Privacy Policy

Last updated: 4 May 2025

1. Who We Are

biowxve ("we", "us", "our") operates the website at www.biowxve.com. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For data protection queries, contact us at: support@biowxve.com

2. What Data We Collect

We collect the following categories of personal data:

• Account data: Email address, display name, and encrypted password (via Supabase Auth).
• Usage data: Number of AI chats, paper searches, and flashcard decks used per month.
• Content data: Your AI chat history, saved papers, flashcard decks, and portfolio entries, if you are a registered user.
• Payment data: Subscription plan and payment status. Card details are handled entirely by Stripe and never stored by us.
• Technical data: IP address (used for rate limiting), browser type, and basic session information.

3. How We Use Your Data

• To provide and maintain the biowxve service.
• To manage your account and subscription.
• To enforce usage limits and prevent abuse.
• To send transactional emails (payment confirmations, cancellation notices) via Resend.
• To respond to support requests.
• To improve the platform based on aggregated, anonymised usage patterns.

We do not use your data for advertising, and we do not sell your personal data to any third party.

4. Legal Basis for Processing (UK GDPR)

• Contract: Processing your account and subscription data is necessary to provide the service you signed up for.
• Legitimate interests: We process IP addresses and usage data to maintain platform security and prevent abuse.
• Legal obligation: We may retain certain records where required by law.

5. Third-Party Services

We use the following third-party services which may process your data:

• Supabase — Authentication, database storage (EU region where possible). Privacy Policy
• Stripe — Payment processing. Card details never pass through our servers. Privacy Policy
• OpenAI — AI response generation. Your questions are sent to OpenAI's API. Privacy Policy
• Resend — Transactional email delivery. Privacy Policy
• Vercel — Website hosting and infrastructure. Privacy Policy
• PubMed / Semantic Scholar — Paper search. Your search queries are sent to these public APIs.

6. Data Retention

• Account data is retained for as long as your account is active.
• Chat history and saved papers are retained until you delete them or close your account.
• Monthly usage counts are reset at the start of each billing month.
• Payment records may be retained for up to 7 years for legal and tax compliance.
• IP-based rate limit data is stored in memory only and resets automatically.

7. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Right of access: Request a copy of the data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your account and associated data.
• Right to portability: Request your data in a machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to restrict processing: Request that we limit how we use your data.

To exercise any of these rights, use the contact form below or email us at support@biowxve.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

biowxve uses essential cookies only, via Supabase Auth, to maintain your login session. We do not use advertising or tracking cookies. No cookie consent banner is required for strictly necessary cookies under UK GDPR, but you can clear cookies at any time via your browser settings.

9. Data Security

We take reasonable technical and organisational measures to protect your data, including encrypted transmission (HTTPS), hashed passwords via Supabase Auth, and restricted access to production databases. However, no system is completely secure, and we cannot guarantee absolute security.

10. Children's Privacy

biowxve is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of biowxve after changes constitutes acceptance of the updated policy.

12. Contact Us & Data Requests

For any privacy-related questions, data access requests, or to exercise your rights under UK GDPR, use the form below. We aim to respond within 30 days.