Privacy Policy
Updated February 15, 2026
This Privacy Policy describes how LatticeZero ("we," "us," or "our") collects, uses, stores, and protects your information when you use the LatticeZero platform ("the Service"). We are committed to protecting the privacy and confidentiality of your molecular data.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Name
- Organization or affiliation (optional)
- Password (stored as a salted hash; we never store plaintext passwords)
1.2 Molecular Data
When you use the Service, you may upload:
- Protein receptor structures (PDB files)
- Compound libraries (SDF, MOL2, SMILES)
- Custom scoring profiles and parameters
1.3 Results Data
The Service generates and stores:
- Docking scores and energy term decompositions
- Ranked compound lists
- Pose coordinates and quality metrics
- Scoring profile configurations
1.4 Usage Data
We automatically collect:
- Pages visited, features used, and session duration
- Browser type, operating system, and device information
- IP address (for security and abuse prevention)
- Error logs and performance metrics
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide the scoring and docking service | Molecular data, account info |
| Maintain and improve platform performance | Usage data, error logs |
| Generate aggregate, anonymized statistics | Usage data (anonymized) |
| Communicate service updates and maintenance | Email address |
| Prevent abuse and ensure security | IP address, usage patterns |
3. How We Do NOT Use Your Information
- Train AI or machine learning models on your uploaded molecular data or results
- Sell, rent, or share your data with third parties for their commercial benefit
- Use your molecular data for advertising or marketing purposes
- Mine your compound libraries for our own research purposes
4. Shield Mode
When Shield Mode is activated for a job:
- Uploaded structures are processed in ephemeral compute
- No molecular data is retained on our servers after the job completes
- Results are delivered to your browser and not stored server-side
- A zero-trace badge indicates Shield Mode is active in the interface
Shield Mode is designed for users with the highest data confidentiality requirements. Note that WebGPU-based scoring (IsoScore, IsoPose) already executes entirely client-side - compound structures are never transmitted to our servers during browser-based scoring.
5. Data Storage and Security
| Measure | Detail |
|---|---|
| Hosting provider | DigitalOcean (US region) |
| Encryption in transit | TLS 1.3 (all connections) |
| Encryption at rest | AES-256 encrypted volumes |
| Access controls | Role-based access, SSH key authentication, no shared credentials |
| Audit logging | All data access and administrative actions are logged |
| Backups | Encrypted nightly backups with 30-day retention |
6. Data Retention
| Scenario | Retention Period |
|---|---|
| Active accounts | Data retained while account is active |
| Inactive accounts | Data retained 90 days after last login, then deleted |
| Shield Mode jobs | Data deleted immediately after job completion |
| Account termination | Data deleted within 30 days unless export requested |
| Anonymized usage statistics | Retained indefinitely (no personal or molecular data) |
7. Third-Party Services
We use the following third-party services that may process limited data:
| Service | Purpose | Data Shared |
|---|---|---|
| DigitalOcean | Infrastructure hosting | All data (hosted on their servers) |
| Stripe (future) | Payment processing | Payment details only (not molecular data) |
We do not use third-party advertising services. We do not embed third-party tracking pixels.
8. Your Rights
You have the right to:
- Access your data - view all stored molecular data and results through your account dashboard
- Export your data - download your results, scoring profiles, and uploaded structures at any time
- Delete your data - request deletion of specific projects or your entire account
- Correct your data - update your account information through account settings
To exercise these rights, contact privacy@latticezero.com. We will respond within 30 days.
9. GDPR Compliance (EU Users)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access (Art. 15) - obtain a copy of your personal data
- Right to rectification (Art. 16) - correct inaccurate personal data
- Right to erasure (Art. 17) - request deletion of your personal data
- Right to data portability (Art. 20) - receive your data in a machine-readable format
- Right to restrict processing (Art. 18) - limit how we process your data
- Right to object (Art. 21) - object to processing based on legitimate interests
Our legal basis for processing is performance of a contract (providing the Service you requested) and legitimate interests (platform security and improvement).
A Data Processing Agreement is available on request for enterprise customers requiring GDPR-compliant data processing terms.
10. Cookies
| Cookie Type | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication and session management | Browser session |
| CSRF token | Cross-site request forgery protection | Browser session |
We do not use tracking cookies, third-party advertising cookies, or analytics cookies that identify individual users.
11. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect information from children. If we become aware that a child has provided us with personal information, we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before they take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.
13. Contact
For privacy-related questions or data requests, contact:
privacy@latticezero.com