Privacy Policy

Last updated: February 9, 2026

1. Overview and Scope

Vici.bio (“Vici.bio”, “we”, “us”, “our”) respects your privacy and is committed to handling personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our public website or use our products and services (collectively, the “Platform”).

We are based in Scotland, United Kingdom. We comply with the UK GDPR and the Data Protection Act 2018. Where applicable, we also comply with the EU GDPR for users in the European Economic Area (“EEA”).

If you do not provide certain information, we may be unable to provide parts of the Platform (for example account access, billing, or support).

2. Definitions

  • Personal Data: Information that identifies you or can reasonably be linked to you.
  • User Content: Inputs you submit to run jobs (for example sequences, structures, parameters, files) and any outputs generated for you.
  • Operational Metadata: Non-content technical and security data needed to run and protect the Platform (for example job IDs, timestamps, status codes, resource usage, error types, audit logs).
  • Account Data: Information used to create and manage an account (for example email, authentication identifiers, plan status) plus billing records.
  • Subprocessor: A service provider we engage to process data on our behalf (for example hosting, authentication, payments, email delivery).

3. Our Role: Controller vs Processor

Account and website data: For Account Data, marketing preferences, and website analytics (if enabled), Vici.bio acts as a data controller.

User Content: For User Content you upload to run jobs, you (or your organisation) typically acts as the controller and Vici.bio acts as a processor, processing User Content only on your instructions to execute and deliver your jobs, consistent with our Terms.

If you use the Platform on behalf of an organisation, you represent that you are authorised to provide personal data to us and to instruct us to process it for the purposes described here.

4. Categories of Personal Data We Collect and How We Collect It

  • Contact and account information (for example email address, account identifiers, organisation name if provided). How we collect it: Directly from you when you create an account, subscribe, or contact us.
  • Authentication information (for example password hashes, login tokens, security settings). How we collect it: Created and stored as part of account operation. Passwords are stored as salted hashes, not plaintext.
  • Billing and transaction information (for example plan tier, invoice records, payment status, partial payment identifiers). How we collect it: From you and our payment provider when you purchase a plan. We do not store full card details.
  • Support and communications (for example emails, chat messages, requested troubleshooting details). How we collect it: When you contact us. If you voluntarily include data in a support message, we will process that content to respond.
  • Device, usage, and security data (for example IP address, user agent, approximate location derived from IP, access times, pages/actions, security events). How we collect it: Automatically when you access the website or Platform.
  • Operational Metadata (non-content) required to run, secure, and audit the Platform. How we collect it: Automatically during job execution and platform operation.
  • User Content and outputs (which may contain personal data depending on what you upload). How we collect it: From you when you submit jobs. We process this content to execute the job and return outputs to you.
  • Cookies and similar technologies (see Section 10). How we collect it: Automatically, subject to your cookie choices where required.

Special category data: The Platform is not intended for processing special category data (for example health data, genetic data about identified individuals, biometric identifiers, political opinions, religious beliefs, or precise geolocation). Please do not upload special category data or other sensitive personal data unless you have a lawful basis and it is strictly necessary.

5. How We Use Personal Data and Our Legal Bases

We use personal data only where permitted under applicable law. Depending on the context, our legal bases include performance of a contract, legitimate interests, consent, and legal obligation.

  • Provide the Platform and run jobs (contract). This includes processing User Content to generate outputs and deliver results.
  • Create, manage, and secure accounts (contract; legitimate interests). This includes authentication, session management, and fraud prevention.
  • Operate, maintain, and improve reliability (legitimate interests). We use Operational Metadata and service performance data to monitor uptime, capacity, and errors.
  • Customer support (contract; legitimate interests). We respond to requests and investigate issues using the information you provide.
  • Billing, payments, and accounting (contract; legal obligation). We maintain invoices and tax records where required.
  • Compliance, enforcement, and safety (legal obligation; legitimate interests). This includes responding to lawful requests and enforcing our Terms, preventing abuse, and protecting users, the public, and Vici.bio.
  • Product updates and optional marketing (legitimate interests for essential service messages; consent where required for marketing). You can opt out at any time.

No training on your content: We do not use your User Content or outputs to train models, build marketing profiles, or run advertising targeting. We process User Content only to execute and deliver your jobs, and to secure the Platform.

6. Security and Access Controls

  • Encryption by default: User Content and outputs are encrypted in transit and at rest.
  • Access controls: We apply technical and organisational measures designed to limit access to personal data to authorised systems and personnel.
  • Minimisation: We design the Platform to avoid routine human access to User Content. If you voluntarily provide content to support, we may view what you send to assist you.
  • No system is perfect: Despite safeguards, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Retention, Deletion, and Your Control

  • User control: You can export your User Content and outputs at any time through the Platform where available.
  • Deletion: If you delete User Content or outputs, they are permanently deleted from our active systems and cannot be restored.
  • Operational and legal retention: We may retain Account Data, invoices, and certain Operational Metadata for as long as necessary to provide the Platform, meet legal obligations, resolve disputes, enforce our agreements, and protect Vici.bio.
  • Security logs: We retain security and access logs for a limited period appropriate to detect, investigate, and prevent abuse and fraud.

If you close an account, we will delete or anonymise personal data within a reasonable period, except where retention is required or justified for legal compliance, billing, security, or enforcement purposes.

8. How We Share Personal Data

We do not sell your personal data. We disclose personal data only as necessary to operate the Platform and as described below.

  • Service providers and subprocessors: We use trusted providers for hosting, authentication, payments, email delivery, and other infrastructure. They process data under contract, only to provide services to us, and must protect it.
  • Affiliates: If we have affiliated entities under common control, we may share data for internal administration, security, and operations.
  • Legal and safety: We may disclose information if required by law, court order, or binding request, or to protect the rights, property, or safety of Vici.bio, our users, or others.
  • Business transactions: We may share information in connection with financing, reorganisation, merger, acquisition, or sale of assets. We will require appropriate confidentiality protections.
  • With your instructions: We may disclose information when you request or authorise us to do so.

Where permitted, we will provide notice of legally compelled disclosures unless doing so would be prohibited or would create a risk of harm or abuse.

9. International Transfers

We may process personal data in the UK, the EEA, and other countries where we or our providers operate. Where required for transfers outside the UK or EEA, we use appropriate safeguards such as the UK International Data Transfer Agreement (UK IDTA), the EU Standard Contractual Clauses (EU SCCs), or adequacy regulations.

10. Cookies and Tracking

We use cookies and similar technologies to operate the site and improve your experience. Essential cookies are used for core functionality. Analytics cookies, if used, are disabled by default unless you opt in where required.

  • Essential cookies: Required for security, session management, and core site features.
  • Preference cookies: Remember settings you choose (where enabled).
  • Analytics cookies: Help us understand how the website is used. These are optional and only enabled where appropriate based on your choices.

You can manage cookies through your browser settings and, where available, our cookie banner/preferences.

Navigation enhancement (session storage): To improve navigation, we may store your on-site navigation path in your browser’s session storage. This data stays on your device, is deleted when you close your browser, contains no personal data beyond URL paths within our site, and is used only to make “Back” buttons behave predictably.

Do Not Track: Some browsers offer “Do Not Track” signals. Because there is no uniform standard, we do not respond to DNT signals at this time.

11. Your Rights (UK GDPR and EU GDPR)

Subject to conditions and exceptions under applicable law, you may have the right to request: access, rectification, erasure, restriction, objection, and data portability. Where processing is based on consent, you may withdraw consent at any time.

  • How to exercise rights: Email us at info@vici.bio.
  • Verification: We may request information to verify your identity and authority. We will use verification information only to process your request.
  • Timing: We aim to respond within one month. We may extend by up to two additional months where permitted due to complexity or volume.
  • Limitations: We may refuse or narrow requests where permitted by law, including to protect the rights of others, maintain security, prevent fraud and abuse, or comply with legal obligations.
  • Fees: We do not usually charge a fee. We may charge a reasonable fee or refuse requests that are manifestly unfounded or excessive as allowed by law.

If you are unhappy with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). If you are in the EEA, you may also lodge a complaint with your local supervisory authority.

12. Third-Party Links

The Platform may link to third-party websites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party content or privacy practices.

13. Children

The Platform is not intended for individuals under 18, and we do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy here and update the “Last updated” date. Your continued use of the Platform after the effective date means you accept the updated Policy, to the extent permitted by law.

15. Contact

To ask questions or exercise your rights, contact us at info@vici.bio. Vici.bio is based in Scotland, United Kingdom.