Privacy Notice
Last updated: July 5, 2026
1. Who is the controller
Peptide Designer is operated by Champike Munasinghe ("we", "us"). For the personal data described here, Champike Munasinghe is the data controller.
2. Data we collect
- Account data: email address, authentication identifiers and login timestamps.
- Job inputs: structures, sequences, hotspot selections and other parameters you submit.
- Job outputs and metadata: generated designs, run metrics, GPU used, duration and cost.
- Support communications: messages you send us and our responses.
- Technical data: IP address, device/browser identifiers, and basic usage/telemetry needed to operate and secure the Service.
3. Why we use it
- Provide the Service and run the jobs you submit (contract).
- Operate accounts, authenticate you and communicate about the Service (contract).
- Prevent fraud, abuse and security incidents (legitimate interests).
- Improve reliability and performance (legitimate interests).
- Comply with legal obligations, including tax and accounting record-keeping (legal obligation).
We do not use your job inputs or outputs to train foundation models.
4. Who we share it with
- Hosting and infrastructure providers that host the application, database and GPU compute on our behalf.
- Paddle.com, our Merchant of Record, for subscription management, payments, tax compliance and invoicing. Payment card details are collected directly by Paddle; we do not receive them.
- Professional advisers (legal, accounting) where needed.
- Authorities where required by law or to protect the rights, property or safety of users or the public.
We do not sell personal data.
5. International transfers
Our providers may process data outside your country of residence, including in the United States and the European Economic Area. Where required, transfers rely on safeguards such as Standard Contractual Clauses or adequacy decisions.
6. Retention
We keep account data while your account is active, and job data and results as long as you retain them in your workspace. When you delete data or close your account, we delete or anonymise it within a reasonable period, subject to legal retention obligations (for example tax records).
7. Your rights
Depending on where you live, you may have rights to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw consent where processing is based on consent. If you are in the UK or EEA, you also have the right to lodge a complaint with your supervisory authority. To exercise your rights, contact us at the support address listed inside your account; we will respond within one month.
8. Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit, role-based access controls and audit logging. No system is completely secure, and we cannot guarantee absolute security.
9. Cookies and similar technologies
We use strictly necessary cookies and local storage to keep you signed in and to remember interface preferences (for example theme and last-used inputs). We do not use advertising cookies.
10. Changes
We may update this notice from time to time. Material changes will be communicated by email or in the app.
11. Contact
For privacy questions or to exercise your rights, contact the support address listed inside your account.