Last update: Feb 01, 2026

Last update: Feb 01, 2026

Privacy Policy


SplicR (“SplicR,” “we,” “us,” or “our”) provides a cloud-based CRISPR screen analysis platform that enables researchers to upload sequencing data (including FASTQ files) and receive computational analysis, quality control metrics, and publication-ready insights. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our website (splicr.org), web application (app.splicr.org), and related services (collectively, the “Services”).

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Scope and Roles

This Privacy Policy applies to:

  • Visitors to our marketing website (splicr.org).

  • Registered users of the SplicR web application (app.splicr.org).

  • Organizational and institutional customers using SplicR for research.

SplicR acts as:

  • data controller for account, billing, and marketing data.

  • data processor for research data (including uploaded FASTQ files and associated metadata) that we process on behalf of our customers.

If you are using SplicR under an institutional agreement (e.g., a university or company), your institution may be the primary data controller for research data, and its policies may apply in addition to this Privacy Policy.

2. Information We Collect

We collect the following categories of information:

2.1 Account and Contact Information

  • Name, institutional affiliation, department or lab.

  • Email address and optional profile information.

  • Account credentials (hashed passwords or federated login identifiers).

2.2 Billing and Transaction Information

For paid subscriptions, we may collect:

  • Billing contact name, email, and address.

  • Partial payment information via our payment processor (we do not store full credit card numbers).

2.3 Technical and Usage Information

When you access the Services, we automatically collect:

  • IP address, browser type, device identifiers, operating system.

  • Log data (timestamps, pages viewed, actions taken, error logs).

  • Session information and performance metrics (e.g., upload sizes, analysis duration).

We may use cookies and similar technologies to maintain sessions, secure the platform, and understand how the Services are used.

2.4 Research Data (Uploaded Files and Metadata)

SplicR is designed for research use only. When you use the analysis features, we may process:

  • Uploaded sequencing files (e.g., FASTQ files).

  • Sample identifiers, experimental conditions, library information, and other metadata you provide.

  • Derived analysis results, including quality control metrics, hit lists, and visualizations.

We treat research data as confidential and process it solely to provide and improve the Services, as described below.

2.5 Communication and Support Information

If you contact us (email, support forms, feedback within the app), we collect:

  • Your contact information.

  • The content of your message and any attachments.

  • Metadata related to the request (time, channel, status).

3. Prohibited Data Types (No PHI / Clinical Use)

SplicR is not a clinical product and is not designed to store or process Protected Health Information (“PHI”) under HIPAA, nor identifiable clinical genomic data.

You must not upload or provide:

  • Direct patient identifiers (e.g., name, address, email, phone, medical record number).

  • Indirect identifiers that make an individual reasonably identifiable.

  • Clinical-grade human genomic data tied to an identified or identifiable person.

You are responsible for ensuring that all data uploaded to SplicR is sufficiently de-identified and used solely for research purposes in accordance with applicable laws, regulations, and institutional policies.

4. How We Use Information

We use the information we collect for the following purposes:

  1. Service delivery

    • Authenticate users and manage accounts.

    • Process uploads, run analyses (e.g., MAGeCK/BAGEL2), and generate results.

    • Provide dashboards, reports, and visualizations.

  2. Security and integrity

    • Detect, prevent, and investigate security incidents, abuse, and fraud.

    • Maintain system logs and audit trails.

  3. Improvement and development

    • Monitor performance and reliability (e.g., analysis times, error rates).

    • Improve algorithms, infrastructure, and user experience.

    • Develop new features and capabilities.

    Where possible, we use aggregated or de-identified information for these purposes.

  4. Communication

    • Respond to support requests and technical inquiries.

    • Send important service-related notifications (e.g., changes to policies, security alerts).

    • With your consent where required, send updates about new features, educational content, and research use cases.

  5. Legal and compliance

    • Comply with applicable laws and regulations.

    • Enforce our Terms of Service and other agreements.

    • Protect our rights, privacy, safety, and property, and that of users and third parties.

5. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

  • Performance of a contract (providing the Services you request).

  • Legitimate interests (securing and improving the platform, preventing abuse).

  • Compliance with legal obligations.

  • Your consent, where required (e.g., certain marketing communications).

You may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

6. How We Share Information

We do not sell your personal data or research data.

We may share information with:

  1. Service providers (processors)

    • Cloud hosting providers (e.g., Vercel, Railway).

    • Storage providers (e.g., Cloudflare R2 for FASTQ files).

    • Database and authentication providers (e.g., Supabase, managed PostgreSQL).

    • Analytics and logging tools.

    These providers process information solely on our behalf and under contractual obligations to protect it.

  2. Organizational customers

    If you use SplicR under an institutional account, your institution may have administrative access to:

    • Account details linked to its domain.

    • Usage metrics and analysis history associated with lab or project spaces.

  3. Legal and compliance

    We may disclose information if required to do so by law or in response to valid legal requests (e.g., subpoenas, court orders), or when necessary to:

    • Protect our rights or property.

    • Protect the safety of users or the public.

    • Detect and address fraud, security, or technical issues.

  4. Business transfers

    In the event of a merger, acquisition, financing, or sale of all or part of our business, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

7. International Transfers

SplicR may process and store information in the United States and other countries where our service providers operate.

For transfers of personal data from the EEA/UK, we rely on appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities.

  • Other lawful mechanisms as they become available.

8. Data Security

We employ technical and organizational measures designed to protect information from unauthorized access, use, alteration, and destruction. These measures include:

  • Encryption of data in transit (e.g., TLS 1.2+ / 1.3).

  • Encryption of data at rest for research data and backups where supported (e.g., AES-256).

  • Access controls, role-based access, and least-privilege principles.

  • Regular security updates and vulnerability management.

  • Logging and monitoring of system activity.

However, no system can be guaranteed completely secure, and we cannot ensure or warrant the absolute security of any information transmitted or stored.

9. Data Retention

We retain personal and research data for as long as necessary to:

  • Provide the Services to you and your institution.

  • Fulfill the purposes described in this Policy.

  • Comply with legal obligations, resolve disputes, and enforce agreements.

Examples:

  • Account information: retained while your account is active, and for a reasonable period afterwards for record-keeping and legal compliance.

  • Research data (uploaded files and results): retained according to your or your institution’s settings and agreements (e.g., project lifecycle), or until you request deletion where permissible.

  • Logs and security data: retained for a limited period necessary for security, diagnostics, and compliance.

We may retain aggregated or de-identified data that does not identify you for longer periods.

10. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

  • Access: Request a copy of your personal data we hold.

  • Rectification: Request correction of inaccurate or incomplete data.

  • Erasure: Request deletion of your personal data, subject to legal and contractual obligations.

  • Restriction: Request restriction of certain processing.

  • Portability: Request data in a structured, commonly used, machine-readable format.

  • Objection: Object to certain processing, including direct marketing.

To exercise these rights, contact us at privacy@splicr.org. We may need to verify your identity before responding.

If you are using SplicR under an institutional agreement, some requests may need to be routed through or coordinated with your institution.

11. California and Other State Privacy Rights

If you are a resident of California or other U.S. states with comprehensive privacy laws, you may have additional rights, including:

  • Right to know what categories of personal information we collect, use, and disclose.

  • Right to request access and deletion of personal information.

  • Right to correct inaccurate personal information.

  • Right to opt out of certain disclosures considered “sales” or “sharing” under applicable law (we do not sell your data).

You or your authorized agent can exercise these rights by contacting us at privacy@splicr.org. We will not discriminate against you for exercising your privacy rights.

12. Children’s Privacy

SplicR is not directed to children under 16 and we do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will take reasonable steps to delete it.

13. Third-Party Links and Integrations

The Services may contain links to third-party websites or services (e.g., documentation, external tools) that are not operated by SplicR. We are not responsible for the privacy practices or content of those third parties. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top and, where appropriate, notify you through the Services or by email.

Your continued use of the Services after the revised Policy becomes effective indicates that you have read and understood the changes.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: