Privacy Policy

κλllima (“we”, “us”, “our”) provides a self-serve platform for antibody humanization, structure prediction, and developability analysis. This policy describes what data we collect, how we use it, and your rights.

• Account data — name and email address provided during sign-up (stored in Supabase Auth).
• API credentials — API tokens you generate for programmatic access. Token values are never stored; we retain only a SHA-256 hash and the metadata you assign (name, creation date, last-used timestamp).
• Sequence data — antibody VH/VL sequences and any antigen sequences you submit for analysis jobs. Sequences are stored in our database and passed to compute infrastructure only for the duration of the job.
• Job results — humanization outputs, structure predictions, stability scores, immunogenicity scores, and related analysis results.
• Billing data — payment method and billing address, handled exclusively by Stripe. We store only your Stripe customer ID; we never see raw card numbers.
• Usage data — job submission counts (for plan enforcement), audit log events, and standard server access logs.
• Preferences — notification opt-ins and other user settings.

• To run the analysis jobs you submit and return results to you.
• To enforce plan limits and process billing via Stripe.
• To send job completion notifications (only if you opt in).
• To maintain an audit trail of account and billing events for your organization.
• Training data use — Free plan: your sequences and results may be used to improve κλllima models; you can opt out at any time in Settings → Privacy. Paid plans: training data use is off by default; you can opt in if you choose. All identifying information is stripped before any data is retained for this purpose.
• We do not sell your data to third parties.

We rely on the following third-party services to operate the platform. Each processes data only as needed to provide its function.

• Account data and sequences are retained until you delete your account or delete individual antibody records.
• Audit logs are retained for 12 months.
• Stripe retains billing records per its own retention policy (typically 7 years for tax/legal purposes).

• All data in transit is encrypted via TLS/HTTPS.
• Data at rest is encrypted with AES-256 (Supabase Postgres on AWS).
• Row-level security policies ensure each organization can only access its own data.
• TOTP multi-factor authentication is available and encouraged for all accounts.
• We are pursuing SOC 2 Type I certification.

You have the right to:

• Access your data — all sequences, jobs, and results are accessible through the platform.
• Delete your account and all associated data via Settings → Account. Deletion is permanent and irreversible.
• Export results at any time using the download options in the UI.
• Correct account information (name, email) via your account settings.

If you are located in the European Economic Area or United Kingdom, the following applies in addition to the rights described above.

• Legal basis. We process your data to perform our contract with you (running analysis jobs, managing your account and billing). We process usage and security data on the basis of our legitimate interests in operating a secure, reliable service. Where we retain sequence data for model improvement, we rely on your consent, which you can withdraw at any time in Settings → Privacy.
• Additional rights. You may request restriction of processing, object to processing based on legitimate interests, and request a machine-readable copy of your data for portability. You also have the right to lodge a complaint with your local supervisory authority.
• International transfers. Our sub-processors are based in the United States. Transfers outside the EEA are covered by Standard Contractual Clauses (SCCs) as adopted by the European Commission. Copies of applicable SCCs are available on request.
• Data processing agreement. If you require a DPA for your organization, email privacy@kallima.bio and we will provide one.

We use session cookies managed by Supabase Auth for authentication. We do not use third-party tracking or advertising cookies.

We may update this policy as the platform evolves. Material changes will be communicated by email and reflected in the “Last updated” date above.

Questions about this policy or data requests: privacy@kallima.bio