Skip to content
Biodatica

Legal

Privacy

Last updated July 17, 2026

Biodatica is a product about companies and science. It is not a product about people, and it is not built on knowing things about you. This page is the whole account of what we hold and why.

What we store about you

  • Your account. Email address, a display name if you give one, a password hash if you use a password, and the identifier from Google or Apple if you sign in that way. Plus whether your email is verified, your plan, your plan status, and the therapeutic area your seat covers.
  • Your watchlist and alert settings. Which companies you watch, your alert rules, and whether you take the morning digest.
  • Delivery records. A log of which alerts we sent you, so we never email you twice about the same event.
  • Sessions. A session token, its expiry, and the IP address and user agent it was created from. This is how we keep you signed in and how we spot a stolen session.
  • Billing. A Stripe customer identifier and your plan state. Stripe handles the payment itself. We never see or store your card number.
  • API keys, if you have them. Stored as a hash, with the first characters kept in the clear so you can tell your keys apart.

What we do not do

  • No advertising, no ad networks, no third-party trackers, and no cross-site profiling. There is no reason for an ad pixel to exist in a $6,000-a-year research product.
  • We do not sell, rent, or share your personal information with anyone for their own purposes.
  • We do not buy data about you, and we do not enrich your account from any outside source.
  • We do not build profiles of consumers. Biodatica is not a consumer data broker and is not in that business.
  • We do not read your watchlist to tip anyone off. Your watchlist is not a product we sell, and it is not visible to other subscribers.

Why we hold each thing

Your email exists so we can sign you in and send you the alerts you asked for. Your plan state exists so the gates know what you bought. Your watchlist exists because it is the feature. Session records exist so the product is secure. That is the entire list. If a field is not needed to run one of those, we do not collect it.

Cookies

One cookie: your session. It keeps you signed in and it goes away when you sign out or when it expires. There are no analytics cookies, no advertising cookies, and no consent banner, because there is nothing to consent to.

Our sign-in forms can run Cloudflare Turnstile, a bot check that does not track you across sites and does not build a profile of you.

Who else touches your data

  • Cloudflare. The entire product runs on Cloudflare: the compute, the database, the storage, and the outbound email. Your account data sits there.
  • Stripe. Payments. They hold your card and your billing details; we hold a customer id.
  • Google and Apple. Only if you choose to sign in with them, and only to confirm you are you.

That is the list. There is no fourth party.

The names inside the graph

Biodatica names principal investigators, founders and executives. Those names come from public federal filings and nowhere else: an NIH grant lists its investigator, a Form D lists its executives, a patent lists its assignee. They appear because a person filed a public document in a professional capacity, and we do not add anything to them. No addresses, no phone numbers, no personal history, and no inference about anyone’s private life.

This is the same information the source agency publishes on its own website. If you are named in the product and something is wrong, write to signal@biodatica.com and we will check it against the filing and correct our record if we got it wrong. We cannot change what the agency published; that is a conversation with the agency.

Your data, your call

Write to signal@biodatica.com from your account email and we will, at your request: tell you everything we hold about you, send you a copy, correct anything wrong, or delete your account and everything attached to it. Deletion is real deletion, not a flag. We keep only what billing law requires us to keep, which is a record that a transaction happened.

You can unsubscribe from any recurring email using the link in it, and that never affects your access to the product. Transactional mail (password resets, sign-in links, billing) still goes out, because otherwise you cannot use your account.

How long we keep things

Account data lives as long as your account does. Sessions expire on their own. Alert logs are kept so we do not send you a duplicate. When you delete your account, it goes.

Security

Passwords are hashed, API keys are stored as hashes, sessions are signed and expire, and everything travels over TLS. No system is perfect. If we ever have a breach that affects your data, we will tell affected account holders directly rather than posting a notice and hoping.

Children

Biodatica is a professional research tool sold to investment firms. It is not directed at children, and we do not knowingly hold data about anyone under 18.

Changes

If this policy changes materially, we will email account holders before the change takes effect. The date at the top always reflects the current version.

Terms · Disclosures · signal@biodatica.com