Contents

• Who we are
• Data we collect
• Sub-processors
• Why we collect it
• How long we keep it
• Your rights
• Cookies
• Children
• Changes
• Contact

Privacy Policy

Last updated: June 21, 2026

Haritica is a bioinformatics platform for differential expression and related analyses. This policy explains what personal data we collect, why, who else processes it, and the rights you have over it.

Who we are (data controller)

The data controller responsible for your personal data is Haritica. For any privacy question or to exercise the rights described below, contact us at team@haritica.com.

Data we collect

• Account data: email, display name, country (used to determine your payment provider), password hash (held by AWS Cognito, never seen by us in plaintext).
• Billing metadata: subscription status, invoice history, payment method brand and last four digits. Full card details are stored by Stripe or Polar, not by us.
• Usage and analysis data: the input files you upload (count matrices, BAM, FASTQ), the analyses you run, their results, and timing/cost metadata. Files live in our AWS S3 buckets.
• Operational logs: request URL, status code, IP address (used for rate limiting and abuse prevention; not sold or shared).
• Service metrics: aggregate operational counts — such as the number of sign-ups, sign-ins, and analysis jobs that succeed or fail — used to monitor service health. These are totals, not records of individual behaviour, and are never sold or shared.
• Diagnostic telemetry (desktop, opt-in): if you explicitly enable it in Settings, the desktop app may send anonymous crash reports and basic usage events (app launches, software-update outcomes, the analysis type that ran and whether it succeeded or failed). This is off by default. It contains no analysis results, file contents, gene or sequence data, file paths, account identity, or other personal information — only a random, anonymous install identifier that is never tied to your account. Error messages are truncated and stripped of file paths before they leave your device. You can disable it again at any time from the Settings page.

Sub-processors

• Amazon Web Services (AWS): hosting, compute, S3 storage, RDS Postgres, Cognito identity. Region: us-east-1 unless otherwise stated. Processing occurs under the AWS Data Processing Addendum, which incorporates the EU Standard Contractual Clauses for cross-border data transfers — see the AWS GDPR DPA.
• Stripe, Inc. (US customers): card processing, subscription billing, invoicing, sales tax.
• Polar Software, Inc. (non-US customers): acts as Merchant of Record, handles VAT/GST, card processing, invoicing.

Why we collect it

Account and billing data are needed to operate your subscription and comply with merchant rules. Analysis data is needed to run your jobs and show you the results. Operational logs and aggregate service metrics are kept for security, debugging, abuse prevention, and monitoring service health.

How long we keep it

• Account and billing records: for the lifetime of your account, then 30 days after deletion request (grace period). Records required for tax / accounting are retained as long as legally required.
• Analysis inputs and results: retained while your account is active. Deleted on account deletion, after the 30-day grace period.
• Operational logs: rotated within 90 days.

Your rights

You can request access, correction, deletion, or export of your personal data at any time by emailing team@haritica.com. You can also self-serve account deletion from the Profile page; this starts a 30-day grace period after which all data (except records we are legally required to retain for tax and accounting), your Stripe or Polar customer record, and your S3 storage are permanently removed.

Cookies

We set cookies that are strictly necessary for sign-in (session tokens) and your acceptance of this notice. We do not currently use analytics or advertising cookies.

Children

Haritica is not intended for users under 16. We do not knowingly collect personal data from children.

Changes

Material changes to this policy will be announced in-app. Continued use after the effective date constitutes acceptance.

Contact

Email team@haritica.com. We respond to verifiable requests within 30 days.