Privacy Policy
Last updated: 2026-04-19
1. Overview
Fibrosis-Inflammation Lab ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. This policy applies to visitors of https://www.fibrosis-inflammation.com and its subdomains.
2. Data Controller
Fibrosis-Inflammation Lab is an independently operated knowledge hub covering fibrosis and inflammation drug discovery. It is not affiliated with or operated on behalf of any employer, CRO, or institution. For any privacy-related inquiry, please contact us via our contact form.
3. Personal Data We Collect
We collect the following categories of personal data:
- Contact form submissions: Name, email address, subject, and message content you submit via the contact form.
- Newsletter subscriptions: Email address and preferred language (EN/JP), submitted when you subscribe to our newsletter.
- Analytics and session data: Pseudonymized usage data collected via Google Analytics 4 and Microsoft Clarity: pages viewed, clicks, scroll depth, approximate location (country/region), device/browser type, and anonymized session recordings (Clarity). IP addresses are anonymized or truncated before storage.
- Server logs: Standard HTTP request logs retained by our hosting provider (Vercel), including IP address, user agent, and request path. Used for security, debugging, and abuse prevention.
- Cookies and similar technologies: See Section 7 for the full cookie list and retention details.
4. Legal Bases for Processing (GDPR Art. 6)
We process personal data on the following lawful bases:
- Consent (Art. 6(1)(a)): Newsletter subscription; non-essential cookies (analytics and session recording).
- Legitimate interests (Art. 6(1)(f)): Responding to contact form submissions; securing the site against abuse; aggregated analysis of how the site is used when you have consented to analytics.
- Legal obligation (Art. 6(1)(c)): Responding to lawful requests from competent public authorities.
5. How We Use Your Data
- Respond to inquiries submitted via the contact form.
- Send newsletter emails up to twice a month, only after explicit subscription.
- Understand which content and features are useful, to improve the site — only if you consent to analytics cookies.
- Detect and prevent abuse, spam, and security incidents.
- Comply with applicable laws and respond to valid legal process.
6. Third-Party Service Providers (Subprocessors)
We rely on the following subprocessors to operate this site. US-based providers listed below are certified under the EU-US Data Privacy Framework (DPF) or rely on Standard Contractual Clauses (SCCs).
| Provider | Purpose | Location | Safeguards |
|---|---|---|---|
| Vercel, Inc. | Website hosting and CDN | United States | EU-US DPF, SCCs |
| Google LLC (Google Analytics 4) | Privacy-respecting web analytics | United States | EU-US DPF, IP anonymization |
| Microsoft Corporation (Clarity) | User behavior analytics (heatmaps, anonymized session recordings) | United States | EU-US DPF |
| Resend Inc. | Transactional and newsletter email delivery | United States | SCCs |
| Cloudflare, Inc. | DNS, DDoS protection, network security (via Vercel) | United States | EU-US DPF, SCCs |
7. Cookies and Similar Technologies
We use the following cookie categories. Non-essential cookies are set only after you give consent via our cookie banner.
| Cookie | Provider | Purpose | Category | Retention |
|---|---|---|---|---|
| _ga, _ga_* | Google Analytics | Distinguish users and sessions | Analytics | Up to 2 years |
| _clck, _clsk | Microsoft Clarity | User behavior analytics | Analytics | Up to 1 year |
| __vc_* | Vercel | Visitor identification for deployment metrics | Essential | Session |
| fi_cookie_consent | This site | Store your cookie consent choice | Essential | 12 months |
You can change or withdraw consent at any time by clicking "Cookie preferences" in the footer.
8. International Data Transfers
Most subprocessors listed above are located in the United States. Where personal data is transferred outside the European Economic Area (EEA) or the United Kingdom, we rely on (i) the EU-US Data Privacy Framework for certified US recipients and/or (ii) Standard Contractual Clauses (SCCs) adopted by the European Commission, together with supplementary measures where appropriate.
9. Retention Periods
- Contact form submissions: up to 24 months after our last correspondence, then deleted or anonymized.
- Newsletter subscriptions: retained until you unsubscribe; unsubscribe records kept for up to 3 years for audit and deliverability purposes.
- Analytics data: aggregated and retained for up to 14 months (GA4 default); Clarity session data up to 1 year.
- Server logs: up to 30 days.
10. Your Rights (GDPR / UK GDPR)
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten") where applicable.
- Restrict or object to processing, including direct marketing.
- Data portability, where applicable.
- Withdraw consent at any time, without affecting prior lawful processing.
- Not be subject to automated decision-making that produces legal effects. We do not perform such decision-making.
- Lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority in the EEA, the ICO in the UK, or the PPC in Japan).
To exercise any of these rights, please contact us via our contact form. We will respond within 30 days (extendable by up to 60 days for complex requests, as permitted by GDPR Art. 12).
11. Security
We use industry-standard technical and organizational measures to protect your data, including HTTPS for all traffic, scoped API keys, access controls, and reliance on SOC 2 / ISO 27001 certified infrastructure providers. No method of transmission or storage is fully secure; please use the contact form for routine inquiries rather than submitting highly sensitive data.
12. Children's Privacy
This site is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data, please contact us and we will delete it.
13. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Significant changes will be highlighted on this page with an updated "Last updated" date. Please review this page periodically.
14. Contact
For any questions about this Privacy Policy or how we handle your personal data, please contact us via our contact form.