Home · Privacy Policy

Privacy Policy

Effective 2026-04-15 · CellsWave · MolDyn v1.0

In one line: We collect the minimum needed to run your account and invoice your plan. Your SMILES are processed in memory and discarded after the query — we retain only a non-reversible SHA-256 hash for abuse detection.

1. Who we are

CellsWave ("we", "us") operates the MolDyn virtual-screening platform at cellswave.com. For privacy questions contact [email protected].

2. Data we collect

2.1 Account & trial registration

Name (full name you provide at registration)
Work email (for delivering credentials, support, and product updates)
Company and target type
Project description (optional, free text)

2.2 Usage and request logs

Request metadata: timestamps, endpoint, API key identifier, response status, request duration, number of results returned
Query fingerprint: SHA-256 hash of the SMILES string (for SMILES requests) or the PDB identifier (for dock requests). The hash is non-reversible and cannot be used to reconstruct the original molecule
Not retained: raw SMILES strings, molecule names, compound structures, ranked hit lists, and any proprietary library you query against
Aggregate usage statistics: anonymized request counts, latency, target popularity

2.3 Not collected

We do not collect: browsing history, device identifiers, third-party advertising identifiers, or payment card data (billing is handled by third- party processors; we receive only invoice status).

3. How we use your data

Provisioning your trial or paid account (issuing license key, API key)
Authenticating API requests and enforcing plan quotas
Providing support when you contact us
Occasional product updates — you can opt out at any time by replying to any email
Detecting abuse, debugging, and improving the service
Meeting legal, regulatory, and tax obligations

We do not sell your data, share it with advertisers, or use your queries to train third-party models.

4. Data architecture

MolDyn is delivered as a hosted HTTPS API at api.cellswave.com. SMILES are transmitted over TLS 1.3, processed in memory on CellsWave GPU infrastructure, and discarded as soon as the response is returned. We never write raw SMILES, compound names, or ranked hit lists to persistent storage. The only content retained for each query is a non-reversible SHA-256 hash of the input, used for abuse detection. Enterprise engagements sign a mutual NDA and a GDPR Article 28 DPA before any query traffic begins.

5. Legal basis (GDPR)

Contract — providing the service you signed up for (Art. 6(1)(b))
Legitimate interest — abuse detection, service security, product improvement (Art. 6(1)(f))
Legal obligation — tax, audit, regulatory (Art. 6(1)(c))
Consent — optional marketing emails, where required (Art. 6(1)(a))

6. Your rights

Under GDPR and comparable laws you have the right to: access your data, correct it, delete it ("right to erasure"), export it in a portable format, restrict processing, object to processing, and lodge a complaint with your data-protection authority.

To exercise any of these rights — including deleting your account and all associated data — email [email protected] from the address on file. We respond within 30 days.

7. Data retention

Active accounts: retained while account is active
Request payloads (SMILES / PDB IDs): up to 180 days
Request metadata / logs: up to 24 months
Closed accounts: purged within 90 days of closure, except records we are required to retain for tax, legal, or audit purposes

8. Sub-processors

We use third parties to host, deliver email, and process payments. Each operates under a data-processing agreement compatible with GDPR. Current list is available on request.

9. Data transfers

Data may be processed in the European Union and the United States. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.

10. Security

Data in transit is protected by TLS. Internal access is restricted to the smallest team necessary, with key rotation and audit logging. We take reasonable and industry-standard steps to protect your data, but no system is perfectly secure.

11. Changes to this policy

Material changes will be communicated by email at least 30 days before taking effect. The current version is always posted here with an effective date.

12. Contact

Questions, requests, or complaints: [email protected]. For urgent security reports please write [email protected].