Privacy Policy

1. Information we collect

Account information. When you create an account, we collect your email address and (optionally) your first name. Authentication is provided by a third-party identity provider (Supabase), and we receive session tokens and basic profile data.

Payment information. When you purchase an intelligence report, payment is processed by Stripe, Inc. We do not store full card numbers or CVCs on our servers. We retain a record of the transaction — purchase date, amount, report topic, persona, and an associated Stripe customer ID and payment intent ID — for accounting and customer-service purposes.

Usage data. We collect data about how you interact with the Service: searches you run, reports you generate, content you save (saved projects, trials, people), and timestamps of these actions.

Generated content. The intelligence reports we synthesize for you are stored on our servers and tied to your account so you can access them and the linked underlying records during the access window described below.

Inbound messages. If you contact us through the contact form on the Service or by email, we receive what you send: name, email, organization, and the content of your message.

Technical data. Standard server logs (IP address, user-agent, request timestamp) and authentication cookies are used to operate the Service and prevent abuse.

2. Sources of underlying research data

The intelligence reports we synthesize draw on public datasets published by NIH RePORTER, ClinicalTrials.gov, the United States Patent and Trademark Office (USPTO), and PubMed. The content of these public records is the property of their respective publishers and may include personal information about principal investigators or other named individuals. granted.bio does not assert ownership of this underlying public data; we synthesize and cross-link it on your behalf.

3. How we use information

We use the information described above to:

• Operate, maintain, and improve the Service.
• Authenticate you and protect your account.
• Process your payments and provide receipts.
• Generate intelligence reports on the topics you submit.
• Send service-related communications (e.g., sign-in links, payment receipts, report-ready notifications, security notices).
• Respond to your inquiries.
• Detect, prevent, and address fraud, abuse, or security incidents.
• Comply with our legal obligations.

We do not sell your personal information. We do not use your personal data to train third-party AI models.

4. Who we share information with

We share information with the following categories of service providers, only to the extent necessary for them to provide their services to us:

• Supabase — database, authentication, and storage.
• Stripe — payment processing and hosted receipts.
• Vercel — application hosting.
• OpenAI — generating embeddings for semantic search.
• Anthropic — generating the synthesis narrative inside intelligence reports.
• Resend — transactional email delivery.

Each of these providers operates under its own privacy policies and data-processing agreements. We share with them only what is necessary for the service they provide.

We may also disclose information if required by law, subpoena, court order, or other valid legal process, or to protect our rights, our users, or the public.

5. Data retention and access

We retain your account information and generated reports for as long as your account remains active. After report generation, you have three months of in-platform drill-down access to every linked project, trial, patent, and publication referenced in the report. You may also use one free refresh within twelve months of purchase to re-synthesize the report against current NIH data.

You may request deletion of your account and associated data at any time by emailing admin@granted.bio. We may retain certain records (e.g., financial transaction history) as required by law.

6. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion of your data.
• Export your data in a portable format.
• Object to or restrict certain processing.

To exercise these rights, email admin@granted.bio.

7. Cookies and similar technologies

We use cookies that are necessary to operate the Service, including authentication cookies managed by Supabase. We do not use advertising cookies or third-party tracking cookies.

8. Security

We use industry-standard measures to protect your data, including TLS encryption in transit and encryption at rest provided by our database and storage providers. No method of transmission or storage is 100% secure; you use the Service at your own risk.

9. Children

The Service is not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact admin@granted.bio and we will delete it.

10. International users

granted.bio is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States or in other countries where our service providers operate.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via the Service. The “Last updated” date above reflects the most recent revision.

12. Contact

Questions about this Privacy Policy or our data practices? Email admin@granted.bio.