Privacy Policy

Effective 2026-04-15 · CellsWave · MolDyn v1.0

1. Who we are

CellsWave ("we", "us") operates the MolDyn virtual-screening platform at cellswave.com. For privacy questions contact hello@cellswave.com.

2. Data we collect

2.1 Account & trial registration

• Name (full name you provide at registration)
• Work email (for delivering credentials, support, and product updates)
• Company and target type
• Project description (optional, free text)
• GPU availability flag

2.2 Usage and request logs

• Request metadata: timestamps, endpoint, API key identifier, response status, request duration
• Request payload: SMILES strings and PDB identifiers submitted to the API. Retained up to 180 days for abuse detection, quota enforcement, and quality assurance, then deleted
• Aggregate usage statistics: anonymized request counts, latency, target popularity

2.3 Not collected

We do not collect: browsing history, device fingerprints, third-party advertising identifiers, or payment card data (billing is handled by third- party processors; we receive only invoice status).

3. How we use your data

• Provisioning your trial or paid account (issuing license key, API key)
• Authenticating API requests and enforcing plan quotas
• Providing support when you contact us
• Occasional product updates — you can opt out at any time by replying to any email
• Detecting abuse, debugging, and improving the service
• Meeting legal, regulatory, and tax obligations

We do not sell your data, share it with advertisers, or use your queries to train third-party models.

4. BYOC deployments

When you deploy MolDyn in your own cloud or on-premise (BYOC mode), your screening queries, compound libraries, pocket structures, and ranked hit lists stay inside your infrastructure. The only outbound network call is periodic license validation to api.cellswave.com, which transmits your license identifier and a hardware fingerprint — no query data. An offline (airgapped) licensing mode is available on request.

5. Legal basis (GDPR)

• Contract — providing the service you signed up for (Art. 6(1)(b))
• Legitimate interest — abuse detection, service security, product improvement (Art. 6(1)(f))
• Legal obligation — tax, audit, regulatory (Art. 6(1)(c))
• Consent — optional marketing emails, where required (Art. 6(1)(a))

6. Your rights

Under GDPR and comparable laws you have the right to: access your data, correct it, delete it ("right to erasure"), export it in a portable format, restrict processing, object to processing, and lodge a complaint with your data-protection authority.

To exercise any of these rights — including deleting your account and all associated data — email hello@cellswave.com from the address on file. We respond within 30 days.

7. Data retention

• Active accounts: retained while account is active
• Request payloads (SMILES / PDB IDs): up to 180 days
• Request metadata / logs: up to 24 months
• Closed accounts: purged within 90 days of closure, except records we are required to retain for tax, legal, or audit purposes

8. Sub-processors

We use third parties to host, deliver email, and process payments. Each operates under a data-processing agreement compatible with GDPR. Current list is available on request.

9. Data transfers

Data may be processed in the European Union and the United States. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

10. Security

Data in transit is protected by TLS. Internal access is restricted to the smallest team necessary, with key rotation and audit logging. We take reasonable and industry-standard steps to protect your data, but no system is perfectly secure.

11. Changes to this policy

Material changes will be communicated by email at least 30 days before taking effect. The current version is always posted here with an effective date.

12. Contact

Questions, requests, or complaints: hello@cellswave.com. For urgent security reports please write security@cellswave.com.