Privacy Policy
Last updated: April 2026
1. Data Controller
GMP Analytics Kft., a company registered in Budapest, Hungary, is the data controller for all personal data processed through this website and our services. We are committed to protecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and applicable Hungarian data protection laws.
2. Data We Collect
We collect and process the following categories of personal data:
Account Registration: First name, last name, email address, and company name (optional). This data is collected when you create an account to access our COA database.
Contact Inquiries: Name, company, email address, and the content of your message when you submit a contact form.
Technical Data: IP address, browser type, and basic usage analytics collected automatically when you visit our website.
COA Scan Data: When you use our COA Scanner tool, we collect and store: the supplier name and website URL you provide, the AI-generated analysis scores (overall, completeness, rigour, credibility, traceability), the peptide name and other data extracted from the uploaded document, the number of present and missing checklist items, and a timestamp of each scan. The uploaded COA document itself is processed in real-time and is not permanently stored on our servers.
AI Processing: Uploaded COA documents are analysed using third-party AI services (Anthropic Claude API) to generate quality assessments. The document content is sent to the AI service for analysis only and is not retained by the AI provider beyond the processing session. No personal data is included in the AI analysis request.
Subcontractors: GMP Analytics may engage qualified third-party laboratories to perform or assist with analytical testing. In such cases, sample-related data (batch identifiers, test parameters) may be shared with the subcontractor to the extent necessary for testing. Subcontractors are bound by confidentiality obligations and are not permitted to use your data for any other purpose.
3. Purpose and Legal Basis
We process your data for the following purposes: providing access to our COA verification platform (contractual necessity), operating the COA Scanner tool and storing scan results to build a quality reference database (consent), responding to your inquiries (legitimate interest), improving our website and services (legitimate interest), and complying with legal obligations. We do not sell, rent, or share your personal data with third parties for marketing purposes.
Consent as Legal Basis: For COA scan data and related supplier information, the legal basis for processing is your explicit consent, given at account registration. You may withdraw this consent at any time by contacting us, at which point we will cease processing and delete your scan data within 30 days.
4. Data Storage and Security
Your data is stored on servers located within the European Union (Frankfurt, Germany) using Supabase infrastructure with encryption at rest and in transit. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
5. Data Retention
Account data is retained for as long as your account is active. COA scan results and associated supplier data are retained for as long as your account is active or until you withdraw consent, whichever comes first. Contact inquiry data is retained for up to 2 years. You may request deletion of your data at any time by contacting us.
6. Your Rights Under GDPR
You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to withdraw consent at any time. To exercise these rights, please contact us at the address provided on our website. You also have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
7. Cookies
This website uses only essential cookies required for the proper functioning of the platform (e.g., session management). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.