Privacy Policy

1. Who we are

Aspis Bio provides a mobile lab workspace for researchers on Android and iPhone. For privacy questions, data requests, connector support, or security reports, contact support@aspis-bio.com. For product, partnership, or business contact, use main@aspis-bio.com.

2. What Aspis Bio is designed to do

Aspis Bio helps researchers use AI and lab workflows from Android and iPhone devices. The app is designed for bench support, research organization, calculations, notes, and explicit connector exports. It is not designed for clinical diagnosis, medical treatment, emergency use, or regulated human-genomics decision-making.

3. Data we may process

Depending on the features you use, Aspis Bio may process account identifiers, masked email/profile information, device platform labels, Lab Book text and metadata, qPCR or analysis metadata, AI prompts and responses, usage counters, connector export status, and technical security logs.

Local Lab Book content and local attachments remain on the device unless you choose a cloud, AI, Dropbox, Labguru, or export action that sends selected data outside the device.

4. AI requests

Ask AI requests are routed through Aspis Bio server-side infrastructure. The phone does not contain provider API keys. The server may add compact screen context, select an AI model, enforce quotas, and use gateway caching for repeated non-personal requests.

You should not submit sensitive personal data, clinical data, patient data, protected health information, secrets, passwords, or regulated human-genomics data to Ask AI.

5. Dropbox connector

Dropbox connection is optional. If you connect Dropbox, Aspis Bio uses a Dropbox OAuth flow through an Aspis Bio Cloudflare Worker. The Dropbox client secret stays server-side. Dropbox tokens are returned to the app through a one-time exchange code and are not persisted by the OAuth Worker.

The Android and iPhone apps store Dropbox access and refresh tokens using the device secure storage facilities. Dropbox access is intended for the Aspis Bio app folder, with scopes for account information and file read/write actions needed for exports and backups. Aspis Bio uses constrained paths such as Lab Book and analysis export folders.

Dropbox uploads happen only when you choose an export or backup action. Disconnecting Dropbox in the app clears the locally stored Dropbox tokens from the app. Files already exported to Dropbox remain in your Dropbox account unless you delete them there.

6. Labguru connector

Labguru export is optional. If enabled, Aspis Bio sends selected Lab Book export payloads through the Aspis Bio API Worker to Labguru. The Labguru API token is kept server-side, not inside the Android or iPhone app.

The Labguru export payload is designed to include sanitized Lab Book notes, metadata, tags, attachment names or kinds, and export manifests. Local file paths are redacted from cloud payloads. Local attachment bytes are not sent to Labguru unless a future explicit export flow is built to include them and you choose that flow.

Aspis Bio may keep export status records for a limited period so the app can show whether an export was queued, sent, or failed.

7. Account and authentication

Aspis Bio may use email-code login for accounts. Account records are designed to minimize raw identifiers by storing pseudonyms, masked email values, hashes, and login metadata rather than raw email where possible.

8. Security

Aspis Bio uses HTTPS endpoints, Cloudflare Workers, server-side secrets, rate limits, short-lived authentication flows, and device secure storage for supported local tokens. No system is perfectly secure; report suspected issues to support@aspis-bio.com.

9. Retention

Local app data remains on your device until you delete it or uninstall the app. Server-side records such as login metadata, export status, rate-limit counters, AI usage counters, and connector state are retained only as needed for operation, security, debugging, abuse prevention, and legal compliance.

10. Third-party services

Aspis Bio may interact with infrastructure and service providers such as Cloudflare, AI model providers, Dropbox, Labguru, and email delivery providers. When you use a third-party connector, that third party's own terms and privacy policy also apply.

11. Your choices

You can avoid connector processing by not connecting Dropbox or Labguru. You can avoid AI processing by not using Ask AI. You can request support, deletion help, or connector review by emailing support@aspis-bio.com.

12. Changes

We may update this policy as the product changes. Material updates will be reflected on this page with a new effective date.