Privacy Policy

This Privacy Policy describes how PEPSDS.AI ("Company," "we," "us," or "our") collects, uses, discloses, stores, and protects information in connection with our website, software tools, and related services, including our Safety Data Sheet generation tool that assists users in compiling and drafting Safety Data Sheets for chemical substances and research compounds (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, disclosure, and processing of your information as described herein.

1. Scope of This Privacy Policy

This Privacy Policy applies to information we collect through the Services, including when you:

• Visit or interact with our website;
• Create or use an account;
• Submit chemical, compound, research, product, or formulation information;
• Generate, revise, download, or store Safety Data Sheets;
• Communicate with us;
• Subscribe to updates, newsletters, or other communications;
• Request customer support; or
• Otherwise interact with the Services.

This Privacy Policy does not apply to third-party websites, databases, platforms, or services that we do not own or control, even if they are linked to or integrated with the Services.

2. Important Notice About Safety Data Sheet Content

Our Services are designed to assist users in generating draft Safety Data Sheets by compiling information from third-party sources, including authoritative scientific, regulatory, chemical, toxicological, environmental, transportation, and safety databases.

Where available databases do not contain sufficient information for certain Safety Data Sheet sections, the Services may use AI-assisted analysis to generate or draft content for those sections.

Generated Safety Data Sheets and related outputs require review, verification, and approval by a qualified person before use, publication, distribution, or regulatory submission. Users are responsible for confirming the accuracy, completeness, and regulatory suitability of any Safety Data Sheet or related content generated through the Services.

3. Information We Collect

We may collect the following categories of information.

A. Information You Provide to Us

We may collect information that you provide directly, including:

• Name;
• Email address;
• Company or organization name;
• Job title or role;
• Account login credentials;
• Billing and payment-related information;
• Customer support messages;
• Feedback, survey responses, or inquiries;
• Information submitted through web forms; and
• Any other information you choose to provide.

B. Account and Payment Information

If you create an account or purchase access to the Services, we may collect:

• Account profile information;
• Subscription plan details;
• Usage entitlements;
• Billing contact information;
• Transaction records;
• Payment status information; and
• Account administration information.

Payment information may be processed by third-party payment processors, and we do not store complete payment card numbers.

C. SDS Documents, Compound Data, and User Inputs

To provide the Services, we collect, process, and store Safety Data Sheets generated through the Services, together with associated compound, chemical, formulation, product, hazard, research, and metadata information submitted by users or generated by the Services ("SDS Data").

SDS Data may include:

• Generated Safety Data Sheets;
• Chemical names;
• CAS numbers;
• Molecular formulas or structures;
• Compound identifiers;
• Product names;
• Research compound identifiers;
• Concentration or formulation information;
• Intended uses;
• Hazard, handling, storage, disposal, transportation, or exposure information;
• Regulatory classification information;
• Uploaded files or supporting documentation;
• Prompts, queries, and other user inputs; and
• Related metadata associated with generating, revising, storing, or downloading Safety Data Sheets.

SDS Data may not always be personal information. However, it may be associated with your account, organization, device, usage history, or other identifying information.

D. Usage and Device Information

When you use the Services, we may automatically collect information such as:

• IP address;
• Browser type;
• Device identifiers;
• Operating system;
• Referring and exiting pages;
• Pages viewed;
• Dates and times of access;
• Features used;
• Search queries or tool interactions;
• Log files;
• Error reports; and
• Approximate location derived from IP address.

E. Cookies and Similar Technologies

We may use cookies, pixels, local storage, software development kits, and similar technologies to operate, secure, personalize, and improve the Services. These technologies may collect information about your device, browser, preferences, and interactions with the Services.

You can typically control cookies through your browser settings. Disabling cookies may affect the functionality of the Services.

4. How We Use Information

We may use information, including personal information and SDS Data, for the following purposes:

• To provide, operate, maintain, and secure the Services;
• To generate, compile, draft, format, store, and deliver Safety Data Sheets and related outputs;
• To process user inputs and submitted chemical, compound, formulation, or product information;
• To retrieve, compare, and compile data from third-party chemical, regulatory, scientific, toxicological, environmental, transportation, or safety databases;
• To use AI-assisted analysis where database information is incomplete, unavailable, or insufficient for generating certain Safety Data Sheet sections;
• To make generated Safety Data Sheets available to users;
• To enable users to access, download, revise, regenerate, audit, and manage previously generated Safety Data Sheets;
• To create and manage user accounts;
• To provide customer support;
• To process payments and manage subscriptions;
• To send administrative, transactional, and service-related communications;
• To send marketing communications where permitted by law;
• To personalize the user experience;
• To monitor usage, diagnose technical issues, and improve performance;
• To detect, investigate, and prevent fraud, abuse, security incidents, or unauthorized access;
• To comply with legal, regulatory, contractual, and compliance obligations;
• To enforce our agreements; and
• To protect our rights, users, business, and Services.

5. Storage of Generated SDS Documents and Associated Data

We may store generated Safety Data Sheets and associated SDS Data to provide the Services. This includes storing SDS Data so that users may access, download, revise, regenerate, audit, and manage generated Safety Data Sheets through their accounts.

We may also retain SDS Data as necessary to provide customer support, maintain account history, troubleshoot technical issues, preserve security and audit records, comply with legal or contractual obligations, and enforce our agreements.

6. AI-Assisted Analysis

Our Services may use artificial intelligence, machine learning, large language models, or other automated analytical tools to assist in generating portions of Safety Data Sheets where authoritative third-party databases do not contain sufficient information for particular Safety Data Sheet sections.

AI-assisted analysis may be used to:

• Draft narrative Safety Data Sheet sections;
• Summarize available chemical, toxicological, regulatory, environmental, transportation, or safety information;
• Identify potentially relevant hazards or handling considerations;
• Fill informational gaps based on available data and analytical methods;
• Improve formatting, clarity, and consistency of generated Safety Data Sheets; and
• Support quality control and review workflows.

AI-assisted outputs are not intended to replace professional, regulatory, scientific, legal, or safety judgment. Users should independently review and verify AI-assisted content before relying on or distributing any Safety Data Sheet.

No AI Model Training Without Explicit Prior Consent

We do not use your generated Safety Data Sheets, compound data, uploaded files, prompts, user inputs, or other SDS Data to train, fine-tune, or improve AI models without your explicit prior consent.

Where we use third-party AI service providers, we require them to process SDS Data only as necessary to provide services to us and subject to contractual confidentiality, privacy, and security obligations, including restrictions prohibiting the use of SDS Data to train, fine-tune, or improve their AI models.

7. Third-Party Sources and Databases

The Services may compile data from third-party sources, including scientific, regulatory, chemical, toxicological, environmental, transportation, and safety databases. These sources may be operated by governmental agencies, academic institutions, commercial database providers, standards organizations, or other third parties.

We may transmit chemical identifiers, compound names, CAS numbers, search queries, or related technical information to third-party sources or service providers as needed to provide the Services.

Third-party sources may have their own privacy practices, terms of use, licensing restrictions, and data-handling practices. We are not responsible for the privacy practices of third-party websites, platforms, databases, or services that are not controlled by us.

8. How We Disclose Information

We may disclose information, including personal information and SDS Data, in the following circumstances.

A. Service Providers

We may disclose information to vendors, contractors, and service providers who perform services on our behalf, such as:

• Cloud hosting;
• Data storage;
• Security monitoring;
• Analytics;
• Customer support;
• Payment processing;
• Email delivery;
• AI processing;
• Database integration;
• Error logging;
• Identity and access management; and
• Professional services.

B. Third-Party Database and Data Providers

We may share limited information with third-party database providers or data sources as needed to retrieve, compile, verify, or process chemical, compound, regulatory, or safety-related information.

C. Business Customers and Account Administrators

If your account is provided by or associated with an organization, we may disclose account, usage, and submitted-content information to that organization or its authorized administrators, consistent with applicable agreements and settings.

D. Legal and Compliance Purposes

We may disclose information where we believe disclosure is necessary or appropriate to:

• Comply with applicable law, regulation, legal process, subpoena, or governmental request;
• Enforce our agreements;
• Protect the rights, property, or safety of the Company, our users, or others;
• Detect, prevent, or investigate fraud, abuse, security incidents, or technical issues; or
• Establish, exercise, or defend legal claims.

E. Business Transfers

We may disclose or transfer information in connection with an actual or potential merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar corporate transaction.

F. With Consent

We may disclose information with your consent or at your direction.

9. No Sale of Personal Information

We do not sell personal information to third parties.

We also do not use generated Safety Data Sheets, compound data, user inputs, or SDS Data for third-party advertising purposes.

If our practices change in a way that would constitute a "sale" or "sharing" of personal information under applicable privacy laws, we will update this Privacy Policy and provide any required notices and choices.

10. Aggregated, De-Identified, and Non-Personal Information

We may create, use, disclose, and retain aggregated, de-identified, anonymized, or otherwise non-personal information for lawful business purposes, including analytics, research, benchmarking, product development, security, regulatory analysis, and business operations.

We will not attempt to re-identify de-identified information except as permitted by law.

11. Data Retention

We retain personal information and SDS Data for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes.

We retain stored Safety Data Sheets and associated SDS Data for ninety (90) days following account termination or your deletion request, unless a longer retention period is required or permitted by law, contract, regulatory obligation, security requirement, backup retention practice, dispute resolution need, or legitimate business purpose.

After the applicable retention period expires, we will delete or de-identify the relevant information in accordance with our standard retention and deletion practices, unless continued retention is required or permitted by law.

Certain information may remain in backups, audit logs, transaction records, security records, or legal compliance files for a limited period where retention is necessary or permitted.

12. Data Deletion Requests

You may request deletion of your personal information, generated Safety Data Sheets, compound data, user inputs, and associated SDS Data by contacting us at support@pepsds.ai.

We may need to verify your identity and authority to act on behalf of the relevant account or organization before fulfilling a deletion request. We will respond to verified deletion requests within the timeframes required by applicable law.

We may deny or limit a deletion request where permitted by law, including where retention is necessary to:

• Complete a transaction;
• Provide the Services;
• Maintain security;
• Detect or prevent fraud, abuse, or unauthorized activity;
• Comply with legal or regulatory obligations;
• Resolve disputes;
• Enforce agreements;
• Preserve records required by law; or
• Maintain backups, audit logs, or compliance records for a limited period.

13. Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information and SDS Data against unauthorized access, use, disclosure, alteration, and destruction.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of information.

Users are responsible for maintaining the confidentiality of account credentials and for all activity under their accounts.

14. Your Choices

Depending on your location and applicable law, you may have certain choices regarding your personal information.

A. Account Information

You may be able to access, update, or correct certain account information by logging into your account or contacting us.

B. Marketing Communications

You may opt out of marketing emails by following the unsubscribe instructions in those emails. Even if you opt out of marketing communications, we may still send you service-related, transactional, or administrative messages.

C. Cookies

You may be able to manage cookies through browser settings or other tools. Some features of the Services may not function properly if cookies are disabled.

D. Privacy Rights Requests

Certain U.S. state privacy laws may provide residents with specific rights regarding personal information. These rights may include the right to know, access, correct, delete, obtain a copy of, or opt out of certain processing of personal information. Some state laws also require disclosures regarding categories of personal information processed, purposes of processing, categories of third parties receiving personal information, and methods for exercising privacy rights.

Depending on applicable law, you may have the right to request:

• Access to personal information we maintain about you;
• Correction of inaccurate personal information;
• Deletion of personal information;
• Portability of personal information;
• Restriction or limitation of certain processing;
• Opt-out of certain uses or disclosures;
• Withdrawal of consent where processing is based on consent; and
• Appeal of a decision regarding your privacy request.

To submit a request, including a deletion request, please contact us at support@pepsds.ai.

We may need to verify your identity before fulfilling your request. We may also decline or limit requests where permitted by law. We will not discriminate against you for exercising your privacy rights.

15. Additional Rights for EEA, UK, and California Users

If you are located in the European Economic Area, the United Kingdom, or California, additional rights and obligations may apply under the General Data Protection Regulation, the UK General Data Protection Regulation, the UK Data Protection Act 2018, or the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

These laws may provide rights to access, correct, delete, restrict, object to, or obtain a copy of certain personal information, and may require additional disclosures regarding our collection, use, retention, disclosure, sale, sharing, and other processing of personal information.

To exercise applicable rights, please contact us at support@pepsds.ai. We may verify your identity before responding to your request and may decline or limit requests where permitted by applicable law.

If you are located in the EEA or UK, you may also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you may have additional rights under the CCPA, including the right to know, access, correct, delete, and opt out of certain sales or sharing of personal information, where applicable. As stated above, we do not sell personal information to third parties.

16. International Users

The Services may be operated from the United States or other jurisdictions. If you access the Services from outside your country of residence, your information may be transferred to, stored in, or processed in countries that may not provide the same level of data protection as your jurisdiction.

Where required by applicable law, we use appropriate safeguards for international transfers of personal information, which may include standard contractual clauses, adequacy decisions, or other transfer mechanisms recognized under applicable data protection laws.

17. Children's Privacy

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18.

If you believe a child has provided personal information to us, please contact us, and we will take appropriate steps to delete such information.

If we learn that we have collected personal information from a child in violation of applicable law, we will delete it as required.

18. Professional, Scientific, Regulatory, and Safety Use

The Services are intended for use by individuals and organizations seeking assistance with Safety Data Sheet preparation, chemical safety research, or related scientific and regulatory workflows.

Users should not submit personal information that is unnecessary for the requested Safety Data Sheet or related output. Users are responsible for ensuring that any information they submit complies with applicable laws, contractual obligations, confidentiality restrictions, institutional policies, and organizational policies.

19. Confidentiality of Submitted Chemical or Research Information

We understand that chemical, compound, product, formulation, or research-related information submitted through the Services may be sensitive or confidential.

We use commercially reasonable safeguards designed to protect such information and restrict access to authorized personnel and service providers who need access to provide, maintain, secure, or support the Services.

However, unless separately agreed in writing, this Privacy Policy does not create confidentiality obligations beyond those expressly stated here or in our applicable terms of service, subscription agreement, data processing agreement, confidentiality agreement, or other written agreement with you.

20. Third-Party Links and Integrations

The Services may contain links to third-party websites, databases, publications, tools, or services.

We are not responsible for the privacy practices, content, terms, or security of those third parties. You should review the privacy policies and terms of any third-party services you access.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we may notify you by posting the updated Privacy Policy on our website, updating the "Last Updated" date, sending a notice, or taking other steps as required by law.

Your continued use of the Services after an updated Privacy Policy becomes effective constitutes your acceptance of the updated Privacy Policy.

22. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, including requests to delete your data, please contact us at support@pepsds.ai.