Privacy Policy

Effective date: June 20, 2026

This policy describes how VectaBind (“we”, “us”) handles information when you use vectabind.com, our interactive app, and our API. We built this for researchers and medicinal chemists — we collect only what we need to run the service.

This is a plain-language policy for a small scientific software service. It is not legal advice. Contact us if you need a data-processing agreement for enterprise use.

Who we are

VectaBind is operated as a Pennsylvania sole proprietorship. Contact: [email protected].

Information we collect

Account / signup: email address (required), optional name and use-case description when you request a free API key.
API usage: API key identifier (stored hashed), request counts, timestamps, and tier limits for billing and abuse prevention.
Technical data: IP address, browser type, and basic server logs when you use the website or API.
Compounds you submit: SMILES strings, optional compound IDs/notes from CSV uploads, and scoring results returned by our models. Libraries uploaded in Hit Triage are stored in your browser (localStorage/IndexedDB) unless you send them to our API for scoring.
Contact form: name, email, organization, and message if you contact us via the website form.
Local browser storage: API key (if you paste or receive one), job history, and saved libraries — stored on your device, not our servers.

We do not require payment card information for the free tier. We do not sell your email or compound lists to third parties.

How we use information

Create and deliver API keys, enforce usage limits, and provide support.
Run binding-affinity predictions and return results to you.
Prevent abuse (rate limits, duplicate signups, invalid requests).
Improve reliability and respond to security or operational issues.
Reply to contact and enterprise inquiries.

We use submitted structures only to provide the service you request (scoring, batch scoring, generation). We do not use your proprietary compound structures to train public models without a separate written agreement.

Legal basis (EEA/UK users)

If GDPR applies: we process account and usage data to perform our contract with you (providing API access) and for legitimate interests (security, fraud prevention, and service improvement). You may withdraw marketing consent at any time; transactional emails (e.g. API keys) are necessary to deliver the service.

Third-party services

Cloudflare — website hosting, CDN, and (when enabled) transactional email delivery.
ChEMBL — the app may query ChEMBL’s public REST API from your browser for structural similarity; we do not send your email to ChEMBL.
Formspree — contact form delivery (if used).

These providers process data under their own policies when you interact with them.

Cookies and analytics

We do not use third-party advertising or analytics cookies at this time. The app may store functional data in your browser (API key, libraries). Cloudflare may set essential cookies for security and delivery.

Retention

API keys and account metadata: while your account is active, plus a reasonable period after deactivation for abuse prevention.
Signup and rate-limit logs: typically up to 12 months.
Server logs: typically up to 90 days unless needed for security investigations.
Compounds sent to the API: processed in real time; we do not maintain a permanent proprietary compound database from free-tier scoring unless you enter a separate agreement.

Security

API keys are stored hashed. Traffic uses HTTPS. Keep your API key confidential — anyone with your key can use your quota. Report suspected compromise to [email protected].

Your choices and rights

Access / deletion: email us to request a copy of account data we hold or to delete your API key.
Opt out of marketing: we send transactional email for keys and service notices; we do not send bulk marketing without consent.
California residents: you may have additional rights under CCPA/CPRA; contact us to exercise them.
EEA/UK residents: you may lodge a complaint with your local supervisory authority.

Children

VectaBind is a professional research tool not directed at children under 16. We do not knowingly collect data from children.

Service terms (summary)

Predictions are computational estimates for research triage — not medical advice, not experimental K_i/K_d, and not a substitute for laboratory validation. Do not use the service for patient care decisions. You are responsible for compounds you submit and for complying with your organization’s policies. Abuse (scraping, sharing keys publicly, circumventing limits) may result in key revocation.

Changes

We may update this page. The effective date at the top will change when we do. Continued use after updates means you accept the revised policy.

Contact

Privacy questions or data requests: [email protected]