Privacy Policy

COTEK FZ LLC ("we", "our", or "us") operates SCI Cotek (the "Platform"), accessible at https://sci.cotek.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

By accessing or using SCI Cotek, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Platform.

We collect information that you provide directly to us:

Account Information: When you register, we collect your name, email address, organisation, department, and password (stored as a bcrypt hash — we never store your plain password).

Scientific Data: Files you upload (Excel, CSV), including measurement records, parameter values, timestamps and any metadata contained in those files. This data is stored securely and is only accessible by you and anyone you explicitly share it with.

Usage Information: Features you use, pages you visit, actions you take within the Platform (such as datasets created, analyses run, reports generated).

Payment Information: If you subscribe to our Pro plan, payment is processed by Stripe. We do not store your full card details — only a Stripe customer ID and subscription reference.

Communications: If you contact us via email, we retain those communications to help respond to your inquiry.

We use the information we collect to:

- Provide, maintain, and improve the Platform
- Process your subscription and send billing-related emails
- Send transactional emails (account creation, team invites, password resets)
- Enforce usage limits based on your subscription plan
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
- Communicate important changes to the Platform or this policy

We do not use your scientific data to train AI models. We do not sell your personal data to third parties.

SCI Cotek uses the Anthropic Claude API to power AI features (chat, report generation, threshold recommendations, natural language queries).

When you use AI features, relevant portions of your dataset (statistical summaries, sample records) are sent to Anthropic's API to generate responses. This data is processed according to Anthropic's privacy policy and is not used to train their models under our API agreement.

You can review Anthropic's privacy practices at anthropic.com/privacy.

Your data is stored in a Neon PostgreSQL database hosted on AWS infrastructure. All connections use SSL/TLS encryption. Passwords are hashed using bcrypt with 12 rounds.

We implement technical and organisational measures to protect your data, including access controls, encrypted connections, and regular security reviews. However, no method of transmission over the internet is 100% secure.

Data is stored in the United States. If you are located in the UAE, EEA, or UK, please be aware that data may be transferred internationally.

We share your data only in the following circumstances:

Service Providers: We use third-party services to operate the Platform, including Neon (database hosting), Vercel (application hosting), Anthropic (AI processing), Stripe (payment processing), and Resend (transactional email). Each provider has their own privacy policy.

Team Features: If you share a dataset or invite a user to your team, that user will have access to the specific data you shared.

Legal Requirements: We may disclose your information if required by law, court order, or governmental authority.

Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

We will never sell your personal data or scientific data to third parties for marketing purposes.

Depending on your location, you may have the following rights:

- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Portability: Request your data in a machine-readable format
- Objection: Object to certain processing activities
- Withdrawal of Consent: Where processing is based on consent

To exercise these rights, email us at support@cotek.live. We will respond within 30 days.

We use cookies and similar technologies to operate the Platform. For details on how we use cookies, please see our Cookie Policy at https://sci.cotek.app/cookies.

Essential session cookies are required for authentication and cannot be disabled.

SCI Cotek is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us immediately at support@cotek.live.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Scientific data (datasets and records) is deleted immediately upon your request or within 30 days of account deletion.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on the Platform. The "Last updated" date at the top of this policy reflects the most recent revision.

Continued use of the Platform after changes are posted constitutes your acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

COTEK FZ LLC
Email: support@cotek.live
Website: https://sci.cotek.app

For GDPR-related requests, please include "GDPR Request" in your email subject line.