Legal

Privacy Policy

Last updated: March 15, 2026

1. Introduction

Moshira ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services.

2. Information We Collect

We collect information you provide directly (name, email, organization, role), data uploaded for analysis (genomic, proteomic, clinical data), and automatically collected data (IP address, browser type, usage analytics via privacy-respecting tools).

3. How We Use Your Information

We use your information to: provide and improve the Services; process and analyze uploaded research data; communicate with you about your account and updates; ensure platform security; and comply with legal obligations.

4. Data Security

We implement industry-leading security measures including AES-256 encryption at rest, TLS 1.3 in transit, hardware security modules (HSM), SOC 2 Type II certified infrastructure, and continuous monitoring with automated threat detection.

5. HIPAA Compliance

Moshira is fully HIPAA compliant. We sign Business Associate Agreements (BAAs) with all covered entities. PHI is encrypted, access-controlled, and audit-logged. We conduct annual third-party HIPAA audits.

6. GDPR Rights

If you are in the EEA, you have the right to: access your personal data; request correction or deletion; restrict processing; data portability; and withdraw consent. Contact privacy@moshira.com to exercise these rights.

7. Data Retention

We retain your data for the duration of your subscription plus 90 days. Research data is deleted upon request or within 30 days of account termination. Aggregated, de-identified analytics may be retained indefinitely.

8. Third-Party Sharing

We do not sell your data. We share information only with: infrastructure providers (AWS, Supabase) under strict data processing agreements; legal authorities when required by law; and affiliates bound by this Privacy Policy.

9. International Transfers

Data may be processed in the United States and European Union. We use Standard Contractual Clauses (SCCs) and encryption to ensure adequate protection for international transfers.

10. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We will notify you of material changes via email at least 30 days in advance. Continued use after changes take effect constitutes acceptance.

12. Contact

For privacy inquiries, contact our Data Protection Officer at privacy@moshira.com.