Privacy Policy

Effective Date: March 16, 2026  ·  Last Updated: March 16, 2026

Co-PI Labs, Inc. ("Co-PI," "we," "us," or "our") operates the Co-PI scientific workspace available at copilabs.ai and related websites, applications, chat interfaces, notebooks, file-upload features, collaboration tools, and related services (collectively, the "Services").

This Privacy Policy explains how we collect, use, disclose, and protect information about you when you access or use our Services.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope

This Privacy Policy applies to information we collect:

  • when you visit our website;
  • when you create an account or use the Services;
  • when you upload, submit, store, share, or generate content through the Services;
  • when you communicate with us; and
  • when we receive information from third parties, service providers, or integrations connected to the Services.

This Privacy Policy does not apply to third-party websites, services, or applications that are not owned or controlled by Co-PI, even if they are linked to or integrated with the Services.

2. Information We Collect

We collect information you provide directly and information generated through your use of Co-PI.

Account Data

We may collect information such as your name, email address, institution, company, lab, team information, username, password, account credentials, billing information, subscription information, and transaction details when you register for or use the Services.

Lab Content and Workspace Content

Because Co-PI is designed as a scientific workspace, we collect and process content you create, upload, store, submit, or generate through the Services, including:

  • notebooks, protocols, project plans, reports, and experimental notes;
  • datasets, spreadsheets, code, scripts, figures, images, attachments, and other files;
  • prompts, chat messages, instructions, AI interactions, and generated outputs;
  • comments, edits, shared workspace content, and collaboration history; and
  • metadata associated with uploaded, stored, or generated content.

Some of this information may be confidential, proprietary, prepublication, commercially sensitive, technically sensitive, or otherwise sensitive. You are solely responsible for the information you choose to upload or submit to the Services and for ensuring that you have all rights, permissions, consents, and legal authority necessary to do so.

Usage Data

We may collect information about how you use the Services, including pages visited, features used, session duration, interactions with the AI collaborator, workspace activity, and other product usage data.

Device and Technical Data

We may collect technical information such as IP address, browser type and version, device identifiers, operating system, referral URLs, approximate location derived from IP address, logs, diagnostics, crash data, and performance information.

Cookies and Similar Technologies

We and our service providers may use cookies, local storage, session tokens, preference cookies, analytics identifiers, pixels, and similar technologies to operate the Services, remember preferences, authenticate users, analyze usage, improve functionality, and maintain security. You may be able to control certain cookie settings through your browser, though disabling essential cookies may affect Service functionality.

Information From Third Parties

We may receive information from third parties, including payment processors, analytics providers, authentication and identity providers, cloud hosting, infrastructure, and storage providers, security and fraud-prevention vendors, integrations and third-party tools you authorize, affiliates, business partners, or publicly available sources.

3. How We Use Your Information

We may use collected information to:

  • provide, operate, maintain, and improve the Services;
  • create and manage accounts and workspaces;
  • process transactions, subscriptions, and billing;
  • authenticate your account and maintain session security;
  • enable collaboration, sharing, and workspace administration;
  • process prompts, files, and other submitted content to provide requested outputs and features;
  • power AI features, including context-aware assistance across notebooks, files, and workspace content;
  • generate analyses, reports, summaries, visualizations, drafts, and other outputs;
  • respond to support requests, feedback, and communications;
  • send transactional emails, including account confirmations, password resets, billing notices, product updates, and security alerts;
  • troubleshoot issues, improve performance, and monitor reliability;
  • analyze aggregate usage trends and product usage to improve product quality and functionality;
  • detect, investigate, prevent, and address fraud, abuse, malicious code, malicious use, unauthorized access, policy violations, illegal activity, and security incidents;
  • enforce our Terms of Service and other legal terms;
  • comply with legal obligations, legal process, subpoenas, court orders, or governmental requests; and
  • protect the rights, property, safety, integrity, and security of Co-PI, our users, service providers, and the public.

We do not sell your personal information or your research data for monetary consideration.

4. AI Features and Service Processing

Co-PI includes AI-powered features that process user inputs and associated content to generate outputs. In connection with those features:

  • prompts, uploaded files, notebook content, messages, and related context may be processed by Co-PI and by third-party vendors or subprocessors acting on our behalf;
  • content may be transmitted to and processed by third-party infrastructure, hosting, storage, model, analytics, security, and support providers as reasonably necessary to operate the Services;
  • authorized personnel and service providers may access information when reasonably necessary for support, security, abuse prevention, incident response, debugging, maintenance, legal compliance, or product improvement; and
  • AI-generated outputs may be inaccurate, incomplete, misleading, or inappropriate and must be independently reviewed and validated by users.

Use of the Services does not guarantee that AI outputs are correct, reproducible, fit for any particular purpose, or suitable for scientific, technical, legal, regulatory, clinical, commercial, or publication-related use.

Where we state that content is not used to train external models under our agreements, that statement applies only to the extent provided in our then-current agreements with the applicable provider and does not create any broader obligation beyond those agreements.

5. Sensitive Research, Lab, and Technical Data

Co-PI is designed for scientific and technical workflows. Users may upload research materials, laboratory notes, protocols, datasets, code, analyses, prepublication materials, and other potentially sensitive information.

You acknowledge and agree that:

  • you are responsible for deciding what information to upload to the Services;
  • you must not upload information unless you have all necessary rights, permissions, authorizations, and legal bases to do so;
  • you remain responsible for complying with all applicable laws, contractual obligations, confidentiality obligations, institutional rules, sponsor restrictions, export controls, privacy requirements, grant conditions, and internal policies that apply to your information; and
  • unless expressly agreed by Co-PI in a separate written agreement, the Services are not represented or warranted to satisfy any specific legal, regulatory, institutional, governmental, clinical, or industry-specific compliance framework.

Unless expressly agreed by Co-PI in a separate written agreement, users should not submit to the Services any information subject to specialized legal or regulatory handling requirements, including protected health information, controlled technical data, export-controlled information, classified information, or personal data requiring heightened statutory protections.

You should not rely on the Services as your sole method of storing, backing up, preserving, or protecting important or sensitive information.

6. No Special Confidentiality Relationship

Submission of information to the Services does not by itself create any fiduciary duty, professional duty, evidentiary privilege, or special confidentiality obligation on the part of Co-PI beyond those expressly stated in our Terms of Service, this Privacy Policy, or a separate written agreement signed by Co-PI.

7. Data Sharing and Third Parties

We may disclose information in the following circumstances:

Infrastructure Providers, Vendors, and Subprocessors

We may share information with cloud hosting providers, databases, content delivery networks, storage providers, analytics providers, payment processors, authentication providers, model providers, communications providers, customer support providers, security vendors, contractors, and other vendors or subprocessors that process data on our behalf under contractual or operational safeguards we consider appropriate.

AI Model Providers

Prompts, uploaded files, and relevant context may be sent to third-party large language model or AI API providers to generate responses and outputs. Content may be transmitted securely and processed as reasonably necessary to provide the Services.

Analytics Services

We may share aggregated, anonymized, or de-identified usage data for analytics, benchmarking, product analytics, security, research, marketing, and product improvement, provided that such information does not identify you personally.

Team Accounts, Collaborators, and Administrators

If you use the Services through a team, lab, company, institution, or other organizational account, your content and account information may be accessible to authorized administrators, owners, billing contacts, and collaborators based on applicable settings, permissions, and workspace features.

Integrations and User-Directed Sharing

If you enable third-party integrations or choose to share content through the Services, we may disclose information as necessary to provide those features and according to your instructions.

Legal, Security, and Enforcement Reasons

We may access, preserve, use, and disclose information if we believe in good faith that doing so is necessary or appropriate to:

  • comply with applicable law, regulation, legal process, subpoena, court order, or governmental request;
  • enforce our Terms of Service or other agreements;
  • detect, investigate, prevent, or address fraud, abuse, malicious code, malicious use, unauthorized activity, security incidents, or technical issues;
  • protect the rights, property, safety, integrity, or security of Co-PI, our users, service providers, or the public; or
  • respond to emergencies or legal claims.

Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, bankruptcy, dissolution, sale of assets, or other corporate transaction, including during related diligence and subject to any protections we determine are appropriate.

8. Data Security and Retention

We implement commercially reasonable administrative, technical, and organizational measures designed to help protect information, including encryption in transit where appropriate. However, no method of transmission over the internet, electronic storage, or security control is completely secure, and we do not guarantee absolute security.

You are responsible for safeguarding your credentials, limiting access to your account and devices, and promptly notifying us of any suspected unauthorized access, misuse, or security incident involving your account.

Code execution in Co-PI may, in some cases, run locally in your browser or device environment, including through technologies such as WebAssembly. However, other features, including storage, synchronization, AI features, collaboration features, backups, and server-side processing, may involve transmission to and processing on Co-PI or third-party systems. You should not assume that all computations or all data remain solely on your local machine.

We retain your account data and content for as long as reasonably necessary to provide and operate the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce our agreements, and protect our legitimate business interests.

If you delete your account, we may delete or anonymize applicable personal data within a commercially reasonable period, including up to 90 days or longer where required for backups, logs, legal compliance, fraud prevention, dispute resolution, security, or other legitimate business purposes. Even if content is deleted, copies may remain for a period of time in backups, caches, or archives.

9. Your Rights and Choices

Depending on your location and use of the Services, you may have the ability to:

  • access, update, or correct certain account information;
  • request a copy of certain personal data we hold about you;
  • request deletion of certain personal data and research content;
  • export certain notebooks and data in supported formats;
  • object to certain processing activities where applicable;
  • close your account;
  • opt out of certain promotional communications; and
  • manage cookie preferences through your browser or device settings.

To exercise any of these rights, contact us at privacy@copilabs.ai.

We may need to verify your identity before processing a request, and we may deny or limit requests where permitted by law. We may also retain certain information where necessary for legal, security, compliance, fraud-prevention, backup, operational, or legitimate business purposes.

10. U.S. State Privacy Rights

Depending on your state of residence, you may have certain rights under applicable privacy laws, which may include the right to request access to, correction of, deletion of, or information about certain personal information we collect, use, or disclose.

To submit a request, contact us at privacy@copilabs.ai. We may need to verify your identity before processing a request, and we may deny or limit requests where permitted by law.

Co-PI does not sell personal information for monetary consideration. However, certain privacy laws define "sale," "sharing," or "targeted advertising" broadly, and your rights may vary depending on your jurisdiction and our practices at the relevant time.

11. International Data Transfers

Your information may be stored, processed, and transferred in the United States and other countries where Co-PI, its affiliates, or its vendors and subprocessors operate. These jurisdictions may have data protection laws that differ from those of your location.

By using the Services, you acknowledge that your information may be transferred to and processed in jurisdictions outside your own.

12. Cookies and Tracking

We use essential cookies and similar technologies to maintain your authenticated session, preferences, security settings, and core Service functionality. We may also use analytics cookies and similar technologies to understand how users interact with Co-PI and to improve the Services.

You can control cookie preferences through your browser settings, though disabling essential cookies may affect functionality.

Some browsers offer a "Do Not Track" setting. Because there is no universally accepted standard for responding to such signals, the Services may not respond to Do Not Track requests.

13. Children's Privacy

Co-PI is intended for professional, academic, research, and business use and is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take reasonable steps to delete it.

14. Third-Party Services

The Services may contain links to or integrations with third-party websites, tools, applications, or services. We are not responsible for the privacy, security, content, or practices of third parties. Your use of third-party services is governed by their own terms and privacy policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last Updated" date above. If required by law or if we determine additional notice is appropriate, we may also provide notice by email or through the Services.

Continued use of Co-PI after any changes become effective constitutes your acknowledgment of the updated Privacy Policy.

16. Contact

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Co-PI Labs, Inc.
Email: privacy@copilabs.ai