Legal

Privacy Policy

Effective date: 16 May 2026

This Privacy Policy describes how ARAS (Advanced Research Automation System) collects, uses, and protects information when you use our platform.

1. Data We Collect

  • Account information: email address and display name provided during registration via Supabase Auth.
  • Project data: research project details, team memberships, roles, and configurations you create within ARAS.
  • Lab records: Electronic Lab Notebook entries, protocol executions, inventory records, biobank sample data, and equipment logs — all entered by you and your team.
  • Uploaded files: research documents, data files, and literature PDFs stored in Supabase Storage.
  • Usage data: access timestamps and system-generated audit logs for data integrity purposes.

2. How We Use Your Data

  • To provide and operate the ARAS platform and its features.
  • To enforce role-based access control within research projects.
  • To generate AI-assisted insights using your project context (data is sent to third-party AI providers — see section 5).
  • To maintain immutable audit trails required for research data integrity and institutional compliance.
  • We do not sell your data to third parties. We do not use your research data for advertising.

3. Data Storage & Security

  • All data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) enforced at the database level. Only authorized project members can access their project's data.
  • File uploads are stored in Supabase Storage with access restrictions matching your project membership.
  • Connections to ARAS are encrypted via HTTPS/TLS.
  • Passwords are never stored by ARAS — authentication is handled by Supabase Auth.

4. Data Retention

  • Your data is retained as long as your account is active.
  • If you delete your account, your personal account data will be removed. Project data may be retained if other members remain in the project.
  • Audit logs (immutable records) are retained for research integrity purposes as required by institutional standards.

5. Third-Party AI Services

  • ARAS uses AI services to power features such as Djibril Assistant, Scout Agent, and literature analysis.
  • Groq API: used for fast inference tasks (Djibril chat, IDP suggestions, quick analysis). Prompts may include project context you provide.
  • Google Gemini API: used for manuscript writing assistance and deep reasoning tasks.
  • Data sent to these providers is subject to their respective privacy policies. We minimize the data sent and do not share identifying personal information beyond what is necessary for the task.

6. Your Rights

  • Access: You may request a copy of your personal data at any time.
  • Correction: You may update your profile information directly within ARAS.
  • Deletion: You may request deletion of your account and associated personal data by contacting us.
  • Data portability: Research data you have created can be exported from within ARAS in supported formats.

7. Cookies

  • ARAS uses session cookies managed by Supabase Auth to maintain your login state. These are essential cookies and cannot be disabled while using the service.
  • We do not use tracking cookies or advertising cookies.

8. Changes to This Policy

  • We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of ARAS after changes constitutes acceptance of the updated policy.

9. Contact

  • For privacy-related questions or requests, contact us at: admin@malayansaintifika.id
  • ARAS is developed by PT Malayan Saintifika Indonesia — malayansaintifika.id