Privacy Policy
Summary
LabLog stores the lab-notebook entries you create and the minimum account information needed to sign you in. We do not sell your data. Your entries are visible only to you, members of your lab organization, and people you explicitly share with.
What we collect
- Account. Name, email, optional institution / lab, and a password hash (bcrypt) when you sign up with email + password. OAuth users (Google) are identified by the email they authorize.
- Notebook content. Entries, attachments, comments, tags, and references you create.
- Operational logs. Server logs (request timing, errors) retained for diagnostics. Sentry receives anonymized error events.
- Billing. If you subscribe to a paid plan, Stripe processes payment information; LabLog stores only a customer reference and subscription status.
How AI features use your content
When you save an entry, ask a voice question, or import a PDF or image, the relevant content is sent to Google Gemini for classification or extraction. We do not use your content to train LabLog models. Google may apply its own data-handling policies to API requests; review them at ai.google.dev.
Sharing & visibility
Within a lab organization, members see entries authored by other members. View-only share links are public to anyone with the link until you revoke them. Friend-shared entries (Researcher tier) are visible only to the named recipient.
Data retention & export
You can export every entry as PDF / DOCX / LaTeX. Account deletion removes your user row and personal entries. Lab entries authored by a deleted user remain in the lab, attributed to the org, unless the lab admin requests removal.
Security
Data is stored in Postgres on Neon (US region) with at-rest encryption. Connections are TLS 1.2+. Passwords are bcrypt-hashed. Sessions are JWT, signed with rotated server secrets.
Contact
Questions, deletion requests, or law-enforcement inquiries: privacy@lab-logger.com.