Privacy Policy

1. Our Commitment to Privacy

Pombo Labs ("Pombo Labs," "we," "us," or "our") is a human‑centered research initiative creating explainable artificial intelligence for the early detection of autism spectrum disorders and epilepsy and for delivering everyday support tools to families and clinicians. Protecting the privacy and security of personal data, especially sensitive video, audio, and physiological information, is fundamental to our mission.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit pombolabs.com, participate in our studies, or use any prototype applications or open‑source resources we provide (collectively, the “Services”). Study‑specific consent forms or Data Use Agreements may provide additional details and will prevail where they differ from this Policy.

2. The Data We Collect About You

“Personal data” means any information that can identify you directly or indirectly. We may collect, store, and process the following categories:

• Identity & Contact Data: Name, email address, phone number, and professional affiliation.
• Technical Data: IP address, browser type, device identifiers, and usage logs when you browse our site or use online tools.
• Research Participant Data: Depending on the study, this may include video recordings, audio clips, wearable‑sensor streams (e.g., heart‑rate), gaze or motion captures, self‑reported survey responses, and caregiver feedback. Whenever feasible, we de‑identify or anonymize such data before analysis.
• Caretaker & Clinician Feedback: Observations or labels you provide to train or validate our models.
• Marketing Preferences: Your opt‑in choices for research updates or newsletters.

3. How We Use Your Personal Data

We process personal data only when legally permitted and for purposes such as:

• Scientific Research: Training, validating, and auditing machine‑ learning models that detect early neuro‑developmental patterns or provide behavioural insights.
• Service Delivery: Operating prototype screening apps, dashboards, or collaboration portals you access.
• Site Administration & Security: Troubleshooting, analytics, and protecting against fraud or misuse.
• Compliance: Meeting ethical‑review or regulatory requirements and responding to lawful requests.
• Communication: Responding to inquiries or sending research updates you have opted into. You may withdraw consent at any time.

4. Data Sharing and Disclosure

We do not sell personal data. We may share it with:

• Research Partners & IRB‑Approved Collaborators: Universities, hospitals, or nonprofits collaborating on a specific study under confidentiality and data‑processing agreements.
• Service Providers: Cloud hosting, analytics, and security vendors bound by strict contractual obligations.
• Open‑Science Community: We may release de‑identified or aggregated datasets to advance reproducible research. Personally identifiable information is never included without explicit consent and ethics approval.
• Regulatory & Legal Authorities: When required to comply with laws or protect rights and safety.

5. Data Security

We implement encryption in transit and at rest, strict access controls, and regular security audits. Only personnel with a legitimate research or operational need can access identifiable data, and all are bound by confidentiality obligations.

6. Data Retention

We retain personal data only as long as necessary for the research purpose for which it was collected, plus any legally mandated period. For published, de‑identified datasets, retention may be indefinite to support reproducibility and longitudinal studies.

7. International Data Transfers

Where research collaborators or cloud services are located outside your jurisdiction, we rely on recognized safeguards such as Standard Contractual Clauses or adequacy decisions to protect personal data during cross‑border transfers.

8. Your Legal Rights

You may have rights to:

• Access the personal data we hold about you.
• Request correction or deletion of inaccurate data.
• Object to or restrict certain processing activities.
• Withdraw consent at any time (this will not affect past lawful processing).

To exercise these rights, email privacy@pombolabs.com.

9. Cookies and Tracking Technologies

We use minimal first‑party cookies for basic site functionality and analytics. You can disable cookies in your browser settings, but some features may not function correctly.

10. Changes to This Privacy Policy

We may revise this Policy periodically. We will post updates on this page and, where appropriate, notify you by email. The “Last updated” date at the top indicates the latest revision.