Lab Thread: Privacy Policy

Last Update: March 5th, 2026
Table of contents

1. General Principles and Scope

Lab Thread Ltd (“we,” “our,” or “us”) considers the protection of Personal Data a fundamental aspect of maintaining privacy and upholding individual rights. Transparency is the primary step toward ensuring that protection. This Privacy Policy applies to our website (labthread.com) and its associated subdomains alongside our application, Lab Thread (collectively, our “Service”).

This policy provides an overview of how we process data when acting as a Data Controller—specifically for information gathered to manage your account, process payments, communicate with you, and provide our Services on our own behalf.

For the purposes of applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable privacy laws, Lab Thread Ltd is the Data Controller for the Personal Data described in this Privacy Policy unless otherwise stated.

1.1 Role as Processor

This policy does not apply when Lab Thread acts as a Data Processor on behalf of a Customer (such as your institution, employer, or contracting organization), who serves as the Data Controller.

When we process Personal Data contained within scientific records, laboratory notebooks, audit trails, attachments, experimental records, sample metadata, or other Research Data uploaded to the platform by a Customer, we do so solely in accordance with that Customer’s documented instructions and any applicable Data Processing Agreement (DPA) between Lab Thread and the Customer.

1.2 Customer Responsibility

In those instances, you must contact the Customer directly for data inquiries or to enforce your rights. Lab Thread will assist Customers in responding to data subject requests where legally required and contractually agreed.

1.3 Age Requirements

Lab Thread is not intended for children. Users must be at least 16 years of age (or 13 if permitted by local legislation) at the time of account creation. Where local laws require parental or guardian consent for users under 16, such consent must be obtained by the Customer organization.

1.4 Protection of Minors

We do not knowingly collect data from anyone under 13 years of age. If we become aware that such information has been collected without verified parental consent, we will take immediate steps to delete the information.

1.5 User Consent

By accessing or using our Service, you signify that you have read and understood our collection, storage, and usage of your Personal Data as described in this policy and our Terms of Service.

Where consent is required under applicable law (for example, for certain marketing communications or non-essential cookies), you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

2. Information Categories and Collection

We collect data through direct provision, automated tracking technologies, and third-party integrations.

2.1 Account Credentials

We collect your full name, email address, password (stored in encrypted and hashed form), job title, phone numbers, organization name, and mailing/billing addresses.

This information is necessary to create and maintain your account, authenticate users, manage subscriptions, provide customer support, and fulfill contractual obligations.

2.2 Payment Information

Payments for subscriptions to Lab Thread are processed via Stripe, a third-party payment processor.

Lab Thread does not store full credit card numbers or card verification codes on its servers. Payment information is transmitted directly to Stripe through secure, encrypted channels in accordance with Payment Card Industry Data Security Standards (PCI-DSS).

We may receive limited payment-related information from Stripe, such as:

  • Payment confirmation status
  • Billing address
  • Last four digits of the payment card
  • Subscription status
  • Transaction identifiers

Stripe acts as an independent Data Controller with respect to payment processing activities and processes your data in accordance with its own privacy policy and regulatory obligations.

2.3 Third-Party Sign-In

Users may choose to sign in with Microsoft 365, Google, or LinkedIn. By granting consent to these providers, they send us the necessary Personal Data required to create or authenticate your account, such as your name and email address.

We do not receive access to your third-party account passwords. Authentication tokens are used solely to verify your identity.

2.4 Data from Integrations

Where Customers enable integrations with third-party services, certain limited Personal Data may be exchanged as necessary to enable functionality. Such integrations are activated and controlled by the Customer, who remains responsible for ensuring lawful data transfer.

2.5 Unique Identifiers

We use a unique identifier to connect accounts so that no password is required for subsequent logins when third-party authentication is used. These identifiers are stored securely and are used only for authentication and security purposes.

2.6 Automated Activity Logs

We automatically record “Activity Data” related to your interaction with our Services, including feature usage frequency, duration of use, login counts, clickstream data, session timestamps, system interactions, and error logs.

This data is used for:

  • Security monitoring and fraud prevention
  • Service diagnostics
  • Performance optimization
  • Product development
  • Capacity planning
  • Compliance auditing

2.7 Technical Identifiers

This includes device types, operating systems, browser information, IP addresses, approximate geolocation data derived from your IP address, and system configuration details.

IP addresses may be used for security purposes, including detecting suspicious login attempts and unauthorized access.

2.8 Communication Data

We process records from emails, live chats, support tickets, and online meetings.

Where permitted by law and with appropriate notice, certain calls or meetings may be recorded after prior consent for quality assurance, training, compliance documentation, or evidentiary purposes.

2.9 Service Improvement

We may use aggregated and anonymized data to analyze trends, improve functionality, enhance user experience, and develop new features. Such aggregated data does not identify individual users.

3. Scientific Research Data

Lab Thread is a specialized platform for managing scientific laboratory research. You may upload texts, images, structured experimental records, sample metadata, attachments, and other files referred to as “Research Data.”

3.1 Ownership and Control

Lab Thread does not own or control Research Data and does not claim intellectual property rights over Customer content.

3.2 Processing Responsibility

The Customer (your organization), as the Data Controller, is responsible for the lawfulness of any Personal Data contained within Research Data, including ensuring appropriate consent, lawful basis, and compliance with regulatory requirements (e.g., GDPR, HIPAA where applicable, or other sector-specific regulations).

Lab Thread processes such data solely as a Data Processor under contractual instructions.

3.3 Audit Trails and Regulatory Compliance

Lab Thread maintains immutable audit trails in support of laboratory compliance requirements, including 21 CFR Part 11 GLP/GMP environments where applicable. Certain identifiers may be retained within audit logs to preserve scientific integrity, regulatory traceability, and compliance obligations.

As a result, deletion or erasure requests may be limited where retention is required for legal, regulatory, or scientific recordkeeping purposes.

4. Legal Basis and Data Usage

We utilize your information for the following purposes:

Contractual Performance: To provide the Service, manage subscriptions, process billing, offer technical support, enforce our Terms of Service, and maintain account functionality.

Legitimate Interests: For system security, fraud detection, software optimization, analytics, platform maintenance, internal administrative purposes, and protection of our legal rights.

Marketing: To send periodic emails regarding educational content, product updates, new release information, and “tips and tricks.” You may unsubscribe at any time via the unsubscribe link included in such communications.

Legal Obligations: Cooperating with regulatory authorities, responding to lawful requests, complying with tax and accounting requirements, and protecting the safety of the public or our interests.

5. Tracking and Storage Technologies

We use gathering tools to enhance performance and functionality:

Cookies: Small files used to identify your browser, remember login status, and understand how you navigate our Service.

Local Storage (DOM): Web storage that supports persistent data storage with enhanced capacity compared to cookies.

Sessions: Data used to identify the specific areas of our platform that you have visited.

Remarketing: The practice of serving ads across the internet to individuals who have already visited our website. We do not sell Personal Data for advertising purposes.

Where legally required, we obtain consent before placing non-essential cookies.

6. Data Retention and Sharing

6.1 Retention Periods

We retain conversation and personal data for up to 6 years unless your account is deleted or a longer retention period is required by law.

Upon account deletion, we dispose of Personal Data within 60 days unless retention is legally required for:

  • Tax and accounting compliance
  • Legal defense
  • Fraud prevention
  • Regulatory obligations

6.2 Recipients and Subprocessors

We share information with Corporate Affiliates and trusted third-party service providers for hosting, server maintenance, analytics, customer communication tools, and credit card processing via secure SSL/TLS technology.

All subprocessors are contractually bound by data protection obligations, confidentiality requirements, and appropriate security safeguards.

A list of current subprocessors is available upon request.

6.3 International Transfers

Your Personal Data may be transferred to and processed in the United Kingdom, the European Economic Area (EEA), the United States, or other jurisdictions where our service providers operate.

Where Personal Data is transferred outside the UK or EEA, we rely on appropriate safeguards such as:

  • UK International Data Transfer Agreements (IDTA)
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Other lawful transfer mechanisms

6.4 Business Transitions

We reserve the right to transfer data to a third party in the event of a merger, acquisition, restructuring, sale of assets, or bankruptcy, provided the successor entity adheres to applicable data protection obligations.

7. Personnel Data

If you are a Lab Thread employee, contractor, or applicant, we collect information you voluntarily provide for Human Resources purposes, recruitment, onboarding, payroll administration, benefits management, compliance, and internal administration.

Such data is processed in accordance with applicable employment and data protection laws.

8. Security Measures

We implement appropriate technical and organizational measures designed to protect Personal Data, including:

  • Encryption in transit (TLS/SSL)
  • Encryption at rest where applicable
  • Access controls and role-based permissions
  • Multi-factor authentication (where enabled)
  • Secure cloud infrastructure
  • Regular security reviews
  • Logging and monitoring
  • Vulnerability management practices

While no system can guarantee absolute security, we follow industry best practices to reduce risks of unauthorized access, disclosure, alteration, or destruction.

9. Data Breach Notification

In the event of a Personal Data breach, we will:

  • Investigate and contain the incident promptly
  • Notify affected Customers without undue delay
  • Notify supervisory authorities where legally required
  • Communicate with affected individuals where required by law

10. Global User Rights

We implement GDPR-level protections as our global baseline.

10.1 EEA and UK Residents

You have the right to access, rectify, erase, restrict processing, object to processing, request data portability, withdraw consent, and lodge a complaint with a supervisory authority.

10.2 California Residents (CCPA/CPRA)

You have the right to know what information is collected, request deletion or correction, opt out of sale or sharing (we do not sell Personal Information), and receive non-discriminatory treatment for exercising your rights.

11. No Sale of Data

Lab Thread does not sell Personal Data and does not share Personal Data for cross-context behavioral advertising.

12. Updates to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email, website notice, or in-application notification.

13. Contact Information

If you have questions, concerns, or wish to enforce your rights, please contact us:

Lab Thread Ltd
MEPC Silverstone Park Innovation Centre
Silverstone Park
Silverstone
Towcester NN12 8GX
United Kingdom

Email: info@labthread.comPhone: +44 115 795 0256Web: labthread.com

Lab Thread is a simple, secure digital thread that connects your lab’s workflows. It enhances collaboration, supports reproducibility & continuity, and ensures compliance. Easily.
Stay at the cutting edge
Product
Pricing
Stay with us
Contact Us
LinkedIn
Latest from our blog
ELNs haven’t influenced research behaviour as much as you'd think, and I wanted to understand why.
Lab Thread Announces Beta Release of Unified Lab Software Platform
Lab Thread welcomes SaaS еxpert John Zafar as Chairman of the Board
Privacy Policy
Terms of Service
2006 Lab Thread. All right reserved.