Privacy Policy for Nodes Bio, Inc.

Nodes Bio, Inc. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at www.nodes.bio and participate in our Private Beta program.

Being Honest About Who We Are

We are an early-stage startup. Nodes Bio is a Delaware C-corporation founded in 2025, backed by Rev1 Ventures and Ohio Third Frontier. We are in Private Beta, which means:

• We are actively developing and improving the product based on user feedback
• You may encounter bugs or incomplete features
• Your feedback directly shapes what we build
• We may reach out to ask about your experience

What this means for your privacy: We handle your data with the same care as larger companies, but we're small enough that your feedback matters immensely. We will never sell your data or use it for purposes other than making Nodes Bio better for researchers like you.

YOU own your data. Period.

What You Own

• All biological maps, graphs, and visualizations you create are YOUR intellectual property
• All research data, notes, and content you upload remain YOUR property
• Any discoveries, insights, or inventions you develop using Nodes Bio are YOURS

We do not claim any ownership rights to your research, your maps, or your data.

What We Get (Limited License)

To provide and improve the service, you grant us a limited license to:

• Store your data on our servers (AWS)
• Display your maps back to you through our platform
• Process your content with AI services (Claude, GPT-4, etc.) when you use those features
• Make temporary copies for backup and technical operations
• Learn from usage patterns to improve our AI and platform features

How We May Use Your Data to Improve Nodes Bio

Being honest about machine learning: As a beta-stage platform, we want to train our systems to get better at helping researchers like you. Here's what that means:

What we may learn from:

• Anonymized patterns - How researchers structure biological maps (without your specific data)
• Common workflows - What features get used together, where users get stuck
• Aggregated insights - "50% of users create cell signaling maps" (no individual identification)

What we need your consent for:

• Training AI models on your specific biological content - If we want to use your actual maps/data to train better AI features, we will ask for your explicit opt-in permission first
• Using your proprietary research - We will never use your unique discoveries to train models without asking you directly

You will control this (coming soon): We are building account settings where you can choose data sharing preferences. Until this feature launches, our default behavior is:

• ✅ We collect anonymized usage patterns to improve the platform
• ❌ We do NOT train AI models on your specific biological content without explicit permission
• 📧 Email us at privacy@nodes.bio if you want to opt out of anonymized data collection

After account deletion: We may retain anonymized, aggregated insights (e.g., "users prefer visual layouts over text"), but we will not retain your specific research content or personally identifiable data.

What This Means

• You can publish your findings - Your research created with Nodes Bio can be published, patented, or commercialized freely
• You can export your data - Email privacy@nodes.bio to request a full export of all your maps and content
• You control access - Your maps are private by default; you choose if/when to share them
• No hidden claims - We will never claim ownership, royalties, or rights to anything you create

If you create something valuable using Nodes Bio, we're thrilled for you. We make money by charging for the software, not by claiming your IP.

Information You Provide

When you sign up for the Nodes Bio Private Beta, we collect:

• Name (first and last name)
• Email address (work email preferred)
• Company name (optional)
• Job title/role (optional)
• LinkedIn profile information (when signing up via LinkedIn)

Automatically Collected Information

When you use our platform, we may automatically collect:

• Usage data (features used, session duration, interactions)
• Technical data (IP address, browser type, device information)
• Cookies and similar tracking technologies

We use your information to:

1. Provide beta access to the Nodes Bio platform
2. Communicate with you about product updates, features, and beta program participation
3. Improve our product based on usage patterns and feedback
4. Provide customer support and respond to your inquiries
5. Comply with legal obligations and protect our rights
6. Send occasional research surveys to understand your needs (you can opt out)

What "Improve Our Product" Actually Means

Let's be specific about what we do with your usage data:

• We analyze which features you use to decide what to build next
• We look at where you get stuck to fix confusing workflows
• We may review the biological maps you create to understand common use cases and fix issues (we can see what you create, but we won't share it with others)
• We track bugs and errors to fix technical issues
• We measure how long features take to optimize performance

Example: If 50 users try to upload a file and 40 of them abandon it, we know the upload flow is broken and needs fixing.

What We Will NEVER Do

We will NOT:

• Sell your personal information to third parties
• Share your research data with competitors or other users
• Share your information with advertisers or marketing companies
• Use your data for purposes beyond those listed above without your consent

About AI and Your Content:

• We use third-party AI services (Claude, GPT-4, etc.) to help you create biological maps. When you use these features, your input is sent to these AI providers per their terms of service.
• We may train our own AI models on anonymized, aggregated usage patterns to improve the platform
• If we want to train on your specific biological content or proprietary research, we will ask for your explicit opt-in consent via email (account settings feature coming soon)

We may share your information only in these limited circumstances:

Service Providers

We work with trusted third-party service providers who help us operate our platform:

• AWS (Amazon Web Services) - Cloud hosting and infrastructure
• Authentication providers - For secure login
• Email service providers - For product communications

These providers are contractually bound to protect your data and use it only for services they provide to us.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights or property
• Prevent fraud or security issues
• Protect the safety of our users

Business Transfers

If Nodes Bio is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you of any such change.

How We Protect Your Data

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS/SSL) for all data transmission between your browser and our servers
• AWS infrastructure - We use Amazon Web Services, a SOC 2 Type II certified cloud provider trusted by healthcare and financial institutions
• Database encryption - Your account data is stored in encrypted databases
• Access controls - Limited team members can access production systems, and all access is logged
• HTTPS only - Our website and API require secure connections

What we're still configuring: As an early-stage startup, we're continuously improving our security. Some AWS encryption-at-rest features are still being configured. If you have specific security requirements for sensitive research data, please contact us at security@nodes.bio before uploading.

Being Honest About Security Limitations

We are a small team. Unlike large companies with dedicated security teams, our security posture is:

• Strong infrastructure: We leverage AWS's enterprise-grade security (the same infrastructure used by hospitals and banks)
• Industry best practices: We follow OWASP guidelines and AWS security recommendations
• Limited resources: We don't have a dedicated security team yet, but security is built into our development process
• Rapid response: If you report a security issue, you're likely talking directly to the founder (not a tier-1 support agent)

No guarantees: No method of transmission over the internet is 100% secure. While we implement strong security measures and take your data protection seriously, we cannot guarantee absolute security. If you have concerns about data sensitivity, please contact us before uploading proprietary research data.

You have the following rights regarding your information:

Access and Correction

During our Private Beta, please email privacy@nodes.bio to access or update your profile information. Self-service account settings are coming soon.

Data Deletion

You can request deletion of your account and personal information by emailing privacy@nodes.bio. We will delete your data within 30 days, except where we're required to retain it for legal purposes.

Opt-Out of Communications

You can unsubscribe from our marketing emails by:

• Clicking the "unsubscribe" link in any email
• Emailing support@nodes.bio with your request

You will still receive essential service-related emails (e.g., account security notifications).

Data Portability

You can request a copy of your data in a portable format by emailing privacy@nodes.bio.

We retain your information for as long as:

• Your account is active
• Needed to provide you with our services
• Required by law or for legitimate business purposes

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

We use cookies and similar technologies to:

• Keep you logged in
• Remember your preferences
• Analyze platform usage
• Improve user experience

You can control cookies through your browser settings, but disabling cookies may limit platform functionality.

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Our Honest Position on Student Use

The Reality: While Nodes Bio is designed for professional researchers and biotech innovators, we recognize that students may use our site to help understand concepts for homework.

What This Means

No accounts under 13: We do not knowingly collect personal information from children under 13. If you are under 13, please do not create an account or provide any personal information. We comply with the Children's Online Privacy Protection Act (COPPA).

Ages 13-17: Anyone can view our public content. However, if you are under 18 and want to create an account, by creating an account you represent that you have obtained permission from your parent or legal guardian.

We do not ask for or collect your age during signup. By using our service, you confirm you meet the age requirements above.

To Parents/Guardians: If you believe your child has created an account without your consent, please contact us immediately at privacy@nodes.bio. We will delete the account and all associated information within 24 hours of verification.

Nodes Bio is based in the United States. If you access our platform from outside the U.S., your information may be transferred to, stored, and processed in the U.S. By using our platform, you consent to this transfer.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information (with certain exceptions)
• Right to opt-out of sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@nodes.bio.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have comprehensive rights under the General Data Protection Regulation (GDPR):

Right to Be Forgotten (Erasure)

You can request complete deletion of your data at any time. When you exercise your right to be forgotten:

1. We will permanently delete all your personal information within 30 days
2. This includes: account data, usage history, communications, and any content you created
3. We will confirm deletion via email
4. Exception: We may retain anonymized data for legal compliance (e.g., financial records required by tax law)

How to exercise: Email privacy@nodes.bio with subject line "Right to Be Forgotten Request"

Other GDPR Rights

• Right to access - Request a copy of all personal data we hold about you
• Right to rectification - Correct any inaccurate or incomplete data
• Right to restrict processing - Limit how we use your data in certain circumstances
• Right to data portability - Receive your data in a machine-readable format to transfer to another service
• Right to object - Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent - Withdraw consent at any time (doesn't affect prior processing)
• Right to lodge a complaint - File a complaint with your local data protection authority

Legal Basis for Processing: We process your data based on:

• Consent (you signed up for our service)
• Contract performance (providing the service you requested)
• Legitimate interests (improving our product, fraud prevention)

To exercise any GDPR rights, contact us at privacy@nodes.bio. We will respond within 30 days.

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for material changes)

Your continued use of Nodes Bio after changes indicates acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our privacy practices, contact us: