Privacy Policy

Summary

• We do not require accounts and do not ask You for any personal information.
• sigscape sets no cookies of its own and runs no analytics, advertising, or third-party tracking scripts.
• Files You load into the studio are processed entirely in Your browser and are never sent to Us.
• The only information that reaches Us is the standard server-log data that any website's hosting provider records to serve and secure the site.

Definitions

• Personal Data (or "Personal Information") means any information that relates to an identified or identifiable natural person. We use the terms interchangeably unless a specific law requires otherwise.
• Usage Data means data collected automatically through the operation of the Service, such as IP addresses, browser type, pages visited, and visit timestamps.
• Browser Storage means data stored locally on Your Device by Your web browser, such as localStorage and sessionStorage.
• Service refers to the sigscape website at sigscape.org and the sigscape studio.
• You means the individual accessing or using the Service.

Information We Collect

Usage Data (Automatically Collected)

When You visit sigscape, Our infrastructure providers — Cloudflare, Inc. (DNS, CDN, and security) and Vercel, Inc. (hosting) — automatically record standard server-log and network information in the course of serving and securing the site, including:

• Your device's Internet Protocol (IP) address
• Browser type and version
• Pages requested, time and date of the request, and time spent on pages
• Referring URL
• Device type and operating system
• TLS/SSL connection metadata

This data is recorded to ensure the reliable operation of the Service, to monitor for abuse, and to keep the site secure. sigscape itself does not include any analytics service (such as Google Analytics), advertising network, or third-party tracking script; the only collection is the standard logging performed by Vercel and Cloudflare as part of hosting and securing the site.

Personal Data

sigscape does not require You to create an account, provide an email address, or submit any personal information to use the Service. We do not collect names, email addresses, or other directly identifying information through normal use of the site. The only Personal Data that may be processed is the IP address contained in the server logs described above.

Genomic and Scientific Data

The sigscape studio runs entirely in Your browser. Any files You load (for example VCF, MAF, BED, SBS-96 matrices, or exposure tables) are read and processed locally on Your Device using the browser's JavaScript File API. No file You load — genomic or otherwise — is transmitted to, received by, or stored on Our servers at any point.

The studio also ships with a small set of example datasets derived from published or publicly released data. These are bundled static files served like any other page asset; loading them sends Us no information about You beyond the standard request log.

Cookies and Browser Storage

sigscape does not set any cookies of its own, and it does not use advertising, remarketing, or cross-site tracking cookies. It uses a minimal set of browser-storage items, all strictly functional and all stored only on Your Device — none are transmitted to Our servers. No consent banner is shown because none of these items require consent.

These Cloudflare cookies are administered by Cloudflare as part of delivering and securing the site; they are strictly necessary and are not used by Us for analytics, advertising, or tracking.

Because every storage item described here is strictly necessary for the functionality it supports, it falls within the “strictly necessary” exemption under Article 5(3) of the ePrivacy Directive (and equivalent legislation) and does not require consent.

How We Use Information

The limited information that reaches Us (server logs) is used exclusively to:

• Operate, maintain, and serve the Service
• Monitor server health, uptime, and performance
• Detect and prevent abuse, automated traffic, or unauthorised access
• Keep the Service secure

We do not use any collected information for advertising, marketing, profiling, automated decision-making, or any commercial purpose. We do not sell, rent, or trade Your information to any third party.

Client-Side Features

Several features of sigscape operate entirely within Your browser and transmit no data to Our servers:

• Studio analysis Loading, parsing, visualising, and editing mutational-spectra and exposure data all happen on Your Device. Inputs and outputs stay in Your browser.
• Export Visualisations and tables You export are generated client-side in Your browser; no data is sent to Us during export.
• Shareable URLs and view state The studio encodes its current state (open tabs, selected records, view configuration) into the URL fragment so browser navigation works and links can be shared. These parameters contain only studio state, not personal data.

Third-Party Services

Cloudflare (DNS, CDN, and Security)

sigscape's domain is managed through Cloudflare, Inc., which provides DNS resolution, TLS/SSL termination, content delivery, DDoS protection, and bot management. When You access sigscape, Your request is routed through Cloudflare's global network before reaching Our hosting provider. Cloudflare collects end-user log data — including IP addresses, HTTP request headers, and traffic metadata — to operate and secure its network, and may set the cookies described in the “Cookies and Browser Storage” section above. Cloudflare processes this data as a data processor on Our behalf. Its privacy policy is available at cloudflare.com/privacypolicy.

Vercel (Hosting)

sigscape is hosted on Vercel, Inc. After passing through Cloudflare, requests are served by Vercel's infrastructure, which records standard server logs (including IP address, request headers, and traffic metadata) and serves the site's static assets via its CDN. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

Web Fonts

sigscape uses the Outfit, Fira Code, and Space Grotesk typefaces. These fonts are downloaded at build time and self-hosted as part of the site's assets (served via Vercel's CDN); no requests are made from Your browser to any third-party font service when You visit the Service.

External Links

The Service links to external resources such as GitHub repositories, package registries (PyPI, Bioconda, CRAN), published research papers, and laboratory websites. We have no control over and assume no responsibility for the privacy practices of these external sites.

Data Retention

Server logs are retained by Vercel and Cloudflare subject to their respective data-retention policies. We do not independently store, archive, or process server logs beyond what these providers retain in the ordinary course of providing their services.

Browser-storage items remain on Your Device under Your control: the studio session-storage items are cleared when You close the tab, and the theme preference persists in local storage until You clear Your browser data. None of these are stored on Our servers.

International Data Transfers

sigscape is operated from the United States. If You access the Service from outside the United States, the Usage Data in server logs may be processed by Cloudflare at edge locations worldwide and by Vercel in the United States, where data-protection laws may differ from those of Your jurisdiction. Where required by applicable law (including the GDPR), We rely on Vercel's and Cloudflare's data-processing agreements and standard contractual clauses to safeguard international transfers.

Security

All connections to sigscape are encrypted via HTTPS/TLS, terminated at Cloudflare's edge and re-encrypted to Vercel's origin servers. Because the studio processes Your files locally and nothing is uploaded, Your scientific data never traverses Our infrastructure. We use commercially reasonable measures to protect the Service, but no method of electronic transmission or storage is completely secure, and We cannot guarantee absolute security.

Children's Privacy

sigscape is a scientific research tool and is not directed at children under 16 years of age. We do not knowingly collect Personal Data from children under 16. If You believe a child has provided Us with Personal Data, please contact Us so that We can take appropriate action.

Your Rights Under the General Data Protection Regulation (GDPR)

If You are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, You have rights under the GDPR and equivalent local legislation.

Legal Basis for Processing

To the extent We process any Personal Data (primarily IP addresses in server logs via Vercel and Cloudflare), Our legal basis is:

• Legitimate interests (Article 6(1)(f) GDPR): We process server-log data for the legitimate purposes of operating, securing, and maintaining a free academic resource. This processing is minimal, does not involve profiling, and does not override Your fundamental rights and freedoms.

For browser storage: every item used by sigscape falls within the “strictly necessary” exemption under Article 5(3) of the ePrivacy Directive, as each is required for the Service to function (studio state, display preference). No consent is therefore required.

Your GDPR Rights

You have the right to:

• Access any Personal Data We hold about You.
• Rectification of inaccurate data.
• Erasure of Your Personal Data, under certain conditions.
• Restrict processing of Your Personal Data, under certain conditions.
• Data portability — request transfer of Your data in a structured, machine-readable format.
• Object to processing of Your Personal Data based on legitimate interests.
• Not be subject to automated decision-making , including profiling, that produces legal effects. sigscape does not engage in automated decision-making or profiling of any kind.

To exercise any of these rights, contact Us at the address below. We will respond within one month, extendable by two further months for complex requests. If You believe Our processing of Your data violates the GDPR, You have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of Your habitual residence, place of work, or place of the alleged infringement.

Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If You are a California resident, the CCPA (as amended by the CPRA) provides You with specific rights regarding Personal Information.

Categories of Personal Information Collected

In the preceding twelve (12) months, the only category of Personal Information that may have been collected is:

• Internet or similar network activity IP addresses and request metadata, recorded automatically in server logs by Vercel and Cloudflare.

We do not collect sensitive Personal Information as defined under the CPRA.

Sale and Sharing of Personal Information

We do not sell Your Personal Information. We do not "share" Your Personal Information for cross-context behavioural advertising as defined under the CPRA. We have not sold or shared Personal Information in the preceding twelve (12) months.

Your CCPA/CPRA Rights

• Right to know what Personal Information We collect, use, and disclose.
• Right to delete Personal Information We have collected from You, subject to certain exceptions.
• Right to correct inaccurate Personal Information.
• Right to opt-out of sale or sharing We do not sell or share Personal Information; should this ever change, We will provide a "Do Not Sell or Share My Personal Information" link.
• Right to non-discrimination We will not discriminate against You for exercising Your rights.

To exercise these rights, contact Us at the address below. We will respond within 45 days, extendable by an additional 45 days where reasonably necessary.

California Online Privacy Protection Act (CalOPPA) and Do Not Track

In compliance with CalOPPA:

• Users can visit sigscape anonymously. No registration is required to access the Service.
• This Privacy Policy is linked from the site footer.
• You will be notified of Privacy Policy changes on this page via the "Last updated" date.

Do Not Track Signals

sigscape does not operate any analytics or tracking service and does not track users across third-party websites. We honour Do Not Track (DNT) browser signals in the sense that We have no tracking infrastructure to disable. Our infrastructure providers (Vercel, Cloudflare) may process standard server/network logs regardless of DNT settings as part of providing their services; consult their respective privacy policies for details.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage You to review this page periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

Contact Us

If You have questions about this Privacy Policy or wish to exercise any of Your data-protection rights, please contact: