Last updated: [Insert date before launch]
Privacy Policy
This Privacy Policy explains how Lumenthis Labs LLC (“AIFDA Intel”, “we”, “us”) collects, uses, and protects your personal data when you use our platform at aifdaintel.com and app.aifdaintel.com.
1. Who we are
AIFDA Intel is operated by Lumenthis Labs LLC. We provide a research and intelligence platform that aggregates publicly available records from the U.S. Food and Drug Administration. Our platform is available at aifdaintel.com and app.aifdaintel.com.
For privacy questions, contact us at: privacy@aifdaintel.com
2. What data we collect
Account data
When you create an account, we collect your email address, your name (if provided during signup), your chosen password (stored as a hashed value — we never store plaintext passwords), and your subscription plan and billing status.
Google login (OAuth)
If you sign in using Google, we receive from Google your email address, your name, and your Google profile photo (used as your avatar in the app).
We do not receive your Google password, Google Drive contents, Gmail, contacts, or any other Google account data. We request only the minimum OAuth scopes required to identify you and create your account: openid, email, and profile.
We do not share your Google account data with any third party. Your Google login is used solely to authenticate your identity.
Usage data
We collect standard web application logs including pages and features accessed, search queries entered in the platform (used to improve search relevance), alert rules you configure, and timestamps of activity. We do not sell usage data. We do not use usage data for advertising.
Billing data
Payment processing is handled by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe stores and processes all payment information under their own PCI-compliant infrastructure. We store only your Stripe customer ID and subscription status.
No patient data
AIFDA Intel does not collect, store, or process any patient health information (PHI). The platform contains only device-level and company-level public regulatory records. No HIPAA obligations apply to our platform and no Business Associate Agreement is required.
3. How we use your data
| Data | Purpose |
|---|---|
| Email address | Account login, alert notifications, weekly digest emails, billing receipts |
| Name | Display in your account profile |
| Google profile photo | Display as your avatar in the app |
| Usage data | Improve search relevance, diagnose bugs, understand feature adoption |
| Billing data (via Stripe) | Process subscription payments, manage plan changes |
| Alert configuration | Deliver the alert emails and digests you configure |
We do not use your data for advertising. We do not sell your data. We do not share your data with third parties except as described in Section 5.
4. Data storage and security
Infrastructure
All application data is stored on our infrastructure provider’s SOC 2 certified servers. The infrastructure is SOC 2 Type II certified, meaning it has been independently audited for security, availability, and confidentiality controls.
What SOC 2 compliance means for your data:
- Data is encrypted at rest using AES-256
- Data is encrypted in transit using TLS 1.2 or higher
- Access controls are audited and enforced
- Security practices are independently verified by a third-party auditor
Backups
Database backups are performed daily and retained for 30 days. Backups are encrypted.
Access controls
Your data is protected by row-level security controls. This means your account data, saved searches, and alert configurations are only accessible to your authenticated session. No other user can access your data. Lumenthis Labs staff can access account data only for support purposes, and only with audit logging enabled.
We do not currently hold our own SOC 2 certification as an organization. We rely on our infrastructure provider’s certified platform for data security. We will pursue organizational SOC 2 certification when our customer base reaches the threshold that justifies it (currently planned at 50+ enterprise customers).
5. Third parties we share data with
We share data with the following third parties only as necessary to operate the platform:
| Third party | Purpose | Privacy policy |
|---|---|---|
| Database infrastructure provider | Database and authentication infrastructure | Available on request |
| Stripe | Payment processing | stripe.com/privacy |
| Google (OAuth) | Login authentication | policies.google.com/privacy |
| Web hosting provider | Web hosting and content delivery | Available on request |
| Email delivery provider | Transactional email delivery (alerts, digests) | Available on request |
We do not share your data with data brokers, advertising networks, or analytics platforms.
6. Cookies
We use a minimal set of strictly necessary cookies for authentication and payment security. We do not use advertising cookies, tracking pixels, or analytics cookies. No cookie consent banner is required as all cookies are strictly necessary for the platform to function.
7. Your rights
Depending on your location, you may have rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Export: Request an export of your data in a portable format
- Objection: Object to certain uses of your data
To exercise any of these rights, email privacy@aifdaintel.com. We will respond within 30 days.
Account deletion: You can delete your account from Settings → Account → Delete account. This permanently deletes your profile, saved searches, and alert configurations. Billing records are retained as required by financial regulations.
8. Data retention
| Data type | Retention period |
|---|---|
| Account data | Until account deletion |
| Usage logs | 90 days rolling |
| Billing records | 7 years (legal requirement) |
| Alert configurations | Until account deletion or manual removal |
| Search history | 90 days rolling |
9. Children
AIFDA Intel is a professional B2B platform. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact privacy@aifdaintel.com and we will delete it.
10. Changes to this policy
We will notify registered users by email before making material changes to this policy. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
11. Contact
Lumenthis Labs LLC
privacy@aifdaintel.com
[Physical address — add before launch if required by jurisdiction]