Back to Home

Legal

Privacy Policy

Last updated: March 6, 2026

1. Introduction

Supermatter ("we", "us", or "our") is committed to protecting your privacy and handling your personal data with transparency and care. This Privacy Policy describes what information we collect, why we collect it, how we use and protect it, and the rights you have with respect to your data when you use our platform, APIs, desktop application, or any associated services (collectively, the "Services").

By using the Services, you consent to the practices described in this policy. If you do not agree, please discontinue use and contact us to request account deletion.

2. Information We Collect

We collect information in the following categories:

Account & Identity Information

  • Name and email address provided directly or via OAuth (e.g., GitHub)
  • Profile photo or avatar (from your OAuth provider, if available)
  • Authentication tokens and session identifiers

Research & Professional Profile

  • Organization or company name
  • Laboratory or department affiliation
  • Area of scientific specialization
  • Phone number (optional)

Usage & Platform Activity

  • API requests, endpoints accessed, and request metadata
  • Simulation inputs, job parameters, and output identifiers
  • Feature usage patterns and navigation activity within the platform
  • API key creation, usage, and revocation events

Technical & Device Data

  • IP address and approximate geographic location
  • Browser type, version, and operating system
  • Device identifiers and screen resolution
  • Timestamps of access and session duration

Communications

  • Emails or messages you send to our support team
  • Feedback or survey responses submitted through the platform

3. How We Use Your Information

We use the information we collect to:

  • Create, authenticate, and manage your account
  • Provide, operate, and deliver simulation and research Services
  • Process API requests and return results accurately
  • Improve platform performance, reliability, and user experience
  • Detect, investigate, and prevent fraudulent, abusive, or unauthorized activity
  • Send transactional emails such as account notices, security alerts, and usage summaries
  • Send product updates and announcements (with opt-out available)
  • Conduct internal analytics to understand how users engage with the Services
  • Comply with applicable legal obligations and enforce our Terms of Service
  • Respond to support inquiries and resolve disputes

We do not use your simulation inputs or research data to train our core models without your explicit consent.

4. Legal Basis for Processing (EEA / UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Services you have signed up for
  • Legitimate interests: Improving the platform, ensuring security, and preventing abuse
  • Legal obligation: Compliance with applicable laws and regulatory requirements
  • Consent: Where you have explicitly opted in, such as for marketing communications

5. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share data with the following categories of third parties, strictly for the purpose of operating and improving the Services:

  • Cloud infrastructure providers: For hosting, storage, and compute (e.g., AWS, GCP)
  • Authentication providers: GitHub OAuth for secure sign-in
  • Analytics providers: Aggregate, anonymized usage analysis
  • Email delivery services: For transactional and product communications
  • Legal and compliance: When required by law, court order, or to protect our legal rights

All third-party service providers are contractually bound to handle your data securely and only for the purposes we specify.

6. API Keys & Security

API keys are hashed before storage and are never accessible in plaintext after initial creation. We store only key prefixes for identification purposes. You are responsible for the secure handling and rotation of your API keys.

We employ industry-standard security practices including TLS encryption for data in transit, encrypted storage at rest, role-based access controls, and regular security audits. Despite these measures, no system can guarantee absolute security. We encourage you to use strong credentials and report any suspected vulnerabilities to hello@supermatter.sh.

7. Data Retention

We retain your personal data for as long as your account remains active and for a reasonable period thereafter to fulfill the purposes described in this policy, resolve disputes, and comply with legal obligations.

Specific retention periods:

  • Account data: Retained until account deletion, plus up to 90 days for backup recovery
  • Simulation logs and outputs: Retained for the duration of your active subscription or agreement
  • Security and access logs: Retained for up to 12 months
  • Communications with support: Retained for up to 3 years

8. Cookies & Tracking

We use cookies and similar technologies for session management, authentication, and platform analytics. These may include:

  • Essential cookies: Required for login sessions and platform functionality
  • Analytics cookies: Help us understand usage patterns and improve performance (anonymized)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

9. International Data Transfers

Supermatter operates primarily in the United States. If you are accessing the Services from outside the US, your data may be transferred to, stored, and processed in the United States or other countries. We take appropriate steps to ensure such transfers comply with applicable data protection laws, including Standard Contractual Clauses where required.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request that we limit processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw previously given consent at any time (for consent-based processing)

To exercise any of these rights, contact us at hello@supermatter.sh. We will respond within 30 days. Where applicable, you may also lodge a complaint with your local data protection authority.

11. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, please contact us immediately and we will take steps to delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on the platform at least 14 days before the changes take effect.

We encourage you to review this policy periodically. Your continued use of the Services after any update constitutes your acceptance of the revised policy.

13. Contact & Data Controller

Supermatter is the data controller for the personal information we process. For privacy-related questions, requests, or concerns, please reach out to us:

hello@supermatter.sh

Terms of Service →supermatter.sh