Privacy Policy

Last updated: February 2026

Overview

Simply Experiment ("we", "us", or "our") operates the website at simplyexperiment.com (the "Service") and the Simply Experiment Chrome Extension (the "Extension"). This privacy policy describes how we collect, use, store, and protect your information when you use our Service and Extension.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA).

Information We Collect

Account Information

When you create an account, we collect your email address and name. This information is necessary to provide the Service and manage your lab membership.

Purchase Request Data

When you use the Service, we store data you provide including purchase requests, item details, vendor information, funding allocations, and inventory records. This data is necessary for the core functionality of the Service.

Chrome Extension Data

The Extension only collects data when you explicitly click to extract product information from a vendor website. We collect product name, catalog number, price, page URL, and vendor name. We do not collect browsing history, personal information from web pages, form inputs, passwords, or any background data.

Usage Analytics

With your consent, we collect anonymous usage analytics via Vercel Analytics to understand how the Service is used and improve it. This data does not identify individual users. You can opt out at any time via the cookie preferences on this site.

Cookies and Local Storage

We use a minimal set of storage technologies. Below is a complete list:

TechnologyCategoryPurposeDuration
Supabase Auth (localStorage)NecessaryStores your authentication session (JWT token) so you stay logged in.Session / until sign-out
Cookie consent preferences (localStorage)NecessaryRemembers your cookie consent choice so we don't ask again.Persistent
Vercel AnalyticsAnalytics (optional)Anonymous page view and usage statistics to improve the Service.Session

Necessary storage is required for the Service to function and cannot be disabled. Analytics is only enabled if you consent via the cookie banner. You can change your preferences at any time by clearing your browser's local storage for this site, which will re-display the consent banner on your next visit.

Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

  • Contract performance: Processing your account and purchase request data is necessary to provide the Service you signed up for.
  • Consent: Analytics data is only collected with your explicit consent, which you can withdraw at any time.
  • Legitimate interest: Security measures such as rate limiting to protect the Service from abuse.

Your Privacy Rights

GDPR Rights (EU/EEA Users)

If you are located in the EU or EEA, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your personal data
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent

CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information is collected and how it is used
  • Delete your personal information
  • Opt out of the sale or sharing of personal information
  • Non-discrimination for exercising your privacy rights

We do not sell or share your personal information as defined under the CCPA/CPRA.

Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase with row-level security policies. All data transmission uses HTTPS encryption. Authentication uses secure JWT tokens. We implement rate limiting and security headers to protect against common attack vectors.

The Chrome Extension stores authentication tokens and cached data locally using Chrome's secure storage API. This data is cleared when you sign out or remove the extension.

Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and database hosting
  • Vercel — Application hosting and analytics (with consent)
  • Resend — Transactional email delivery (notifications, verification)

We do not sell, trade, or otherwise transfer your information to any parties beyond those necessary to operate the Service. Your data is only accessible to you and authorized members of your laboratory group within Simply Experiment.

Data Retention

We retain your account data and purchase request history for as long as your account exists. You may request deletion of your account and associated data at any time by contacting us.

Chrome Extension Permissions

The Extension requests the following browser permissions:

  • storage: To save your authentication and preferences locally
  • activeTab: To read the current page when you click extract
  • scripting: To parse product information from vendor pages
  • sidePanel: To provide the TDX integration interface
  • Host permissions (all URLs): Because laboratory researchers purchase from hundreds of different vendor websites, the extension needs access to extract product data from any site. This access is only used when you explicitly click to extract.

Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. If we make material changes, we will notify users through the Service.

Contact

If you have questions about this privacy policy or wish to exercise your privacy rights, please contact us through the Simply Experiment web application.