Privacy Policy

Last updated: April 30, 2026

On this page

Data we collect
Sub-processors
Why we collect it
How long we keep it
Your rights
Cookies
Children
Changes
Contact

Haritica is a bioinformatics platform for differential expression and related analyses. This policy explains what personal data we collect, why, who else processes it, and the rights you have over it.

Data we collect

Account data: email, display name, country (used to determine your payment provider), password hash (held by AWS Cognito, never seen by us in plaintext).
Billing metadata: subscription status, invoice history, payment method brand and last four digits. Full card details are stored by Stripe or Paddle, not by us.
Usage and analysis data: the input files you upload (count matrices, BAM, FASTQ), the analyses you run, their results, and timing/cost metadata. Files live in our AWS S3 buckets.
Operational logs: request URL, status code, IP address (used for rate limiting and abuse prevention; not sold or shared).

Sub-processors

Amazon Web Services (AWS): hosting, compute, S3 storage, RDS Postgres, Cognito identity. Region: us-east-1 unless otherwise stated.
Stripe, Inc. (US customers): card processing, subscription billing, invoicing, sales tax.
Paddle.com Market Limited (non-US customers): acts as Merchant of Record, handles VAT/GST, card processing, invoicing.

Why we collect it

Account and billing data are needed to operate your subscription and comply with merchant rules. Analysis data is needed to run your jobs and show you the results. Operational logs are kept for security, debugging, and abuse prevention.

How long we keep it

Account and billing records: for the lifetime of your account, then 30 days after deletion request (grace period). Records required for tax / accounting are retained as long as legally required.
Analysis inputs and results: retained while your account is active. Deleted on account deletion, after the 30-day grace period.
Operational logs: rotated within 90 days.

Your rights

You can request access, correction, deletion, or export of your personal data at any time by emailing support@haritica.com. You can also self-serve account deletion from the Profile page; this starts a 30-day grace period after which all data, your Stripe or Paddle customer record, and your S3 storage are permanently removed.

Cookies

We set cookies that are strictly necessary for sign-in (session tokens) and your acceptance of this notice. We do not currently use analytics or advertising cookies.

Children

Haritica is not intended for users under 16. We do not knowingly collect personal data from children.

Changes

Material changes to this policy will be announced in-app. Continued use after the effective date constitutes acceptance.

Contact

Email support@haritica.com. We respond to verifiable requests within 30 days.