Who we are
Protplex is operated by Straintest LLC, Hagenholzstrasse 62, 8050 Zurich, Switzerland ("Straintest," "Protplex," "we," "us," or "our"). Straintest LLC is the controller responsible for personal data processed through Protplex unless another party is identified as the controller for a specific service. Protplex may be presented publicly under the Straintest Bio Initiative name, but that name does not identify a separate controller unless expressly stated.
Scope of this policy
This policy describes how we collect, use, share, retain, and otherwise process personal data when you use the Protplex website, account system, dashboard, search experience, hosted MCP endpoints, and related support, communications, and integration features.
Data we collect
Contact and signup data
We collect contact details you provide directly, such as your email address, name, affiliation, and message content when you submit a contact form, early-access request, support inquiry, or newsletter signup.
Account and authentication data
When you sign in or connect an integration, we process authentication and account data needed to operate secured features, including authentication provider identifiers, account subject identifiers, account and quota identifiers, plan names, quota limits, and remaining usage balances.
Search and tool usage data
We process search queries, structured search filters, requested PDB identifiers, result counts, latency measurements, quota usage events, and related request metadata associated with Protplex web search, lookup flows, and MCP-based search requests.
ChatGPT app and assistant integration data
If you use Protplex through ChatGPT, OpenAI, or another assistant, agent, or MCP-compatible client, we may process the information needed to respond to your request, such as prompts or tool-call inputs, selected search parameters, requested PDB identifiers, returned results, account connection status, client identifiers, timestamps, and usage metadata.
Service metadata
We process technical metadata such as request identifiers, timestamps, client or application identifiers, user-agent information, protocol version details, referrer or routing information, and network-related metadata handled by our infrastructure for security, troubleshooting, and abuse prevention. Depending on the system, we may store hashed network-derived identifiers or process raw IP address information.
Analytics and diagnostics
We collect service analytics, pseudonymous identifiers, event logs, error logs, query hashes, and related diagnostic data to understand product usage, investigate failures, and improve reliability. In limited cases, analytics or debugging systems may keep sampled or truncated search text when needed for measurement or investigation.
Sources of data
We collect personal data directly from you, from your account or authentication provider when you sign in, from the client or assistant platform you use to access Protplex, and automatically from your browser, device, or application when you interact with the service.
Protplex may also retrieve, index, or return public scientific records from third-party resources, including the Protein Data Bank and related public structural biology datasets. Those scientific records are not generally personal data unless they include information relating to an identifiable person.
How we use data
- Provide, operate, secure, and support Protplex, including its website, account system, search API, and assistant integrations.
- Authenticate users and connected clients, manage sessions, and enforce quotas, rate limits, and access controls.
- Process search requests, return results, maintain search quality, and improve product reliability and abuse prevention.
- Monitor uptime, diagnose errors, investigate misuse, and protect service integrity.
- Respond to support requests, account inquiries, and product communications you request or reasonably expect.
- Comply with legal obligations, protect our rights, and enforce our terms.
We may use search and tool usage data to maintain, debug, evaluate, and improve Protplex search quality, ranking, retrieval, reliability, and abuse prevention. We do not use identifiable user queries to train general-purpose AI models. Where practical, we rely on aggregation, deletion of direct identifiers, retention limits, and access controls.
We may manually review a limited number of logs or support records when necessary to debug errors, investigate abuse, respond to support requests, or improve reliability.
We do not sell personal data or share it for cross-context behavioral advertising.
Legal bases
Depending on your location and the context, we process personal data under the following legal bases.
| Purpose | Legal basis |
|---|---|
| Provide search, lookup, account, quota, MCP, and ChatGPT app features. | Performance of a contract or steps requested by you before entering into a contract. |
| Authenticate users, manage sessions, enforce quotas, and prevent misuse. | Performance of a contract and our legitimate interests in operating and securing Protplex. |
| Maintain logs, diagnose errors, monitor uptime, and protect service integrity. | Legitimate interests in reliability, security, fraud prevention, and service improvement. |
| Respond to support, contact, early-access, or account requests. | Performance of a contract or our legitimate interests in responding to you. |
| Send newsletters or product updates. | Consent, or legitimate interests where permitted by applicable law. |
| Improve search quality, retrieval quality, product functionality, and abuse prevention. | Legitimate interests in improving Protplex, subject to safeguards and your rights. |
| Comply with legal obligations and enforce rights. | Legal obligation and legitimate interests in legal compliance and claims. |
Where we rely on legitimate interests, we balance those interests against your rights, freedoms, and reasonable expectations.
ChatGPT, MCP, and assistant integrations
Protplex may be available through ChatGPT, OpenAI, MCP-compatible clients, or other assistant and agent platforms. When you use Protplex through one of these platforms, we may receive and process information needed to provide the requested feature, such as prompts or tool-call inputs, requested PDB identifiers, search filters, returned results, account connection status, client identifiers, timestamps, and usage metadata.
The platform you use to access Protplex may separately receive and process your prompts, app interactions, account connection information, tool calls, returned content, and usage metadata under its own terms and privacy policy. Protplex is an independent service unless we expressly state otherwise.
Data minimization
We request and process only the information reasonably necessary to provide Protplex search, account, quota, security, support, and integration features. If a field, identifier, permission, or log record is not needed for the requested feature, our goal is not to request or retain it.
Cookies, analytics, and local storage
We and our service providers may use cookies, local storage, session storage, and similar technologies to keep you signed in, remember preferences, support account and quota features, protect the service, measure usage, and diagnose errors.
Our current implementation uses browser storage for items such as pseudonymous analytics identifiers, analytics preferences, and buffered event delivery, and may rely on cookies or similar session mechanisms provided by WorkOS AuthKit, Next.js, and Amplify-backed account flows.
Analytics and diagnostics tooling may receive page paths, event timestamps, referrer data, approximate browser or device information, pseudonymous identifiers, query hashes, and in limited cases sampled or truncated search text. You can control some browser storage through your browser settings, although blocking essential storage may affect service functionality.
How we share data
We share data only as needed to operate Protplex, comply with law, protect the service, or respond to your instructions.
Service providers and processors
- Hosting and application infrastructure providers, including Amazon Web Services, Microsoft Azure, and AWS Amplify.
- Authentication and identity providers, including WorkOS AuthKit.
- Database and operational storage providers, including AWS AppSync-backed data services and Supabase where used for analytics or operational storage.
- Analytics and diagnostics providers, including PostHog where enabled.
- Search and integration infrastructure supporting Protplex web search, hosted MCP endpoints, and related integration gateways.
- Professional advisers, law enforcement, regulators, or counterparties when disclosure is legally required or reasonably necessary to protect rights and safety.
Independent third-party platforms
If you access Protplex through ChatGPT, OpenAI, or another assistant, agent, or MCP-compatible platform, that platform may process your prompts, account connection information, app interactions, tool calls, returned content, and usage metadata as an independent service under its own terms and privacy policy. Protplex is not responsible for the privacy practices of those third-party platforms.
International transfers
We are based in Switzerland and use service providers that may process personal data in Switzerland, the European Economic Area, the United Kingdom, the United States, and other countries where they or their subprocessors operate. Some countries may not provide the same level of data protection as your country of residence. Where required, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, the Swiss addendum to standard contractual clauses, data processing agreements, encryption, access controls, and other technical and organizational measures. You may contact us to request more information about the safeguards relevant to your data.
Retention
We retain personal data only for as long as reasonably necessary for the purposes described in this policy, including providing Protplex, maintaining account integrity, preventing abuse, resolving disputes, enforcing agreements, and complying with legal obligations. Typical retention periods are listed below.
| Data category | Typical retention |
|---|---|
| Contact, support, and inquiry messages | Up to 24 months after the last interaction, unless longer retention is needed for legal, security, or dispute purposes. |
| Newsletter or update subscription data | Until you unsubscribe or request deletion, plus limited suppression records where needed to honor opt-out requests. |
| Account and authentication records | For the life of the account, then up to 90 days after closure or deletion request unless longer retention is required. |
| Quota, plan, and entitlement metadata | For the life of the account, then up to 6 years where needed for accounting, audit, dispute, or legal purposes. |
| Search queries, tool-call inputs, requested PDB identifiers, structured filters, and result metadata | Up to 180 days in identifiable form, unless longer retention is needed for security, debugging, support, abuse prevention, or legal claims. |
| Security, rate-limit, abuse-prevention, and access logs | Up to 180 days, unless extended for an active investigation, incident response, or legal reason. |
| Error logs and diagnostics | Up to 180 days. |
| Analytics events and pseudonymous identifiers | Up to 24 months, or longer if aggregated or no longer reasonably linkable to an individual. |
| Backups | Deleted or overwritten on the normal backup cycle, typically within 90 days. |
| Legal and compliance records | As long as required by law or reasonably necessary to establish, exercise, or defend legal claims. |
When we no longer need personal data, we delete it, anonymize it, or retain it only in a restricted form where deletion is not technically or legally practical, such as encrypted backups awaiting scheduled rotation.
Security
We use administrative, technical, and organizational safeguards designed to protect personal data, including access controls, authentication controls, encryption in transit where supported, logging, monitoring, and provider security controls. No online service can guarantee absolute security. If you believe your interaction with Protplex is no longer secure, contact us at protplex@straintest.co.
Your rights and choices
Depending on your location, you may have rights to request access to, correction of, deletion of, restriction of, or portability of personal data we hold about you, to object to certain processing, and to withdraw consent where processing relies on consent. We may need to verify your identity and may retain limited information as required to document and honor your request.
You may object to processing based on legitimate interests. We will stop that processing unless we have compelling legitimate grounds to continue or need the data for legal claims.
You can unsubscribe from marketing or update emails using the link in those messages where available. We aim to respond to privacy requests within 30 days unless applicable law allows or requires a different period.
You may have the right to lodge a complaint with a data protection authority. In Switzerland, you may contact the Federal Data Protection and Information Commissioner. If you are in the EEA or the UK, you may contact your local data protection authority.
For privacy, data-rights, or support requests, contact protplex@straintest.co.
Children
Protplex is not intended for children under 13 or the minimum age required to use online services in your jurisdiction. We do not knowingly collect personal data from children below that age. If you believe a child has provided personal data to Protplex, contact us and we will take appropriate steps to delete it.
Sensitive and regulated information
Do not submit payment card data, government identifiers, medical records, patient information, human-subject research data, passwords, one-time passcodes, API keys, trade secrets, or other highly sensitive or regulated information through Protplex unless we explicitly request it for a clearly disclosed purpose and provide appropriate safeguards. Protplex is intended for protein structure search and related scientific lookup use cases, not for identifiable health information, patient records, or regulated clinical data.
Automated decision-making
Protplex does not make automated decisions that produce legal or similarly significant effects about users. We may use automated systems to rank search results, enforce quotas, detect abuse, rate-limit requests, and protect the service.
Changes to this policy
We may update this policy from time to time. When we do, we will post the revised version on this page and update the effective date below. If we make material changes, we may also provide additional notice through the website, email, in-product messaging, or app listing where appropriate.
Contact
If you have questions about this policy or want to exercise a privacy right, contact us at protplex@straintest.co or write to Straintest LLC, Hagenholzstrasse 62, 8050 Zurich, Switzerland.
Last updated: May 14, 2026