Home / Privacy Policy

Privacy Policy

How Squirrel Research LLC collects, uses, and protects your information.

Effective Date: June 14, 2026  ·  Last Updated: June 14, 2026

This Privacy Policy describes how Squirrel Research LLC ("Squirrel Research," "we," "us," or "our") collects, uses, and discloses information about you when you access or use the NiDB hosted service ("Service"). This policy applies to information Squirrel Research collects about you as a subscriber and user of the Service — not to the research data or other content you store within your NiDB instance, which is governed by your own data governance policies and our Terms of Service.

1. Scope and Important Distinctions

What this policy covers: Information Squirrel Research collects about account holders, administrators, and end users — such as contact information, billing data, and usage logs.

What this policy does not cover: The content of your data (research data, subject records, files) stored within your NiDB instance. Squirrel Research accesses that content only as described in the Terms of Service and does not make independent use of it.

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, institutional email address, institution name, job title, and country when you register for the Service.
  • Billing information: Payment method details, billing address, and transaction history. Payment card data is processed by our third-party payment processor and is not stored on Squirrel Research systems.
  • Communications: Messages you send to Squirrel Research support, feedback you provide, and other direct communications.

2.2 Information Collected Automatically

  • Usage data: Pages and features accessed, actions performed, and timestamps of activity within your NiDB instance's administrative interface.
  • Log data: IP addresses, browser type, operating system, referring URLs, and error logs generated by your use of the Service.
  • Cookies: We use session cookies to maintain your authenticated session and preference cookies to remember your settings. We do not use advertising or cross-site tracking cookies.
  • Infrastructure telemetry: Resource utilization metrics (CPU, memory, storage) for your NiDB instance, used to operate and scale the Service.

2.3 Information from Third Parties

We may receive limited information from third-party services (for example, single sign-on providers configured by your institution). We use this information only to authenticate you and manage your account.

3. How We Use Your Information

Squirrel Research uses the information we collect to:

  • Provide and operate the Service: Provision and manage your NiDB instance, process your subscription, and authenticate you.
  • Communicate with you: Send transactional messages (account confirmations, invoices, maintenance notifications, security alerts) and respond to support requests.
  • Improve the Service: Analyze usage patterns to identify areas for improvement, performed on aggregate or anonymized data wherever possible.
  • Ensure security: Monitor for unauthorized access, policy violations, and security threats; investigate incidents; and enforce our Terms of Service and Acceptable Use Policy.
  • Comply with legal obligations: Retain records as required by applicable law and respond to lawful requests from government authorities.
  • Billing and financial administration: Process payments, manage renewals, and resolve billing disputes.

We do not sell your personal information to third parties. We do not use your personal information for advertising purposes.

4. How We Share Your Information

We share your information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf, including cloud infrastructure providers (Google Cloud Platform, Amazon Web Services), payment processors, email service providers, and customer support tools. These providers are contractually required to use your information only to perform services for us and to maintain appropriate security standards.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, court order, or valid legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of Squirrel Research, our customers, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of Squirrel Research's assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your account and billing information for as long as your account is active and for a period of seven (7) years following account closure, to satisfy legal, tax, and accounting obligations.

Usage logs and telemetry data are retained for up to twelve (12) months and then deleted or anonymized.

Upon termination of your subscription, your NiDB instance data is retained for thirty (30) days to allow you to export it. After this period it is securely deleted.

6. Security

Squirrel Research implements reasonable technical and organizational security measures, including encryption of data in transit (TLS) and at rest, access controls limiting who can access personal information, and regular review of our security practices.

No security measure is perfect. In the event of a security incident affecting your personal information, we will notify you within seventy-two (72) hours of confirming the incident, as described in our Terms of Service.

7. International Data Transfers

Squirrel Research is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States. For customers in the European Economic Area, United Kingdom, or Switzerland, Squirrel Research relies on Standard Contractual Clauses or other lawful transfer mechanisms. Contact us for more information.

8. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention obligations.
  • Portability: Request a machine-readable export of your personal information.
  • Objection or restriction: Object to or request restriction of certain processing activities.
  • Opt-out of communications: Unsubscribe from non-transactional communications at any time via the unsubscribe link. You cannot opt out of transactional messages (invoices, security alerts) while your account is active.

To exercise any of these rights, contact us using the information in Section 11. We will respond within the timeframe required by applicable law (generally 30 days).

9. California Privacy Rights

If you are a California resident, the CCPA as amended by the CPRA may provide additional rights, including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale or sharing of personal information. Squirrel Research does not sell or share personal information as defined under the CCPA. Contact us to exercise your rights.

10. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we may have collected such information, please contact us and we will delete it promptly.

11. Contact Us

For questions, concerns, or data rights requests related to this Privacy Policy, contact us through our contact page or through the NiDB project website:

Website: neuroinfodb.org

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email, at least fourteen (14) days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

This document should be reviewed by a licensed attorney before use.