Privacy Policy

Last updated: 2026-05-01

This Policy explains what RateMyBioLab ("we," "the Service") collects, why, and what we do with it. The short version: we collect the minimum needed to run accounts and prevent abuse; your identity is never shown to other users.

1. What We Collect

When you create an account:

• Email address (for verification, login, account recovery, and abuse prevention)
• A password, which we store only as a bcrypt hash — we never store, see, or log your plaintext password

When you post a review:

• The review content, scores, and the lab it concerns
• The timestamp
• Which account posted it (stored internally so we can enforce one-review-per-lab and remove content if needed — never displayed to other users)

When you use the Service:

• Standard server logs: IP address, user-agent, request path, timestamp. Retained 30 days for security and abuse investigation, then deleted.
• No third-party analytics or advertising trackers in v1.

2. What We Do Not Collect

• Real name, institution, phone number, address — we never ask for these
• Payment info — the Service is free
• Demographic data
• Cookies beyond a single session cookie required for login

3. What Is Public vs. Private

Public (visible to anyone on the internet):

• Your reviews (text, scores, date) — with no author attribution of any kind

Private (visible only to you and to our database):

• Your email address
• Your password hash
• The mapping of your account to the reviews you posted
• Your login history and server logs

We do not display usernames, handles, initials, institutions, or any other identifier alongside reviews.

4. Why We Keep an Internal Link Between You and Your Reviews

Two reasons:

1. Anti-abuse — to enforce one review per lab per user, and to remove content from accounts that violate our Terms.
2. Your control — so you can edit or delete your own reviews.

This link is never exposed publicly, in API responses, or in URL structures.

5. Who We Share Data With

We do not sell or share personal data with advertisers, data brokers, or marketing partners.

We share data only with:

• Infrastructure providers acting as data processors under contract — currently Vercel (hosting) and Neon (database). They host the data on our behalf and do not have rights to use it for their own purposes.
• Law enforcement or courts, when compelled by valid legal process (subpoena, court order, search warrant). We will resist overbroad requests where appropriate but cannot promise to fight every request.
• In the event of a sale or merger of the Service, to the acquirer, subject to this Policy.

6. Your Rights

You may at any time:

• View your account email and your reviews (in your account settings)
• Edit or delete any review you have posted
• Delete your account, which will permanently remove your email, password hash, and the link between you and your reviews. Reviews themselves may remain on the Service in fully anonymized form (since they were already anonymous to other users), unless you ask us to delete them as well.
• Request a copy of all data we hold about you, by emailing info@ratemybiolab.com

If you are in the EU/UK, you have additional rights under the GDPR (access, rectification, erasure, portability, restriction, objection). Email info@ratemybiolab.com to exercise them.

If you are in California, you have rights under the CCPA. We do not sell personal information.

7. Data Retention

• Account data: kept until you delete your account
• Reviews: kept until you delete them (or we remove them under our Terms)
• Server logs: 30 days
• Backups: rolling 30-day retention

8. Security

We use industry-standard practices: TLS in transit, bcrypt for passwords, principle-of-least-privilege database access. No system is perfectly secure; if we discover a breach affecting your data, we will notify you within 72 hours of confirmation.

9. Children

The Service is not directed at children under 18 and we do not knowingly collect data from them. See Section 2 of the Terms.

10. International Users

The Service is operated from the United States and data is stored in US-East regions (Vercel and Neon defaults). By using the Service you consent to the transfer of your data to these locations.

11. Changes

We will post material changes here and update the "Last updated" date. For changes that expand what we collect or how we share it, we will notify account holders by email.

12. Contact

Privacy questions: info@ratemybiolab.com