Cognitive Chemistry Labs builds enterprise-grade computational chemistry tools with transparent data practices. This page summarizes how we protect information on cognichem.com and related services.

• Account data: name, email, organization details, and authentication credentials managed through our identity provider.
• Billing data: subscription tier, wallet balance, and payment history processed by our payment provider.
• Metadata: types of submitted jobs, models used, and usage metadata (not uploaded files/data).
• Support & demo requests: information you voluntarily provide through contact forms or email.

For full details on personal information collection and use, see our Privacy Policy.

• Encryption in transit: all site traffic is served over HTTPS. In production we send Strict-Transport-Security (HSTS) headers.
• Browser security headers: Content-Security-Policy, frame denial, and related headers are applied site-wide (see our internal security headers documentation for technical detail).
• Authentication: sign-in is handled through Supabase Auth with industry-standard session management; API routes that access your account require a valid bearer token.
• Payments: card data is collected and stored by Stripe on their PCI-compliant infrastructure; our servers receive only tokens and event metadata.
• Webhook integrity: Stripe webhooks are verified with signing secrets before any wallet or subscription state changes.
• Least privilege: server-side keys and secrets are environment-scoped and never exposed to the browser.

We use trusted providers to operate the marketing site, accounts, and billing flows:

Enterprise customers may request an up-to-date subprocessor list and data processing terms as part of a commercial agreement.

• We retain account and billing records as long as needed to provide the service and meet legal obligations, then delete or de-identify data when no longer required.
• You may update profile information from your account page after signing in.
• You may request access, correction, or deletion of personal data by contacting [email protected].

Custom deployments, data processing agreements (DPAs), security questionnaires, and enhanced support are available on our Enterprise plan. We do not claim third-party certifications on this page unless explicitly agreed in your contract.

For security inquiries or enterprise terms, contact [email protected] or request a demo.