法律条款

NYB.AI Privacy Policy

Effective Date: 01 April 2026
Version: 2.0 (Stripe Integration Update)

NYB.AI ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Drug Discovery platform, Vecura, and our Natural Compound Library, Vecurate (collectively, the "Services").

This policy applies to information collected through our website, our cloud-based platform, and in the course of our business operations, including through email, forms, and other electronic messages.

Please read this privacy policy carefully. By accessing or using our Services, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect several types of information from and about users of our Services, including:

Personal Data

Information that identifies, relates to, or could be associated with an individual. We collect this information directly from you when you provide it to us, such as through forms on our website or within the Vecura/Vecurate platforms. This may include:

  • Contact Information: First and last name, email address, organization name, and job title.

  • Communications: Information you provide when you contact us for support or with inquiries.

  • Payment Information: When you pay for our Services, we collect billing details such as billing address and payment method identifiers. Payment card information is processed directly by Stripe, our payment processor, and is not stored on our systems.

Life Science Data

This is the core data you entrust to us to use our Services. It includes information related to drug discovery, such as compound structures, protein targets, peptide sequences, and related research data. This data generally does not constitute Personal Data under applicable privacy laws because it typically does not relate to an identified or identifiable natural person. However, we treat it with the same high level of security and confidentiality.

Usage Data

When you use our Services, we may automatically collect information about your device and how you interact with our platform. This may include your Internet Protocol (IP) address, browser type, operating system, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data. We use this data to analyze trends, administer the site, and improve our Services.

Cookies and Tracking Data

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

  • Provide and Maintain our Services: To deliver the Vecura and Vecurate platforms, including processing Life Science Data as instructed by you or your organization.

  • Fulfill Contracts: To perform our obligations under a contract with you, including billing and providing customer support.

  • Process Payments: To facilitate payments for Services. Payment details are transmitted directly to Stripe, and we only receive confirmation of payment status.

  • Improve and Analyze: To understand how our Services are used, to identify usage trends, and to improve the functionality, performance, and security of our platforms. This is in our legitimate interest to develop our business and provide better services.

  • Communicate with You: To respond to your comments, questions, and requests, and to provide customer service. We may also send you technical notices, updates, security alerts, and support and administrative messages.

  • Marketing: With your consent (where required by law), we may send you information about our products, services, and events. You can opt-out of receiving these communications at any time by following the unsubscribe instructions in the email or by contacting us directly.

  • Legal Obligations: To comply with applicable laws, regulations, and legal processes.

Data Minimization: We collect and process only the Personal Data reasonably necessary to provide, maintain, and improve our Services.

3. Legal Bases for Processing

Where required under applicable data protection laws such as the General Data Protection Regulation (GDPR), we process Personal Data based on one or more of the following legal bases:

  • Contractual Necessity: Processing necessary to provide the Services and fulfill our contractual obligations.

  • Legitimate Interests: Processing necessary to operate, maintain, and improve our Services, provided such interests are not overridden by your data protection rights.

  • Consent: Where you have provided consent for specific processing activities, such as receiving marketing communications.

  • Legal Obligations: Processing necessary to comply with applicable laws and regulations.

4. How We Share Your Information

We do not sell your Personal Data. We may share your information in the following circumstances:

  • Service Providers (including Stripe): We engage trusted third-party service providers to assist in operating our Services. This includes:

    • Stripe, Inc. (USA) for payment processing. When you make a payment, your billing information and payment card details are transmitted directly to Stripe. We do not store full card numbers. Stripe’s use of your information is governed by its own privacy policy.

    • Other providers such as cloud infrastructure (Google Cloud Platform), analytics, and customer support tools, which process Personal Data only on our behalf under strict contractual obligations.

  • With Your Consent: We may share or disclose your information for any other purpose with your consent.

  • Affiliates and Business Transfers: We may share information with our affiliates. In the event of a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5. International Data Transfers

Your information, including Personal Data, may be transferred to—and stored on—servers located outside your country of residence.

  • Our Cloud Service: When you use our cloud-based offering, your data is processed and stored on our dedicated servers located in Singapore.

  • On-Premise Deployment: For clients who choose this option, the Vecura platform and all associated data are deployed and stored entirely on servers located within the client’s chosen premises or through infrastructure selected and controlled by the client, remaining under their control.

  • Stripe Processing: Stripe operates globally and may process data in the United States or other jurisdictions where it maintains facilities. Stripe participates in the EU-U.S. Data Privacy Framework and implements Standard Contractual Clauses for data transfers from the EEA, UK, and Switzerland.

Where Personal Data is transferred across borders, we implement appropriate safeguards required under applicable data protection laws to protect such data.

6. Data Security

We have implemented appropriate technical and organizational security measures designed to protect your information from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include:

  • Encryption of data in transit (TLS) and at rest.

  • Multi-factor authentication (MFA) for access to internal systems.

  • Regular security assessments, logging, and monitoring.

  • Established incident response procedures.

  • Regular backups of critical data.

While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. In the event of a confirmed security incident affecting Personal Data, we will notify affected customers without undue delay and take reasonable steps to mitigate the impact.

7. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

  • Contact and Communications Data: Retained for the duration of our business relationship plus up to 3 years thereafter to address any follow-up issues, unless a longer retention period is required by law.

  • Payment Information: Billing details processed via Stripe are retained by Stripe in accordance with its retention policies. We retain only transaction identifiers and billing addresses as needed for tax and accounting purposes for up to 7 years as required by Singapore law.

  • Usage Data: Typically retained for up to 26 months, except where needed for security or service improvement.

  • Life Science Data: Retained according to the terms of your specific contract. Upon termination of the agreement, we will provide a copy of your data and delete it from our active systems within 30 days, unless legal retention obligations require otherwise.

After the retention period, Personal Data will be securely deleted or anonymized.

8. Your Data Protection Rights (GDPR & Others)

If you are located in the European Economic Area (EEA) or other regions with similar laws, you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

You have the following rights:

  • Access: To request copies of your Personal Data.

  • Rectification: To correct inaccurate or incomplete information.

  • Erasure (Right to be Forgotten): To request deletion of your Personal Data, under certain conditions.

  • Restriction of Processing: To request that we restrict processing of your Personal Data.

  • Object to Processing: To object to processing based on legitimate interests or direct marketing.

  • Data Portability: To request transfer of your Personal Data to you or another organization.

  • Withdraw Consent: Where we rely on consent, to withdraw it at any time.

To exercise any of these rights, please contact us at office@nanyangbiologics.com. We may ask you to verify your identity before responding to such requests. We will respond to all legitimate requests within 30 days.

9. Data Deletion Requests

You may request the deletion of your Personal Data at any time.

  • How to Submit a Request: Please submit your request by emailing office@nanyangbiologics.com with the subject line "Data Deletion Request." In your email, please clearly state your full name, the email address associated with your account, and your organization name to help us verify your identity.

  • Our Process: Upon receiving your request, we will verify your identity. Once verified, we will initiate the deletion of your Personal Data from our active systems and direct our service providers to do the same. Deletion from backups will occur during their next scheduled cycle. We will confirm the completion of your request within the required timeframe.

  • Logging Deletion Requests: We log all data deletion requests for audit and compliance purposes. Our log includes the following information, which is maintained securely and used only for these purposes:

    • Date and time of the request.

    • Requestor's name and email address.

    • Method of request (e.g., email).

    • Date of verification.

    • Date of completion.

10. Children’s Privacy

Our Services are not intended for anyone under the age of 18. We do not knowingly collect Personal Data from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. For material changes, we will provide a more prominent notice, such as an email notification. You are advised to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By Email: office@nanyangbiologics.com

  • By Mail: NYB.AI

    32, PEKIN STREET, #05-01, Singapore 048762

  • Review Cycle: This policy will be reviewed annually or as required by changes in law, technology, or our business practices.