The EU General Data Protection Regulation (GDPR) calls for clear, straightforward language in privacy policies. In this spirit, we try to avoid legalese and technical jargon to better communicate to you what you and we agree to when you use our website, products, and services.

Who we are

OneMolecule LLC is a startup company based in Milwaukee, Wisconsin. We create innovative tools for scientific research and education, and develop science-based software for general use. We believe in scientific honesty and integrity and have no desire whatsoever to sell the personal data that you entrust us with to third parties, nor to use it for any other purposes than those which you signed up for. We strongly support the United Nations Universal Declaration of Human Rights, which lists protecting privacy as a fundamental human right, and have adopted a Privacy by Design approach for all of our interactions with you.

Our website address is: https://www.onemolecule.com.

If you have any questions about this policy, you can contact us at privacy@onemolecule.com or write us by mail at:

OneMolecule LLC
1620 East Capitol Drive, Suite 11703
Milwaukee, WI 53211

What personal data we collect and why we collect it

Our guiding principles are to collect personal data from you only if needed, and to keep only what is necessary to offer you the services in which you enroll. The less personal data we have stored, the better we’ll sleep at night – after all, nothing is 100% secure, and data breaches do (unfortunately) occur. But personal data that we do not have cannot end up in the wrong hands.

Comments

When visitors leave comments on the site we collect the data shown in the comments form and send it together with the visitor’s IP address and browser user agent string to the Akismet anti-spam service.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.

When you subscribe to posts or comments, we collect your email address and the ID of the post or comment. If a new subscription is initiated, we also collect some basic server data, including all the subscribing user’s HTTP request headers, the IP address from which the subscribing user is viewing the page, and the URI which was given to access the page (REQUEST_URI and DOCUMENT_URI). We use this server data exclusively for the purpose of monitoring and preventing abuse and spam.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We keep contact form submissions for customer service or diagnostic purposes unless and until you ask us to delete this information. Certain types of data are automatically collected with the information you provide in the contact form, including your IP address and web browser information. We do not use the information submitted through them for marketing purposes.

Cookies

Cookies are small text files placed on your device that store user settings or enhance your interactions with a website. Only we can access the cookies created by our website. You can control your cookies at the browser level, but choosing to disable cookies may hinder your use of or disable certain functions.

We do not use cookies for advertisement purposes.

If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These functionality cookies are for your convenience so that you do not have to fill in your details again when you leave another comment. They will last for one year.

Functionality cookies are also set to remember a visitor’s blog and post subscription choices if, in fact, they have an active subscription. These cookies will last for a duration of 347 days.

Cookies used during payment processing are essential. We will not be able to produce a payment receipt or unlock key when cookies are blocked.

Embedded content from other websites

Occasionally, articles on this site may include embedded content (e.g. videos, images, articles). Embedded content from other websites behaves in the same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Purchases and donations

We collect your payment information (e.g. credit card number, expiration date) solely to process your order or donation, but do not store it on our server once the transaction is processed. We also collect your email address so that we can send you an invoice and other relevant information, such as an unlock key or product updates. We share the collected information with our payment processor to process the transaction.

Analytics and server logs

Certain types of data are automatically logged by our web server when you are visiting our website, including your IP address and web browser information. This data is kept confidential and is only visible to our staff and our website hosting provider.

We automatically collect statistics and analytics to improve your experience with our website. The information collected includes your IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, and country code. Additionally, as you browse the site, we collect information about the individual web pages or products that you view, and information about how you interact with the site.

This data may also be collected when a connection to our website is made through our products, including the automatic checking for updates.

Product and website support

In some cases we solicit diagnostic reports and other troubleshooting, bug, and crash reports from customers to help identify and solve problems with our products and services. This information is sent to us, on a case by case basis, by users who explicitly opt into our beta software programs or who otherwise explicitly choose to provide diagnostic data to us via contact forms or email. If diagnostic data is provided via contact forms, certain types of data are automatically stored with the information you provide in the contact form, including your IP address and web browser information.

Diagnostic data may contain sensitive information about your devices and operating environment as well as personally identifying information. Although there may be occasions when we ask for diagnostic data to assist you with a problem, you are never obligated to provide it.

Security

We check login activity and monitor our website for all forms of malicious or unlawful activity that could compromise the security and confidentiality of servers and databases. For this purpose, we collect the attempting user’s IP address, request time, referrer (when available), browser user-agent string, attempting user’s email address/username, and metadata stored on the device, such as all IP-related HTTP headers attached to the attempting user.

Who we share your data with

We do not share your personal data with strangers and disclose your personal data to third parties or public officials only when we are legally obliged to.

We provide some data to our processing partners to provide specific services to you or to enhance your customer experience. We only work with processing partners who are able to ensure adequate level of protection to your personal data:

  • Information needed to process payments is passed on to our payment processor, Stripe, Inc., which conforms to the EU-U.S. Privacy Shield Framework (see https://stripe.com/privacy-shield-policy).
  • Our website and databases are hosted by DreamHost, LLC. DreamHost is GDPR compliant and has taken appropriate safeguards to ensure that personal data is protected in accordance with their privacy policy, which can be found here: https://www.dreamhost.com/legal/privacy-policy/.
  • Information needed for the Akismet anti-spam service, the Gravatar service, and data related to failed login attempts is shared with Automattic Inc. Their privacy policy can be found here: https://automattic.com/privacy/.
  • Information on attempted website attacks is shared with Defiant, Inc., with whom we have entered into a data processing agreement (see https://www.wordfence.com/gdpr/dpa.pdf). Transmitted data is usually deleted after 90 days, unless it continues to be involved in malicious activity (such as IPs on an IP blacklist).

Where we send your data

Visitor comments are checked through an automated spam detection service (Akismet).

Payment processing through our payment processor (Stripe) may occur outside of the customer’s country of residence.

Our website and databases are hosted on servers located in the United States.

We back up all website data and databases in encrypted form to cloud servers located in the United States for disaster recovery purposes. Erasure requests will leave those backups untouched to guarantee secure and immutable backups; we will only remove data from backups if legally compelled to do so.

Our customer support and email services are hosted in the United States. Any information you choose to send us through email or our customer support system may pass through and be stored on a variety of intermediate services.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Customer purchase records (e.g. your email and order data such as amount and transaction ID) are retained indefinitely unless and until you ask us to delete this information. We will use it, for example, for identification purposes when regenerating a lost unlock key and to provide you with important updates on our products. You may choose to stop receiving communications from us, except certain important notifications such as billing and account security alerts.

What rights you have over your data

You have the right to access the data collected from and about you. This includes your right to request and obtain a copy (in a machine-readable format) of your personal data. For example, if you have left comments on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

If the data is inaccurate or incomplete, you have the right to request rectification of your personal data. Under certain conditions, you can restrict the processing of your personal data, or withdraw any given consent for processing of your personal data.

You can also request that we erase any personal data we hold about you. This does not include any data we are required to keep for administrative, legal, or security purposes.

Your contact information

We are committed to safeguarding your privacy. Please contact us at privacy@onemolecule.com if you have any questions or problems about the use of your personal data and we will gladly assist you.

If you have concerns or complaints about this policy or practices that you feel you cannot resolve through contacting us, you should bring those concerns to your local regulatory authority. Residents of the EU may contact:

Berliner Beauftragte für Datenschutz und Informationsfreiheit 
Friedrichstr. 219
10969 Berlin
Email: mailbox@datenschutz-berlin.de
Phone:+49 30 13889-0

https://www.datenschutz-berlin.de/

Additional information

How we protect your data

We understand and accept our responsibility and do our best to keep your personal pata safe. We use strict access control mechanisms to ensure that personal data is only available to authorized personnel. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymizing and pseudonymizing where suitable and monitor our systems for possible vulnerabilities and attacks.

What data breach procedures we have in place

If the confidentiality of customer data is breached, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. We will inform the applicable supervisory authorities as required by law and regulation.

What third parties we receive data from

We do not receive data from third parties other than from our processing partners when they carry out services on our behalf.

What automated decision making and/or profiling we do with user data

We do not engage in services that include automated decision making or profiling.

Children

We do not intend to collect or knowingly collect information from children (persons 16 years of age or younger). We do not target children with our services.

Business transfer

If OneMolecule is involved in a business acquisition, merger, sale, reorganization, or bankruptcy then your personal information may be transferred as part of the restructuring. We promise that either the acquiring institution will respect your personal information and file data in accordance with this privacy policy, or that you will be given the opportunity to opt-out of the transfer.

Changes to this Privacy Policy

At our discretion, we may make changes to this Policy and note the date of the last revision. We reserve the right to send you email informing you of substantive changes.

Last modified December 5, 2018.