PricingDocsSecurityCompanySign in
Last updated: March 2026

Privacy Policy

This policy describes how the hosted LabFrame service collects, uses, and protects information. For a current summary of subprocessors and security controls, see /security.

1. Scope

This Privacy Policy applies to the hosted LabFrame service, including the public site, authenticated application, agent workspaces, and related support interactions. It explains how we handle personal information and workspace content when individuals and research organizations use the Service.

If your organization has a separate written agreement with us that includes privacy or data protection terms, that agreement controls to the extent it conflicts with this policy.

2. Information we collect

We collect information in a few categories:

  • Account information such as name, email address, authentication method, organization affiliation, and login metadata.
  • Workspace content such as prompts, files, generated outputs, code, documents, messages, and other materials you or your collaborators submit to agent workspaces.
  • Operational usage data such as agent creation, sandbox lifecycle events, feature usage, usage metering, billing events, and diagnostic logs needed to operate and secure the Service.
  • Billing information such as customer identifiers, plan selection, invoices, and payment metadata processed through Stripe. We do not store full raw payment card numbers.
  • Support communications such as emails, security review requests, procurement inquiries, and other messages you send us.

3. How we use information

We use collected information to:

  • Provide and maintain the Service, including provisioning agent environments, storing workspace content, and serving requested features.
  • Authenticate users, enforce access controls, detect abuse, and protect the Service and customer environments.
  • Measure usage, charge for subscriptions and metered activity, and administer billing and procurement workflows.
  • Troubleshoot incidents, improve reliability, and develop new product capabilities using service telemetry and aggregated operational insights.
  • Communicate with you about the Service, including account notices, security updates, support responses, and policy changes.

We do not sell personal information, and we do not use customer workspace content to train our own foundation models.

4. Collaboration and workspace visibility

LabFrame is built for shared research work. Content in a workspace may be visible to collaborators, project owners, and other authorized users with access to that workspace. Shared conversations may also display participant identity and related context needed for collaboration.

If your access is sponsored by a company, university, laboratory, or similar organization, that organization may control workspace membership, billing, or account lifecycle for the relevant workspace. Please coordinate with your internal administrators before uploading sensitive material that requires special handling.

5. AI model and search processing

To provide agent responses and related automation, the Service sends prompts, relevant workspace context, and requested task content to configured AI providers and search providers. This may include portions of documents, code, chat history, or other materials necessary to complete the requested action.

We use these providers only to operate requested features and do not authorize them to use your content for generalized model training on our behalf. Provider-specific handling remains subject to their own policies and infrastructure.

6. Sharing and disclosure

We share information only in limited situations:

  • With infrastructure, billing, email, search, and model providers as necessary to run the Service.
  • With your invited collaborators and authorized workspace members as part of the Service's collaboration features.
  • When required by law, legal process, or to protect the rights, safety, and security of LabFrame, our users, or the public.
  • In connection with a merger, financing, acquisition, or similar transaction, subject to appropriate confidentiality safeguards.

We do not sell customer content or personal information to data brokers or advertisers.

7. Security and storage

Workspace data is stored using the hosted architecture described on our Security page, including platform storage and isolated sandbox environments for agent workloads. We use TLS for data in transit and managed cloud protections for data at rest.

No online service can guarantee perfect security. If your use case involves export-controlled, classified, or otherwise restricted information, contact us before use to determine whether the hosted service is appropriate for that workload.

8. Retention and deletion

We retain account information, workspace content, and service records for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain operational integrity.

When an account or workspace is deleted, we aim to remove associated customer content within a reasonable period, ordinarily within thirty (30) days unless a shorter or longer retention period is required for security, billing, legal, backup, or fraud-prevention reasons.

9. Your choices and rights

Depending on your location and relationship to the Service, you may have the right to request access to, correction of, deletion of, or export of your personal information. You may also have the right to object to or restrict certain processing in some circumstances.

You can manage some information directly through the Service. For other requests, contact contact@labframe.ai. We may need to verify your identity, and if your access is provided through an organization or shared workspace, we may direct certain requests to the relevant workspace owner or institution.

10. Cookies and session technologies

LabFrame uses essential cookies and similar session technologies to authenticate users, maintain secure sessions, protect against abuse, and support core application behavior. We do not use third-party advertising cookies.

If we introduce non-essential analytics or preference cookies in the future, we will update this policy and any associated notices.

11. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us so we can investigate and take appropriate action.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect operational, legal, or product changes. When we make material changes, we will update the date on this page and may provide additional notice through the Service or by email when appropriate.

13. Contact

Questions about this Privacy Policy, data handling, or vendor review requests can be sent to contact@labframe.ai.