Privacy Policy

Last updated: March 2026

AI disclaimer: Polymetrics is an AI-powered assistant. Responses may be incorrect or incomplete. Do not rely on them as legal, regulatory, or scientific advice.

Who we are

Polymetrics is a chemistry and EU food-contact materials regulation chatbot. Contact us at polymetricsforpolymer@gmail.com for any privacy question or data request.

Data we collect

• Email — account identification; deleted 12 months after last activity.
• API key (SHA-256 hash only) — authentication; original key never stored; deleted 12 months after last use.
• Credit balance & transactions — billing records; deleted 12 months after last activity.
• Request logs (endpoint, credits charged, IP) — billing accuracy and anti-abuse; deleted after 30 days.
• Stripe session ID — payment idempotency; deleted 12 months after last activity.
• Auth cookie (pmx-api-key) — httpOnly session cookie; expires after 30 days or on logout.

Chat content is not persisted to a database. Your messages and responses pass through server operational logs during processing and are retained for up to 30 days for debugging and monitoring, then automatically deleted. Conversation history lives only in your browser tab and is lost when you close it or start a new chat.

Third-party services

• OpenAI — every message you send is processed by an OpenAI language model. Privacy policy
• Stripe — handles payment checkout; we receive only a session ID and confirmation. Privacy policy
• NIH CACTUS (cactus.nci.nih.gov) — chemical names and SMILES may be sent for structure resolution. No personal identifiers included.
• CAS Common Chemistry (commonchemistry.cas.org) — chemical names may be sent for CAS registry lookups. No personal identifiers included.

Open-source packages

• RDKit — cheminformatics library used server-side to parse SMILES strings, compute molecular fingerprints, and run similarity searches on chemical structures you submit. All processing is local; no data is sent to RDKit's maintainers. rdkit.org
• marked.js — Markdown rendering in the chat UI. Loaded from jsDelivr CDN; they may log your IP. GitHub
• Inter & IBM Plex Mono — UI fonts loaded from Google Fonts; Google may log your IP when serving font files.

Security

• API keys hashed with SHA-256; original never stored.
• Auth cookie is httpOnly and SameSite=Strict.
• Database hosted on Azure Files.

Changes

We may update this policy. The "last updated" date reflects any changes. Continued use constitutes acceptance.