Last Updated:
August 14, 2025
This Privacy Policy describes the principles and practices of Rostra Labs, Inc. ("Rostra," "we," "us," or "our") regarding the collection, use, disclosure, and protection of personal information in connection with your access to and use of our services through the minibase.ai domain, including all affiliated websites, web applications, and online services. Effective as of August 14, 2025, this Policy applies to all users of our platform, which provides tools and infrastructure for anyone to design, build, and deploy AI models. Rostra is committed to safeguarding your privacy and maintaining the security of your data, recognizing the heightened importance of data protection in the scientific research community. We process personal information in accordance with applicable data protection laws and regulations, including the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and other relevant legal frameworks. By accessing or using our Services, you acknowledge and agree to the terms outlined in this Privacy Policy. If you do not agree with these practices, you should not use our Services. We are dedicated to ensuring transparency in how your information is handled, striving to provide clear guidance regarding your rights and our responsibilities, and upholding the highest standards of privacy and data security throughout your engagement with Rostra.
This Privacy Policy is effective as of August 14, 2025. From this date, it governs all collection, use, storage, and sharing of personal data by Rostra Labs, Inc. across its websites, web applications, and services. This policy supersedes any previous versions and remains in effect until replaced or updated. By continuing to use Rostra's platform or services on or after the effective date, you acknowledge and agree to the terms outlined herein.
This Privacy Policy explains how Rostra Labs, Inc. ("Rostra," "we," "us," or "our"), the operator of the minibase.ai domain, collects, uses, protects, and discloses your personal information when you interact with our websites, web applications, and related services. Rostra is an advanced platform created to support and accelerate the building and deployment of AI models.
This policy applies to all users of Rostra’s websites, applications, and services, regardless of where you are located or how you access our platform. We are firmly committed to safeguarding your privacy and ensuring that your personal data is handled responsibly, securely, and with full transparency. Our data practices are designed to comply with all applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA), among others. By accessing or using any part of our Services, you acknowledge and accept the practices and obligations described in this Privacy Policy. If you do not agree with the terms set forth herein, you should discontinue use of our Services. Our platform is primarily intended for use by professional researchers, scientists, and organizational users seeking advanced research and collaboration tools.
Rostra Labs, Inc. collects personal information to operate, secure, and improve our platform and provide our Services to researchers and scientists. We are committed to data minimization and purpose limitation, collecting only what is necessary to fulfill these purposes and in line with applicable data protection laws.
Information you provide directly to us includes:
Information we collect automatically as you interact with Rostra includes:
We do not intentionally collect sensitive personal data as defined under applicable privacy laws unless you choose to submit such information in the course of using our Services. Should you submit sensitive data, it will be treated with heightened confidentiality and security, consistent with our policy and legal requirements. Our Services are not intended for, and do not knowingly collect, personal data from children under 16 years of age. Any such information discovered will be deleted promptly in accordance with our policies.
We collect information that you choose to provide directly when interacting with our Services. This includes several categories of data fundamental to your experience on the Rostra platform:
Account Registration Data: When you create an account, you will be asked to provide certain personal information, such as your name, email address, and a password. You may also choose to supply additional profile details, including your organization, job title, or other professional information. Rostra manages authentication internally and stores your credentials securely using strong hashing protocols. This information is required to establish and manage your account, ensure secure access, and personalize your experience.
Content and Submissions: The core functionality of Rostra involves your active input of data and content. This includes any datasets, documents, labels, or metadata you upload or submit through the platform. It also encompasses your contributions to community features, such as shared datasets or models. Models created using our Platform are also retained to facilitate your use of the Services. You remain the owner of all content you provide. Rostra processes this information strictly to deliver, support, and enhance the Services as described in this Privacy Policy.
Communications and Support Data: If you contact us for support, submit feedback, engage in surveys, or otherwise correspond with our team, we collect the information you choose to share in these communications. This may include your contact details (such as email address or phone number) and the content of your message or inquiry. This information is used to address your requests, respond to your questions, improve our Services, and maintain records of communications as needed for quality assurance and compliance.
All information you provide is handled with strict confidentiality and used solely for the purposes of operating, maintaining, and improving the Rostra platform. We do not collect more information than is necessary, and we do not use your data for marketing, advertising, or any secondary purposes unrelated to the provision of our Services.
Rostra Labs, Inc. uses cookies and similar tracking technologies, including web beacons and local storage, to support the secure and effective operation of its website and services. These technologies are deployed to enable core platform features, improve user experience, and help us understand how our services are being used.
We employ the following categories of cookies:
Rostra Labs, Inc. does not use advertising, marketing, or third-party tracking cookies. We do not allow any cookies or technologies for behavioral advertising, and we do not share, sell, or permit the use of your browsing behavior for third-party marketing purposes. Our use of cookies is exclusively focused on maintaining platform security, supporting research workflows, and improving functionality for our users.
You retain control over your cookie settings. Most browsers accept cookies automatically, but you may adjust your browser settings to refuse or delete cookies, or to notify you when cookies are set. Please note that blocking or deleting essential cookies may limit your ability to use key features of our services, including secure authentication and session continuity. Where required by law, such as in the European Economic Area, United Kingdom, and other jurisdictions, we will display a consent banner and seek your explicit consent before setting non-essential cookies. Your continued use of Rostra’s services with cookies enabled signifies your acceptance of the practices described in this Privacy Policy.
If we engage third-party analytics providers to help us understand service usage, they act solely on our instructions and are contractually prohibited from using your data for their own purposes or disclosing it to others. These providers are required to maintain strict confidentiality, process information only for our specified purposes, and comply with applicable data protection laws. We carefully vet all third-party providers to ensure they adhere to the security and privacy standards reflected in this policy.
Rostra Labs, Inc. processes your information solely to deliver, maintain, and enhance the Minibase platform and services. We use your data to authenticate your identity, enable secure access to Minibase features, and process your inputs to design, train, evaluate, and deploy small AI models. This includes managing datasets and annotations; configuring and running training, fine-tuning, distillation, quantization, and evaluation jobs; tracking experiments and model artifacts in registries; packaging models for hosted inference endpoints or on-device deployment; and supporting collaboration and account administration.
To improve and develop our services, we analyze usage patterns and feedback (typically in an aggregated and anonymized manner) to understand how users interact with the platform. This analysis supports troubleshooting, performance optimization, and the development of new features that benefit the research community. Any review of your specific content for service improvement is conducted internally and strictly to enhance your individual or organizational experience; your data is never used to train or develop general-purpose AI models unless you have provided explicit, informed consent for a specific feature.
We use your contact details to communicate essential information, such as service notifications, technical updates, responses to your inquiries, and security alerts. If you opt in to receive newsletters or marketing communications, your information will be used for those purposes, and you may opt out at any time.
For the security and integrity of the platform, we process your data to detect, prevent, and address security incidents, fraud, abuse, and unauthorized activities. This includes monitoring for suspicious activity, enforcing our Terms of Service, and protecting the rights and data of all users. We may also process your personal data as required to comply with applicable laws, regulations, or legal processes, or to respond to lawful requests from authorities. This includes using data as needed to exercise or defend legal claims or to cooperate with regulators and law enforcement when required by law.
Rostra does not use customer data to train, develop, or improve general AI models, and will never do so without your explicit, informed consent. Your proprietary data and research outputs are not used to benefit other customers or the public, unless you authorize such use. Furthermore, we do not sell, rent, or share your personal information with third parties for their own marketing or advertising purposes. Data processing is limited strictly to what is necessary to operate and improve the platform for your benefit.
For users in the European Economic Area, United Kingdom, and similar jurisdictions, our legal bases for processing personal data include: (a) performance of a contract, to fulfill our obligations and provide the services you request; (b) legitimate interests, to improve the platform, maintain security, and communicate important information to you, in a manner balanced with your privacy rights; and (c) compliance with legal obligations. Where consent is required (such as for optional communications or specific features), we will obtain it in advance, and you have the right to withdraw your consent at any time.
You retain full ownership of all content and personal data that you submit to Minibase, including but not limited to text, files, images, datasets, code, configurations, annotations, training parameters, documents, and any model outputs or artifacts (such as checkpoints, weights, or packaged deployments) generated for you by the platform. Rostra Labs, Inc. does not claim any intellectual property rights over your proprietary data, models, or the results derived from your use of the Services. At all times, you control your content, models, and personal data.
To enable the delivery and continuous improvement of Minibase’s Services, you grant Rostra Labs, Inc. a limited, non-exclusive, royalty-free, worldwide license to process, store, and use your data solely as necessary to operate and enhance the platform for your benefit. This license is strictly confined to activities integral to service provision, such as processing datasets through training jobs, generating and storing evaluation results, managing model artifacts, enabling deployments, and backing up data for reliability and recovery. Rostra will not process or use your data for any unrelated purpose without your explicit consent.
Rostra does not use customer data to train general-purpose machine learning models or models available to other users, unless you have provided explicit, informed consent for such use. Any improvements to Minibase’s systems that require user data for training or testing will be performed only with your authorization and for your benefit. Rostra never sells, leases, rents, or otherwise monetizes your personal data, content, or models to third parties. The use of your data is strictly limited to what is necessary to operate, maintain, and improve the Services for you. Rostra may generate aggregate and anonymized statistical data for internal research and product development, but such data will be stripped of all personally identifiable information and cannot reasonably be linked back to individual users.
Rostra does not intentionally collect sensitive personal data, such as information regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, health, biometric or genetic data, or precise geolocation. You are requested not to include sensitive personal data in your submissions unless it is strictly necessary for your intended use. If you do submit sensitive data, you consent to its processing solely for the purpose of delivering the requested Services, and Rostra will treat such information with heightened security and confidentiality in accordance with this Privacy Policy and applicable law. Should Rostra become aware of any unintentional collection of sensitive personal data without clear consent, it will act promptly to delete or irreversibly anonymize such data.
You have meaningful and ongoing control over your data in the Minibase platform. You may access, download, update, share, or delete your content, models, and account information directly using the available platform tools, subject to technical and legal limitations. If you request deletion of specific content, models, or your entire account, Rostra will begin the process of removing or anonymizing your data from active systems. Please note that deleted content or models may remain in backup or archival storage for a limited period (as required for reliability and legal compliance), but during this time they will not be used for any active purpose and remain protected by this Privacy Policy.
The Minibase platform is designed to support collaboration by enabling users to create, share, and manage content and model resources through features such as shared datasets, collaborative workspaces, public or organization-specific model registries, forums, and other mechanisms that facilitate group contributions. When you submit content using these features (including, but not limited to, datasets, annotations, training configurations, model artifacts, documentation, or evaluation reports), you acknowledge that such user-generated content may be visible to other authorized users of the platform or, depending on the feature and its privacy settings, to the broader public. The visibility and accessibility of your content will be governed by the intended design and settings of each collaborative tool.
You are solely responsible for ensuring that you have the necessary rights, licenses, and permissions for any content, models, or datasets you upload or share, and for confirming that your contributions do not infringe on the intellectual property, privacy, or other rights of third parties. Please exercise care and discretion when posting personal, confidential, or sensitive information in any collaborative or public section of the platform. Rostra Labs, Inc. cannot control how others may use or further disseminate information, models, or datasets that you voluntarily make available through these features. We strongly advise against sharing confidential, proprietary, or sensitive personal data (such as health, genetic, financial, or identity-related information) in any area where it could be accessed by other users or the public, unless it is strictly necessary for your work and you fully understand the associated risks.
You will typically have the ability to edit or delete your own contributions using the platform’s provided controls. However, you should be aware that previously shared or accessed content or models may remain available in cached pages, archives, or copies retained by other users, and that Rostra may retain backups of such content for a limited time as part of our operational and security protocols. The removal or modification of content will be handled in accordance with our data retention and erasure policies, and we will make reasonable efforts to honor your requests for deletion within technical and legal limits.
All user-generated content, datasets, and model artifacts are subject to Minibase’s Terms of Service, Privacy Policy, and content moderation guidelines. While Rostra does not actively monitor or pre-screen all user submissions in real time, we use automated systems and periodic reviews to help identify content that may violate our policies or applicable laws. Rostra reserves the right, at its sole discretion and without prior notice, to review, remove, restrict access to, or edit any user-submitted content or model that is found to be unlawful, infringing, offensive, or otherwise in violation of our guidelines or legal requirements. Users are fully responsible for the legality, accuracy, and appropriateness of all contributions made to the platform.
Rostra Labs, Inc. discloses your personal information only in limited circumstances, focusing on providing and supporting our Services, fulfilling legal requirements, and protecting your rights. We do not sell, rent, or otherwise monetize your personal data.
Sharing with Service Providers: We engage carefully selected third-party service providers to support the operation and enhancement of our platform. These providers may handle cloud infrastructure and hosting, analytics, IT support, email communications, or other essential services. All such providers are contractually bound to process personal data exclusively on our behalf, under our documented instructions, and only for the specific purposes necessary to deliver their services to us. They must implement robust confidentiality and security measures and are not permitted to use your information for their own purposes or to disclose it to unauthorized parties.
Affiliates and Corporate Group: Where Rostra Labs, Inc. operates within a group of affiliated entities or subsidiaries, personal information may be shared internally for legitimate business operations, such as platform administration, support, or compliance. Any such sharing is subject to the same privacy and security commitments set out in this Privacy Policy, and affiliates are required to maintain equivalent standards of data protection and confidentiality.
Business Transfers: If Rostra Labs, Inc. is involved in a merger, acquisition, reorganization, asset sale, or similar transaction, your personal information may be transferred as part of that process. In such circumstances, we will require the successor entity or acquirer to comply with privacy commitments that are at least as protective as those described in this Policy. You will be notified in advance, by email or a clear notice on our website, of any change in ownership or control that affects your personal data or results in its processing under a different privacy policy.
Legal Obligations and Rights Protection: We may disclose your personal information where required by applicable law, regulation, legal process, or government request (such as a subpoena or court order). We may also disclose data to enforce our Terms of Service, investigate potential violations, detect or prevent fraud or security issues, or protect the rights, property, or safety of Rostra Labs, Inc., our users, or others. Unless prohibited by law, we will endeavor to notify you if your data is subject to a governmental or law enforcement request, and, where possible, will direct such requests to you for response.
No Disclosure for Third-Party Marketing: Rostra Labs, Inc. does not share personal information with third parties for their independent marketing or advertising purposes, nor do we sell your personal data as defined by applicable privacy laws. We do not transfer your information to social media platforms, advertising networks, or identity providers for such purposes, as our authentication processes are managed internally.
User-Directed Disclosures: We will only share your personal information with third parties outside these circumstances if you explicitly request or authorize such sharing. For example, if you choose to connect Rostra to an external service, integrate with your organization’s systems, or export data to a third party, we will facilitate that transfer solely with your informed consent and instructions. Such disclosures are subject to this Policy and any specific terms agreed upon with you.
By adhering to these principles, Rostra Labs, Inc. ensures that your personal data is disclosed only as necessary, under strict obligations, and always with your rights and expectations in mind.
Rostra Labs, Inc. takes the protection of your personal data seriously and employs a comprehensive set of technical and organizational safeguards designed to prevent unauthorized access, disclosure, alteration, or loss of your information. All data transmitted between your device and our systems is encrypted using industry-standard protocols such as Transport Layer Security (TLS), and, where appropriate, data stored on our servers or cloud infrastructure is encrypted at rest. Access to personal data is restricted to authorized Rostra personnel, contractors, and service providers who require such access to fulfill their job responsibilities and are bound by strict confidentiality agreements and subject to ongoing privacy and security training.
Our security measures include robust access controls, secure authentication procedures, and layered network security to prevent unauthorized system access. We regularly monitor our systems for vulnerabilities, carry out security assessments and penetration testing, and conduct code reviews to identify and address potential weaknesses. Rostra maintains a detailed incident response plan to address potential data security breaches; in the event of a confirmed incident, we will act promptly to mitigate harm and, as required by law, notify affected individuals and relevant authorities in a timely manner.
In addition to technical controls, we enforce internal organizational policies regarding data handling and train all staff with access to personal information on privacy best practices and their legal obligations. These policies include requirements for confidentiality, data minimization, and secure data handling throughout the lifecycle of your information.
Despite our commitment to strong security, no method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You also play an essential role in keeping your data safe: it is your responsibility to choose a strong, unique password for your Minibase account, refrain from sharing your login credentials, and promptly inform us at sales@minibase.ai if you suspect any unauthorized activity or discover a potential security issue related to your account or our services.
Rostra Labs, Inc. retains personal data only for as long as necessary to provide Services, fulfill the purposes for which the data was collected, and comply with applicable legal, regulatory, and contractual requirements. We prioritize data minimization and ensure secure disposal of information when retention is no longer justified.
Personal and account information, including your name, contact details, and profile data, is retained while your account is active to support your ongoing use of our platform. When you request account deletion, or your account becomes inactive for an extended period, we will delete or anonymize your personal information from active systems within a reasonable timeframe, typically within 30 to 90 days following account closure, unless a longer period is required by law or legitimate business need.
User-generated content and data—including uploaded documents, datasets, queries, research notes, and AI-generated outputs—are kept to facilitate your access and use of the Services. If you delete specific content or your account, we will initiate secure deletion or anonymization of that content from our production environment. However, copies of data may remain in encrypted backups for a limited retention period as part of our disaster recovery and business continuity protocols. These backups are maintained solely for system integrity and are not processed for any other purpose. Full deletion from all backup media may take up to several weeks, after which no further active processing or access will occur.
Technical and usage data, such as system logs, feature usage patterns, and IP addresses, are generally retained for up to 12 months to support platform operations, monitor security, and enable internal analytics. Aggregated or irreversibly anonymized usage data, which cannot be used to identify you, may be kept indefinitely for statistical, research, or service improvement purposes.
In certain circumstances, we may be required by law to retain specific information for longer periods, such as records necessary for tax compliance, accounting, legal claims, dispute resolution, or to respond to regulatory requests. In all such cases, we will retain only the minimum data required and will delete or anonymize it as soon as the legal or business obligation ceases. When data is no longer needed for any legitimate purpose, we commit to secure deletion or irreversible anonymization using industry-standard methods.
Rostra processes and stores personal data primarily on servers located in the United States. If you access our Services from outside the United States, your personal data may be transferred to, processed in, and accessible from the United States or other countries where Rostra, its affiliates, or its trusted service providers operate. These countries may have data protection laws that differ from those in your jurisdiction and may not always provide the same level of data protection as your home country.
To safeguard your privacy and comply with applicable data protection regulations, Rostra implements recognized legal mechanisms for international data transfers. For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been designated as providing an adequate level of data protection by the relevant authorities, Rostra relies on Standard Contractual Clauses adopted or approved by the European Commission or relevant authorities, as well as supplementary technical and organizational measures where necessary. These contractual commitments are designed to ensure that your personal data remains protected and that your rights are upheld, regardless of where your data is processed.
By using our Services or providing your personal information to Rostra, you acknowledge and, where required by law, consent to the transfer, storage, and processing of your data in the United States and any other country where Rostra or its service providers maintain facilities, in accordance with this Privacy Policy and applicable law. Where local regulations require explicit consent for such transfers, we will obtain it before proceeding.
If you have any questions about how your personal data is protected during international transfers, or if you would like additional details on the specific safeguards in place, please contact us using the information provided in the Contact Information section of this policy.
Rostra Labs, Inc. is dedicated to respecting and upholding your rights concerning your personal data, in line with global data protection laws such as the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) and its amendments, and other relevant legislation. The rights available to you may differ depending on your location, the specific legal framework that applies, and the context of how your data is processed. Below, we summarize the primary rights you may have and how you can exercise them.
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with comprehensive data protection laws, you may be entitled to:
If you are a California resident, you have additional rights under the CCPA and CPRA, including:
To exercise any of these rights, please contact us at sales@minibase.ai. Include a detailed description of the right you wish to exercise and sufficient information for us to verify your identity, such as details linked to your Rostra account or recent interactions. We use this information solely for verification and security purposes. We will respond within the timeframes required by law—typically within one month for GDPR requests and within 45 days for CCPA/CPRA requests, with the possibility of extension as allowed. If we cannot fulfill your request due to legal requirements or exceptions, we will explain the reasons for our decision.
Beyond formal requests, you can manage, review, and update much of your information directly through your Rostra account settings. You may also delete your account via the account management page or by contacting us. For your security, we may require confirmation before processing account deletions or other sensitive requests.
Rostra Labs, Inc. is committed to facilitating your privacy rights and encourages you to reach out with any questions, concerns, or requests related to your personal data and its management.
Rostra Labs, Inc. is committed to respecting and protecting your privacy rights, regardless of where you are located. We process personal data with transparency and fairness, adhering to all applicable data protection laws and industry best practices. Recognizing that privacy regulations differ across jurisdictions, we strive to provide all users with a high standard of data protection, while also meeting any specific legal requirements that may apply to you based on your location or the nature of your use of our services.
Depending on where you reside, the scope and nature of your privacy rights may vary. For example, individuals in the European Economic Area (EEA) and the United Kingdom are granted specific rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, and data portability. California residents are provided certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), such as the right to know, delete, and correct personal information, and the right to opt out of certain uses or disclosures. If you are located in another jurisdiction, you may have additional or different rights under local laws.
We continually review and update our privacy practices to ensure compliance with evolving global privacy standards. Our approach is to apply the most protective measures required by any applicable law to all users wherever practicable. We clearly communicate the rights available to you, provide accessible mechanisms for exercising those rights, and ensure that your requests are handled promptly and in accordance with relevant legal obligations. If you have questions about your specific rights or how they apply to your use of Rostra’s services, you can always contact us for further information.
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with equivalent data protection laws such as the General Data Protection Regulation (GDPR), you have specific rights regarding your personal data. Rostra is committed to respecting and facilitating the exercise of these rights:
Right of Access: You are entitled to obtain confirmation as to whether or not your personal data is being processed by Rostra, as well as access to that data. Upon request, we will provide information about the types of personal data we process, the purposes of processing, the categories of recipients to whom your data has been or will be disclosed, the retention period, and the safeguards in place (where data is transferred outside your jurisdiction).
Right to Rectification: You have the right to request the correction of inaccurate personal data or the completion of incomplete data concerning you without undue delay. Most basic account information can be updated by you directly through your user account settings.
Right to Erasure ("Right to be Forgotten"): You may request the deletion of your personal data in situations where it is no longer necessary for the purposes for which it was collected, if you withdraw your consent and there is no other legal basis for processing, or if your data has been unlawfully processed. Rostra will honor such requests unless retention is required by law or for the establishment, exercise, or defense of legal claims. Details are provided in our Data Retention section.
Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy, the processing is unlawful but you do not want erasure, or we no longer need the data but you require it for legal claims. While processing is restricted, Rostra will only store the data and will not process it further except with your consent or as legally required.
Right to Object: You may object at any time to processing of your personal data carried out on the grounds of Rostra’s legitimate interests (or those of a third party), particularly where the processing relates to your specific situation. You also have the right to object at any time to the processing of your data for direct marketing purposes. When you object to direct marketing, we will immediately cease processing your data for that purpose.
Right to Data Portability: Where processing is based on your consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another data controller, where technically feasible.
Right to Withdraw Consent: When our processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing carried out before your withdrawal, but it may affect your ability to use certain features or services that rely on consent.
Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. This may be the authority in your place of residence, place of work, or where you believe an infringement has occurred. Before contacting a supervisory authority, we encourage you to contact us directly so we can address your concerns promptly and transparently.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. These rights include:
Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected your information, our business or commercial purposes for collecting or using your information, and the categories of third parties with whom we have shared your information. Unless otherwise required by law, our response will generally cover information collected within the 12 months preceding your request.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions. For example, we may retain information if it is necessary to complete a transaction you requested, detect or protect against security incidents, comply with legal obligations, or for other purposes authorized by law. If we are unable to fulfill your deletion request due to a permitted exception, we will notify you and explain the reason.
Right to Correct: You may request that we correct inaccurate personal information we maintain about you. We will take into account the nature of the information and the purposes for which it is processed, and will use commercially reasonable efforts to make the requested corrections.
Right to Opt Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising, as defined under California law. Rostra Labs, Inc. does not sell personal information to third parties or share your personal information for targeted advertising purposes. Consequently, there is no action required on your part to exercise this right on our platform. We also recognize and respect any legally required consumer privacy signals, such as Global Privacy Control, as applicable.
Right to Non-Discrimination: Exercising any of your CCPA or CPRA rights will not result in discriminatory treatment. We will not deny you services, charge you different prices or rates, provide you a different level or quality of services, or suggest that you may receive a different price or service level because you exercised your rights under these laws.
To exercise any of these rights, you may contact us as described in the Contact Information section of this Privacy Policy. We may need to verify your identity before processing your request, as required by law.
To exercise your privacy rights, please contact us by email at sales@minibase.ai, specifying the particular right you wish to exercise and providing sufficient information for us to verify your identity. Depending on the nature of your request, such as access, deletion, correction, or requests under applicable laws like the GDPR or CCPA, we may require additional details to confirm your identity or to establish that you are authorized to act on behalf of another individual. This verification process may involve matching information you provide with data already on file, and any information collected for this purpose will be used solely to process and confirm your request.
We are committed to responding to all valid rights requests within the timelines required by applicable law. For most requests under the GDPR, we will respond without undue delay and, in any event, within one month of receiving your request; this period may be extended by up to two additional months if necessary, and you will be notified of any such extension along with the reasons. Under the CCPA, responses are generally provided within 45 days, with one possible 45-day extension if reasonably necessary and with prior notice. If we need more time, or if we cannot fulfill your request due to legal, regulatory, or operational reasons, we will communicate the reason for the delay or denial in writing.
Please be aware that, in certain circumstances, your rights may be subject to limitations or exceptions as required or permitted by law. For example, we may be obligated to retain certain information for compliance with legal obligations, fraud prevention, or to protect the rights and freedoms of others. In cases where fulfilling your request would compromise the privacy or rights of other individuals, we may need to redact or withhold specific information. Additionally, data maintained in backup or archival systems may not be immediately deleted but will be removed in accordance with our standard retention policies. Our commitment is to honor your rights to the maximum extent permitted by law, maintaining transparency and adherence to all regulatory obligations.
Rostra offers users a suite of self-service account controls to manage their personal information and content efficiently and securely. By accessing their account settings, users can review and update their profile information, including their name, email address, and notification or communication preferences. The platform enables users to view, manage, and organize their uploaded materials such as datasets, documents, and notes. Where available, users can download or export their content for their own records or further use. Users may also delete individual pieces of content, and when desired, they can initiate deletion of their entire account through the account management interface. When an account or specific content is deleted, Rostra will begin the process of removing the relevant data from active systems, while retaining information only as necessary for legal compliance, backup integrity, or legitimate business needs, as outlined in the Data Retention section. For security and to prevent accidental loss, Rostra may require confirmation before processing account or content deletions. These tools are designed to give users transparent and effective control over their data in accordance with applicable data protection standards.
Rostra's platform and services are intended exclusively for adult scientific researchers and business users. The nature of our offerings, which focus on complex research workflows and scientific discovery, means they are not designed for or marketed to children. We do not knowingly collect, solicit, or process personal information from individuals under 16 years of age. Registration and use of our services by anyone under 16 is strictly prohibited, and our systems are structured to discourage and prevent such access. If we become aware that personal data from a child under 16 has been inadvertently collected, we will promptly take all reasonable steps to delete that information from our systems. If you have knowledge or reason to believe that a child under the age of 16 has provided personal information to Rostra, please notify us immediately at sales@minibase.ai. Upon such notification, we will promptly investigate and, where required, erase the data in accordance with applicable legal requirements. Our commitment to privacy and data protection includes maintaining safeguards to prevent the collection of children’s data and taking decisive action if such data is detected.
Rostra Labs, Inc. may update or amend this Privacy Policy from time to time to reflect changes in legal requirements, technology, our business operations, or the introduction of new features and services. When any changes are made, we will post the revised Privacy Policy on our website at minibase.ai and update the Effective Date at the top of the document to indicate when modifications take effect.
If we make material changes that substantially affect your rights or the way we handle your personal data, we will provide you with clear and timely notice before those changes take effect. This notice may be delivered through email to registered users or by displaying a prominent announcement on our website. We encourage all users to review the Privacy Policy periodically so that you remain informed about how your information is collected, used, and protected.
Your continued use of the Rostra Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy, to the extent permitted by law. If you do not agree with any part of the updated Privacy Policy, you should discontinue use of our Services and may request account deletion or contact us for further assistance.
For any questions, concerns, or requests regarding this Privacy Policy or Rostra’s data practices, please contact us at sales@minibase.ai. This email address is the designated point of contact for all privacy-related matters, including exercising your data protection rights, requesting information about our privacy or security measures, submitting feedback, or filing a complaint. We are committed to addressing all inquiries in a timely, transparent, and professional manner. Our team will review your request and respond as soon as possible, in accordance with applicable data protection laws and best practices. Your trust and privacy are important to us, and we welcome your communication to help us ensure our practices meet your expectations and legal requirements.
