified counsel before serving regulated universities, hospitals, clinical labs, or customers in jurisdictions with sector-specific privacy laws.

1. What Labticle Does

Labticle is a research-lab visibility and progress-reporting platform. Labs use Labticle to manage members, projects, trainee progress updates, forms, notifications, messaging, public profiles, public lab pages, and community/discovery features.

Depending on how a lab uses Labticle, the lab may decide what personal data is entered into the platform. In many cases, the lab is the data controller or equivalent decision-maker, and Labticle acts as a processor or service provider. For Labticle's own website, account administration, security, analytics, billing, and product improvement activities, Labticle may act as an independent controller.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Account data: name, email address, authentication identifiers, password metadata handled by Supabase Auth, role, lab membership, account status, and login information.
  • Profile data: username, public profile settings, biography, research area, institution, department, degree or training information, social links, ORCID, Google Scholar, ResearchGate, profile images, and other profile fields supplied by the user or lab.
  • Lab and project data: lab name, lab membership, project assignments, supervisor relationships, project updates, comments, milestones, notes, attachments, and status information.
  • Communication data: invitations, notification preferences, messages, moderation requests, content reports, blocks, mutes, and related metadata.
  • Form and submission data: responses to forms created by labs, uploaded files, images, documents, and any information entered into a public or private form.
  • Media data: images, profile photos, lab logos, cover images, voice notes, uploaded documents, and metadata associated with stored files.
  • Public content: public profile content, public lab page content, public posts, public comments, reactions, follows, reshares, and discovery-feed activity.
  • Device and usage data: IP address, browser type, device information, pages viewed, timestamps, referral URLs, approximate location inferred from IP address, logs, error reports, and analytics events.
  • Support and business data: support requests, billing contacts, customer communications, pilot participation, survey responses, and similar operational information.

Users and labs should not upload unnecessary sensitive data. Labs are responsible for configuring their workspace and forms so that they collect only the data they are authorized to collect.

3. Sensitive, Research, Student, And Health-Related Data

Labticle may be used in research, academic, hospital, or industrial lab contexts. Depending on customer configuration, users may enter data that is sensitive, confidential, educational, research-related, or health-related.

Unless Labticle has signed a specific regulated-data agreement with a customer, Labticle is not intended to be used for:

  • protected health information subject to HIPAA;
  • education records subject to FERPA where Labticle has not contractually agreed to FERPA-aligned obligations;
  • regulated clinical trial records requiring validated systems or specific GxP controls;
  • patient-identifiable medical records;
  • data that a user or lab is not legally permitted to upload.

If a customer needs Labticle for regulated health, student, clinical, or research data, the customer must contact Labticle before uploading that data so the appropriate contractual, security, and compliance terms can be agreed.

4. How We Use Personal Data

We use personal data to:

  • provide, operate, secure, and maintain Labticle;
  • create and manage accounts, labs, memberships, invitations, and authentication;
  • enable project management, progress updates, forms, messaging, notifications, public profiles, public lab pages, and discovery features;
  • send transactional emails, invitations, reminders, digests, approval notices, and service messages;
  • process user-selected public content and profile visibility settings;
  • enforce access controls, lab isolation, abuse prevention, moderation, and platform safety rules;
  • detect, prevent, and investigate fraud, spam, unauthorized access, security incidents, policy violations, and misuse;
  • monitor reliability, diagnose errors, improve performance, and support customers;
  • analyze product usage and improve Labticle;
  • comply with legal obligations and enforce agreements;
  • communicate with customers, users, partners, and prospective investors or customers.

5. Legal Bases For Processing

Where GDPR, UK GDPR, or similar laws apply, Labticle relies on one or more legal bases, depending on the context:

  • Contract: to provide Labticle under our Terms, customer agreements, or pilot agreements.
  • Legitimate interests: to secure the service, prevent abuse, improve the product, communicate about the service, and operate a SaaS business, where those interests are not overridden by individual rights.
  • Consent: where required for optional analytics, marketing communications, public profile publication, certain cookies, or specific optional features.
  • Legal obligation: where processing is necessary to comply with applicable laws, audits, legal requests, or regulatory obligations.
  • Customer instructions: where Labticle acts as a processor for a lab or institution.

6. Public Profiles, Public Lab Pages, And Public Content

Labticle includes public-facing features. If a user or lab chooses to publish a public profile, public lab page, public post, public comment, image, or other public content, that content may be visible to anyone on the internet and may be indexed by search engines.

Users and labs are responsible for ensuring they have the right to publish any content, image, logo, research description, affiliation, name, or other information they make public.

Labticle may provide visibility controls, approval flows, and moderation tools, but users should treat public content as publicly accessible once published.

7. Analytics, Cookies, And Similar Technologies

Labticle may use cookies and similar technologies for authentication, security, preferences, analytics, performance, and product improvement.

Labticle currently supports analytics and observability providers such as PostHog and Sentry. Analytics events should be configured to avoid unnecessary sensitive data. Error reports may include technical context needed to diagnose issues.

Where required by law, Labticle will request consent for optional cookies or analytics and provide controls to withdraw consent.

8. AI, Automation, And Transcription

Labticle may include AI-assisted features, such as lab assistant functionality, summaries, search support, or transcription/analysis of user-provided content if enabled.

When AI providers are used, data may be sent to third-party AI infrastructure only as needed to provide the feature. Labticle maintains provider-specific disclosures in its subprocessor list and customer documentation.

Labs must ensure they have the right to submit content to AI-enabled features and must avoid submitting data that is prohibited by their institution, law, ethics board, data-sharing agreement, or customer contract.

9. How We Share Personal Data

We may share personal data with:

  • the lab, institution, or workspace that invited or manages the user;
  • other users in the same lab or project according to role-based access settings;
  • public viewers, if the user or lab publishes public content;
  • service providers and subprocessors that host, store, transmit, secure, analyze, or support Labticle;
  • professional advisers, auditors, insurers, banks, and legal advisers;
  • authorities, regulators, courts, or third parties where legally required or necessary to protect rights, safety, or security;
  • a buyer, investor, lender, successor, or acquiring entity in connection with financing, diligence, merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and legal safeguards.

We do not sell personal data in the ordinary sense of directly exchanging it for money.

10. Subprocessors

Labticle uses third-party service providers to operate the service. The current subprocessor list is maintained in our subprocessor documentation.

Customers with a signed Data Processing Agreement may receive notice of material subprocessor changes according to that agreement.

11. International Transfers

Labticle is an international SaaS service. Personal data may be processed in countries other than the user's country of residence, including countries that may have different data protection laws.

Where GDPR, UK GDPR, or similar transfer rules apply, Labticle will use appropriate safeguards, such as Standard Contractual Clauses, UK transfer terms, adequacy decisions, or other lawful transfer mechanisms.

12. Data Retention

Labticle keeps personal data only for as long as reasonably necessary for the purposes described in this policy, customer instructions, legal obligations, security, auditability, dispute resolution, and service operation.

13. Security

Labticle uses technical and organizational measures designed to protect personal data, including authentication, access control, tenant isolation, row-level security, audit logging, rate limiting, monitoring, backups, and provider security controls.

No internet service is perfectly secure. Users and labs must protect their credentials, use appropriate account access controls, and promptly report suspected unauthorized access.

14. Individual Rights

Depending on location and applicable law, individuals may have rights to:

  • access personal data;
  • correct inaccurate data;
  • delete data;
  • object to certain processing;
  • restrict processing;
  • receive a portable copy of data;
  • withdraw consent;
  • opt out of certain analytics, marketing, sale, or sharing practices;
  • lodge a complaint with a data protection authority.

Where Labticle acts as a processor for a lab or institution, Labticle may refer requests to that customer or act on the customer's instructions.

Requests may be sent to privacy@labticle.com. Labticle may need to verify identity before fulfilling a request.

15. Children And Minors

Labticle is not intended for use by children under the age required by applicable law without appropriate institutional, parental, or guardian authorization. Labs and institutions are responsible for ensuring that minors are invited only where lawful and appropriate.

16. Customer And Lab Responsibilities

Labs and institutions using Labticle are responsible for:

  • having a lawful basis to invite users and process their data;
  • providing required notices to their members, students, trainees, staff, or collaborators;
  • configuring public visibility and form collection responsibly;
  • obtaining required consents or approvals;
  • avoiding unauthorized uploads of sensitive, patient, confidential, third-party, or regulated data;
  • responding to user requests where the lab is the controller;
  • complying with institutional, ethics, research, employment, student, and privacy obligations.

17. Changes To This Policy

Labticle may update this Privacy Policy from time to time. If changes are material, Labticle will provide appropriate notice, such as by updating the service, emailing account administrators, or posting a revised policy.

18. Contact

For privacy questions or requests, contact:

Labticle Ltd. Lagos, Nigeria privacy@labticle.com

19. Reference Standards Considered

This draft was prepared with reference to international privacy principles and official guidance, including GDPR transparency and individual rights guidance from the European Commission, UK GDPR guidance from the UK ICO, California privacy-rights guidance, and data-protection impact assessment concepts from European data protection authorities.