Cookie

Last Update: April 30th, 2026
Table of contents

1. General Principles and Scope

Email: info@labthread.comPhone: +44 115 795 0256Web: labthread.com

Lab Thread Ltd (“we,” “our,” or “us”) considers the protection of Personal Data a fundamental aspect of maintaining privacy and upholding individual rights. Transparency is the primary step toward ensuring that protection. This Privacy Policy applies to our website (labthread.com) and its associated subdomains alongside our application, Lab Thread (collectively, our “Service”).

If you have questions, concerns, or wish to enforce your rights, please contact us:

Lab Thread Ltd
MEPC Silverstone Park Innovation Centre
Silverstone Park
Silverstone
Towcester NN12 8GX
United Kingdom

This policy provides an overview of how we process data when acting as a Data Controller—specifically for information gathered to manage your account, process payments, communicate with you, and provide our Services on our own behalf.

13. Contact Information

For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable privacy laws, Lab Thread Ltd is the Data Controller for the Personal Data described in this Privacy Policy unless otherwise stated.

We may update this Privacy Policy periodically. Material changes will be communicated via email, website notice, or in-application notification.

1.1 Role as Processor

12. Updates to This Policy

This policy does not apply when Lab Thread acts as a Data Processor on behalf of a Customer (such as your institution, employer, or contracting organization), who serves as the Data Controller.

Lab Thread does not sell Personal Data and does not share Personal Data for cross-context behavioral advertising.

When we process Personal Data contained within scientific records, laboratory notebooks, audit trails, attachments, experimental records, sample metadata, or other Research Data uploaded to the platform by a Customer, we do so solely in accordance with that Customer’s documented instructions and any applicable Data Processing Agreement (DPA) between Lab Thread and the Customer.

11. No Sale of Data

1.2 Customer Responsibility

You have the right to know what information is collected, request deletion or correction, opt out of sale or sharing (we do not sell Personal Information), and receive non-discriminatory treatment for exercising your rights.

In those instances, you must contact the Customer directly for data inquiries or to enforce your rights. Lab Thread will assist Customers in responding to data subject requests where legally required and contractually agreed.

10.2 California Residents (CCPA/CPRA)

1.3 Age Requirements

You have the right to access, rectify, erase, restrict processing, object to processing, request data portability, withdraw consent, and lodge a complaint with a supervisory authority.

Lab Thread is not intended for children. Users must be at least 16 years of age (or 13 if permitted by local legislation) at the time of account creation. Where local laws require parental or guardian consent for users under 16, such consent must be obtained by the Customer organization.

10.1 EEA and UK Residents

1.4 Protection of Minors

We implement GDPR-level protections as our global baseline.

We do not knowingly collect data from anyone under 13 years of age. If we become aware that such information has been collected without verified parental consent, we will take immediate steps to delete the information.

10. Global User Rights

1.5 User Consent

  • Investigate and contain the incident promptly
  • Notify affected Customers without undue delay
  • Notify supervisory authorities where legally required
  • Communicate with affected individuals where required by law

By accessing or using our Service, you signify that you have read and understood our collection, storage, and usage of your Personal Data as described in this policy and our Terms of Service.

In the event of a Personal Data breach, we will:

Where consent is required under applicable law (for example, for certain marketing communications or non-essential cookies), you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

9. Data Breach Notification

While no system can guarantee absolute security, we follow industry best practices to reduce risks of unauthorized access, disclosure, alteration, or destruction.

2. Information Categories and Collection

  • Encryption in transit (TLS/SSL)
  • Encryption at rest where applicable
  • Access controls and role-based permissions
  • Multi-factor authentication (where enabled)
  • Secure cloud infrastructure
  • Regular security reviews
  • Logging and monitoring
  • Vulnerability management practices

We collect data through direct provision, automated tracking technologies, and third-party integrations.

We implement appropriate technical and organizational measures designed to protect Personal Data, including:

2.1 Account Credentials

8. Security Measures

We collect your full name, email address, password (stored in encrypted and hashed form), job title, phone numbers, organization name, and mailing/billing addresses.

Such data is processed in accordance with applicable employment and data protection laws.

This information is necessary to create and maintain your account, authenticate users, manage subscriptions, provide customer support, and fulfill contractual obligations.

If you are a Lab Thread employee, contractor, or applicant, we collect information you voluntarily provide for Human Resources purposes, recruitment, onboarding, payroll administration, benefits management, compliance, and internal administration.

2.2 Payment Information

7. Personnel Data

Payments for subscriptions to Lab Thread are processed via Stripe, a third-party payment processor.

We reserve the right to transfer data to a third party in the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, provided the successor entity adheres to applicable data protection obligations.

Lab Thread does not store full credit card numbers or card verification codes on its servers. Payment information is transmitted directly to Stripe through secure, encrypted channels in accordance with Payment Card Industry Data Security Standards (PCI-DSS).

6.4 Business Transitions

We may receive limited payment-related information from Stripe, such as:

  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other lawful transfer mechanisms
  • Payment confirmation status
  • Billing address
  • Last four digits of the payment card
  • Subscription status
  • Transaction identifiers

Where Personal Data is transferred outside the UK or EEA, we rely on appropriate safeguards such as:

Stripe acts as an independent Data Controller with respect to payment processing activities and processes your data in accordance with its own privacy policy and regulatory obligations.

Your Personal Data may be transferred to and processed in the United Kingdom, the European Economic Area (EEA), the United States, or other jurisdictions where our service providers operate.

2.3 Third-Party Sign-In

6.3 International Transfers

Users may choose to sign in with Microsoft 365, Google, or LinkedIn. By granting consent to these providers, they send us the necessary Personal Data required to create or authenticate your account, such as your name and email address.

A list of current subprocessors is available upon request.

We do not receive access to your third-party account passwords. Authentication tokens are used solely to verify your identity.

All subprocessors are contractually bound by data protection obligations, confidentiality requirements, and appropriate security safeguards.

2.4 Data from Integrations

We share information with Corporate Affiliates and trusted third-party service providers for hosting, server maintenance, analytics, customer communication tools, and credit card processing via secure SSL/TLS technology.

Where Customers enable integrations with third-party services, certain limited Personal Data may be exchanged as necessary to enable functionality. Such integrations are activated and controlled by the Customer, who remains responsible for ensuring lawful data transfer.

6.2 Recipients and Subprocessors

2.5 Unique Identifiers

  • Tax and accounting compliance
  • Legal defense
  • Fraud prevention
  • Regulatory obligations

We use a unique identifier to connect accounts so that no password is required for subsequent logins when third-party authentication is used. These identifiers are stored securely and are used only for authentication and security purposes.

Upon account deletion, we dispose of Personal Data within 60 days unless retention is legally required for:

2.6 Automated Activity Logs

We retain conversation and personal data for up to 6 years unless your account is deleted or a longer retention period is required by law.

We automatically record “Activity Data” related to your interaction with our Services, including feature usage frequency, duration of use, login counts, clickstream data, session timestamps, system interactions, and error logs.

6.1 Retention Periods

This data is used for:

6. Data Retention and Sharing

  • Security monitoring and fraud prevention
  • Service diagnostics
  • Performance optimization
  • Product development
  • Capacity planning
  • Compliance auditing

Where legally required, we obtain consent before placing non-essential cookies.

2.7 Technical Identifiers

Remarketing: The practice of serving ads across the internet to individuals who have already visited our website. We do not sell Personal Data for advertising purposes.

This includes device types, operating systems, browser information, IP addresses, approximate geolocation data derived from your IP address, and system configuration details.

Sessions: Data used to identify the specific areas of our platform that you have visited.

IP addresses may be used for security purposes, including detecting suspicious login attempts and unauthorized access.

Local Storage (DOM): Web storage that supports persistent data storage with enhanced capacity compared to cookies.

2.8 Communication Data

We process records from emails, live chats, support tickets, and online meetings.

Where permitted by law and with appropriate notice, certain calls or meetings may be recorded after prior consent for quality assurance, training, compliance documentation, or evidentiary purposes.

Cookies: Small files used to identify your browser, remember login status, and understand how you navigate our Service.

2.9 Service Improvement

We use gathering tools to enhance performance and functionality:

We may use aggregated and anonymized data to analyze trends, improve functionality, enhance user experience, and develop new features. Such aggregated data does not identify individual users.

5. Tracking and Storage Technologies

3. Scientific Research Data

Legal Obligations: Cooperating with regulatory authorities, responding to lawful requests, complying with tax and accounting requirements, and protecting the safety of the public or our interests.

Lab Thread is a specialized platform for managing scientific laboratory research. You may upload texts, images, structured experimental records, sample metadata, attachments, and other files referred to as “Research Data.”

Marketing: To send periodic emails regarding educational content, product updates, new release information, and “tips and tricks.” You may unsubscribe at any time via the unsubscribe link included in such communications.

3.1 Ownership and Control

Legitimate Interests: For system security, fraud detection, software optimization, analytics, platform maintenance, internal administrative purposes, and protection of our legal rights.

Lab Thread does not own or control Research Data and does not claim intellectual property rights over Customer content.

Contractual Performance: To provide the Service, manage subscriptions, process billing, offer technical support, enforce our Terms of Service, and maintain account functionality.

3.2 Processing Responsibility

We utilize your information for the following purposes:

The Customer (your organization), as the Data Controller, is responsible for the lawfulness of any Personal Data contained within Research Data, including ensuring appropriate consent, lawful basis, and compliance with regulatory requirements (e.g., GDPR, HIPAA where applicable, or other sector-specific regulations).

4. Legal Basis and Data Usage

Lab Thread processes such data solely as a Data Processor under contractual instructions.

As a result, deletion or erasure requests may be limited where retention is required for legal, regulatory, or scientific recordkeeping purposes.

3.3 Audit Trails and Regulatory Compliance

Lab Thread maintains immutable audit trails in support of laboratory compliance requirements, including 21 CFR Part 11 GLP/GMP environments where applicable. Certain identifiers may be retained within audit logs to preserve scientific integrity, regulatory traceability, and compliance obligations.

Lab Thread is a simple, secure digital thread that connects your lab’s workflows. It enhances collaboration, supports reproducibility & continuity, and ensures compliance. Easily.
Stay at the cutting edge
Product
Pricing
The Digital Thread
Molecular Biology Software
ELN
LIMS
Project Management
Trust
Stay with us
Careers
Contact Us
LinkedIn
Latest from our blog
Lab Thread introduces Unified Lab Software Platform to streamline biological research
Refining the molecular blueprint of in vivo CAR-T cell therapies
Can Lab Management Software Help Solve the Reproducibility Crisis?
Privacy Policy
Terms of Service
© 2006 Lab Thread. All rights reserved.