Privacy Policy
Last updated: July 2025
1. Data Controller
Francisco Javier Lobo-Cabrera
41004 Sevilla, Spain
Contact: info@qmosaic.org
2. What Data We Collect & Purpose of Processing
We process your personal data only for the operation of this research-oriented community site:
- Account data: Name, e-mail address, optional academic affiliation, and the IP address used at sign-up (to prevent abuse).
- Google sign-in data: Google account ID, display name and e-mail (if you choose this login method).
- Forum contributions: the text you post and the public display of your name beside it.
- Image repository: protein images you submit by e-mail; your name is shown as the contributor.
- Log files & essential cookies: session identifiers and IP addresses recorded by the web server & firewall.
- Analytics cookies: (Google Analytics 4) enabled only with your explicit consent, to improve the service in aggregate.
3. Legal Basis
- Performance of a contract (Art. 6 (1)(b) GDPR): creating and managing your account; displaying your authorship on forum posts and images.
- Legitimate interest (Art. 6 (1)(f)): securing the platform, preventing abuse, and keeping permanent research assets online.
- Consent (Art. 6 (1)(a)): optional Google Analytics cookies and any future e-mail newsletters.
4. International Transfers
DigitalOcean LLC (cloud hosting, USA) and Brevo SAS (e-mail delivery, USA/EU) may process personal data outside the EEA.
We rely on the European Commission’s Standard Contractual Clauses (2021/914) and, where applicable, the EU–US Data Privacy Framework, together with technical safeguards such as end-to-end TLS encryption and zero-trust server access.
5. Security Measures
We implement a range of technical and organizational safeguards to protect personal information. These include encrypted data transmission, access restrictions on production systems, secure password storage using industry-standard hashing methods, regular backups stored off-site, and administrative access protected by multi-factor authentication. While we follow recognized best practices to maintain the security of our systems and data, no method of transmission or storage is completely secure. We continuously monitor our infrastructure and are prepared to respond promptly to potential threats or incidents..
6. User Rights
Under the GDPR you may, at any time:
- Access your personal data
- Rectify inaccurate data
- Request deletion (“right to be forgotten”)
- Object to or limit processing based on legitimate interest
- Data portability
- Withdraw consent
7. Data Retention
- Your account data remain while the account is active; if you delete it, we purge account data within 30 days.
- Forum posts and research images are stored indefinitely because they form part of the public scientific archive, but you may request their removal at any time.
- Server logs are rotated every 90 days, unless needed for security investigations.
8. Data Recipients
We never sell personal data. The following processors act under written GDPR-compliant agreements:
- Brevo SAS: ransactional e-mail service
- DigitalOcean LLC: cloud infrastructure
- Google LLC: optional identity provider & Google Analytics (independent controller)
9. Cookies
We use essential session cookies required for login. Google Analytics cookies are loaded only after you grant consent via the cookie banner. Full details appear in our Cookies Policy.
10. Children
The site’s content is suitable for all ages, but we do not knowingly process personal data of users under 14 without parental consent, in accordance with Article 7 of Spain’s LOPDGDD. If you are under 14, please ask a parent or guardian to create the account.
11. Automated Decision-Making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.
12. Complaints
If you believe your data-protection rights have been infringed, you may lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es.