Lab Laps

Back to Lab Laps

Legal

Privacy Policy

1. Scope

This Privacy Policy applies to the Lab Laps website available at lablaps.com. It covers our informational pages, our free web tools (such as the public online colony counter), the signed-in web workspace (for example synced colony counter projects and account settings under /app/* routes), shared-project preview links, and optional account sign-in on the website. Privacy terms for the native mobile app are available at /app/privacy.

This policy is intended to meet GDPR transparency requirements (Articles 12-14 GDPR) and also provides additional disclosures for users in other jurisdictions where applicable.

2. Controller and Contact

The controller for data processing on this website is Lab Laps. Operator details are published in our Imprint. If you have questions about this policy or want to exercise privacy rights, contact us at support@lablaps.com.

If we designate a formal EU/EEA representative or data protection officer in the future, we will publish those details here.

3. Categories of Personal Data

  • Technical request data: IP address, user agent, URL, referrer, date/time, and related request metadata needed to deliver and secure the site.
  • Security, reliability, and error-monitoring data: infrastructure and application logs, automated error and crash reports, and related diagnostic telemetry used for abuse prevention, incident response, and stability. When a fault occurs, our error-monitoring provider may receive technical context such as IP address, browser and device information, page URL, stack traces, and—if you are signed in—account identifiers needed to investigate the issue.
  • Consent data: your cookie preference status stored in your browser (local storage key lab_laps_cookie_consent) and associated timestamps.
  • Colony counter images and usage: if you use the free online colony counter, the plate image you upload, choose, or capture, the counting parameters, and the resulting detection data. Images are processed only to generate a count when you actively request it.
  • Account data (only if you sign in): your email address and authentication data handled by our authentication provider, and, if you sign in with Google or Sign in with Apple, the basic account information those providers share based on your settings.
  • Signed-in workspace and synced tool data (only if you sign in): colony counter projects, plate images stored in our cloud storage, detections, count areas, usage quotas (for example web AI count limits), subscription or entitlement metadata needed for workspace features, and related preferences. The workspace may also keep a local copy in your browser for faster access and offline resilience between syncs.
  • Shared-project data: if you open a project share link, the shared project content is retrieved from our backend so it can be displayed to you.
  • Anti-abuse / bot-protection data: when you sign in, our captcha provider may process technical and interaction data (including IP address and device/browser signals) to distinguish humans from bots.
  • Analytics data (opt-in only): page views, navigation events, high-level interaction metrics, and performance telemetry.
  • Subscription and billing data (if you subscribe on the web): subscription status, billing period metadata, Stripe customer and subscription identifiers, and related entitlement data needed to unlock Pro features. Payment card details are collected and processed by Stripe; we do not store your full card number.
  • Contact data: information you send us directly by email or similar channels.

4. Purposes and Legal Bases (Art. 6 GDPR)

  • Website delivery and security (Art. 6(1)(f) GDPR - legitimate interest): ensuring availability, integrity, and protection against misuse. This includes short-term, IP-based rate-limiting of the colony counter to prevent automated abuse.
  • Error monitoring and diagnostics (Art. 6(1)(f) GDPR - legitimate interest): detecting, investigating, and fixing software defects, outages, and security issues.
  • Providing the colony counter (Art. 6(1)(b) GDPR - performance of a service you request, and Art. 6(1)(f) GDPR): processing the image you submit to generate a colony count and to enforce free-usage limits and prevent abuse.
  • Account sign-in and authentication (Art. 6(1)(b) GDPR): creating and securing your account and keeping you signed in when you choose to use account features.
  • Signed-in workspace and cross-device sync (Art. 6(1)(b) GDPR): storing and syncing workspace tool data (such as colony counter projects) when you use signed-in features, including sync with the Lab Laps mobile app where supported.
  • Bot and abuse protection (captcha) (Art. 6(1)(f) GDPR - legitimate interest in preventing automated attacks and fraudulent sign-ups).
  • Compliance and enforcement (Art. 6(1)(c) and 6(1)(f) GDPR): fulfilling legal obligations and defending legal claims.
  • Analytics and performance measurement (Art. 6(1)(a) GDPR - consent): measuring and improving content, UX, and technical performance.
  • Web subscriptions and billing (Art. 6(1)(b) GDPR): processing subscription and payment data to provide Lab Laps Pro, manage renewals, cancellations, and customer support for web checkout.
  • Communication handling (Art. 6(1)(b) or 6(1)(f) GDPR): responding to inquiries and support requests.

5. Cookies, Local Storage, and Consent Management

We use a consent banner to collect and store your analytics preference. Consent preferences are saved in your browser local storage under lab_laps_cookie_consent.

Analytics tracking is disabled by default and only enabled after explicit opt-in. You can withdraw or change consent at any time via cookie settings. Withdrawal does not affect lawfulness of processing before withdrawal.

Strictly necessary cookies and storage (no consent required). Some storage is technically required to provide a function you actively request and is therefore used without consent:

  • Colony counter usage limit: for anonymous visitors on the public colony counter, a signed cookie (lab_laps_cc_quota) records how many free AI counts you have used. If you are signed in, the count is stored in your account preferences on our server (user_preferences) so the limit applies across browsers and devices. These records store only a usage counter, not plate images.
  • Colony counter session: your current image and detections may be stored locally in your browser so your work is not lost if you reload. This data stays on your device and is cleared when you reset the tool.
  • Authentication: if you sign in, our authentication provider sets cookies/storage needed to keep you securely signed in.

Error monitoring (not controlled by analytics consent). To keep the website stable and secure, we use Sentry for client- and server-side error reporting when faults occur. This processing is based on legitimate interest and is separate from the optional analytics tools described below.

6. Analytics, Performance, and Error Monitoring

Optional analytics (consent required). If you consent, we use providers such as PostHog, Vercel Analytics, and Vercel Speed Insights to understand usage and technical performance.

  • PostHog: product analytics and pageview/event measurement.
  • Vercel Analytics: aggregate website traffic insights.
  • Vercel Speed Insights: website performance and web vitals metrics.

Error monitoring (Sentry). Independently of analytics consent, we use Sentry (Functional Software, Inc.) to collect error reports, performance traces, and related diagnostic logs when the website or our server code fails or degrades. This may include technical data such as IP address, browser and device information, page URL, stack traces, and account identifiers when you are signed in, to help us reproduce and fix issues. Error monitoring is disabled during local development on localhost.

7. Colony Counter (Image Processing)

The free online colony counter lets you upload, select, or capture a plate image and run AI-assisted counting. When you click to count, the prepared image is sent through our backend to an image-analysis (inference) service that detects colonies and returns detection data. This happens only when you actively start a count.

We use the image to provide the count you requested and to operate and secure the feature. We do not use colony counter images for advertising. We do not require an account to use the web tool, and we do not knowingly associate web colony counter images with your identity. Please do not upload confidential, proprietary, regulated, or personal data unless you have the right to do so and are comfortable with the processing described here.

Images are processed transiently to return a result and are not used to build a public profile of you. Retention at the inference service is limited to what is needed to provide and secure the feature.

Signed-in workspace colony counter. When you are signed in and use /app/colony-counter, plate images and related project data may be stored in your account and synced with the Lab Laps app. When you request an AI count, images are sent for inference as described above. Additional uses of synced colony images (including model improvement where permitted) are described in our mobile app Privacy Policy and mobile app Terms of Service, which also apply to synced workspace data linked to your account.

8. Signed-In Workspace, Browser Storage, and Sync

When you use signed-in workspace features (for example /app/colony-counter), project data may be stored in your browser and synced to our backend (Supabase) so it can be available across sessions, browsers, and devices and with the Lab Laps app where supported. Plate images for synced projects are stored in cloud storage linked to your account.

Browser-side copies (for example local storage) can be cleared if you reset site data, use private browsing, or switch browsers. Sync depends on connectivity and service availability; conflicts or delays can occur. You are responsible for keeping backups of important data. Liability for data loss, sync failures, and tool accuracy is addressed in our Terms of Service.

9. Recipients and Processors

We do not sell personal data. We may disclose data to processors that support website operation under contractual safeguards, including:

  • Hosting / website delivery: Vercel.
  • Image-analysis (inference) service: processes colony counter images to return counts.
  • Supabase: backend, authentication, and storage used for sign-in and shared-project links.
  • hCaptcha (Intuition Machines, Inc.): bot and abuse protection on sign-in.
  • Stripe: payment processing for web subscriptions purchased on the website.
  • Google: if you choose to sign in with Google.
  • Sentry (Functional Software, Inc.): error monitoring, crash reporting, and performance diagnostics for the website.
  • Analytics (opt-in only): PostHog, Vercel Analytics, Vercel Speed Insights.

We may also disclose data where required by law, court order, or to protect rights, security, and service integrity.

10. International Data Transfers

Some providers may process data outside your country, including outside the EEA/UK. Where required, transfers rely on appropriate safeguards (for example Standard Contractual Clauses) and supplementary measures.

11. Retention Periods

We retain personal data only as long as needed for stated purposes, including security, service operation, legal compliance, and dispute handling.

  • Server/security logs: typically short to medium retention, depending on security needs
  • Error-monitoring data: according to Sentry retention settings, typically limited retention for diagnostic events
  • Consent preference data: until changed or cleared by you
  • Colony counter images: processed transiently to return a count; not retained longer than needed to provide and secure the feature
  • Colony counter anonymous usage-limit cookie: up to 12 months
  • Signed-in colony counter usage counter: while your account is active
  • Signed-in workspace and synced tool data: while your account is active, subject to in-app deletion and account deletion requests
  • Account data: while your account is active, then deleted or anonymized subject to legal retention
  • Analytics data: according to provider retention settings and your consent status
  • Contact communications: as needed to handle your request and legal obligations

12. Your Rights Under GDPR

Subject to legal conditions, you may have rights to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

You also have the right to lodge a complaint with a competent supervisory authority, especially in your habitual residence, place of work, or place of alleged infringement.

13. Data Security

We implement reasonable technical and organizational measures to protect personal data, including encryption in transit (HTTPS/TLS). However, no internet transmission or storage system is fully secure.

14. Contact

For privacy-related requests, contact us at support@lablaps.com. We may ask for verification before fulfilling requests.

15. Policy Updates

We may update this Privacy Policy from time to time. Material updates will be published on this page with an updated effective date.

Third-party privacy policies: PostHog · Vercel · Supabase · hCaptcha · Google · Stripe · Sentry