Skip to content

Legal

Privacy Policy

Effective date: April 16, 2026

This Privacy Policy describes how EVIDENCIA Labs ("we," "us," or "our") collects, uses, and protects information when you use meta-analysis.io (the "Service"). We take your privacy seriously; this page explains exactly what we collect and why.

1. Information we collect

Account information

When you create an account we collect your name, email address, and password hash. If you subscribe to a paid plan, our payment processor (Stripe) handles billing information; we do not store your card details on our servers.

Research content

We store the data you enter — study-level effect sizes, outcome data, 2×2 tables, subgroups, covariates, notes, and generated results and plots. This content is yours; see §3 below.

Usage information

We collect basic technical information automatically: IP address, browser and operating-system type, pages visited, referring URL, and timestamps. This is used to operate the Service and detect abuse. We use privacy-respecting, aggregated analytics and do not build advertising profiles.

Cookies

We use strictly necessary cookies for authentication and session management. We may set a small number of analytics cookies to understand aggregate product usage. We do not set third-party advertising cookies.

2. How we use your information

  • Provide, maintain, and improve the Service.
  • Authenticate you and secure your account.
  • Process subscription payments through Stripe.
  • Respond to support requests at hello@meta-analysis.io.
  • Send essential service announcements (account, billing, security).
  • Detect and prevent fraud, abuse, and policy violations.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your research data to train machine-learning models. We do not send marketing emails without your explicit opt-in.

3. Your research data

Research data you upload is stored encrypted at rest and in transit. Only you (and collaborators you explicitly invite to a project) can access it. We access your research data only as needed to operate the Service — for example, to investigate a bug report you submit, or to respond to a support request. Our staff are bound by confidentiality obligations.

The Service is not intended for storing regulated health information (PHI under HIPAA or equivalent) unless a separate written agreement (e.g., a BAA) is in place with us.

4. Service providers

We use the following infrastructure and service providers:

  • Supabase — authentication, database, and file storage (hosted in the United States).
  • Vercel — web application hosting and delivery.
  • Stripe — payment processing for subscriptions.

Each provider is bound by its own privacy and security terms and processes data only as needed to deliver its service to us. We do not share your information with other third parties.

5. Your rights

Subject to your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated research data.
  • Export a copy of your research data in a portable format.
  • Withdraw consent for optional data uses (e.g., analytics).
  • Object to or restrict certain processing. Residents of the EU/EEA, UK, California, or other jurisdictions may have additional rights under GDPR, CCPA, or local laws.

To exercise any of these rights, email hello@meta-analysis.io.

6. Data retention

We retain your research data for as long as your account is active. If you delete your account, we delete your research data within 30 days (except where retention is required by law — e.g., billing records for tax purposes, held for the period required by applicable regulation). You can also delete individual projects or outcomes at any time.

7. Security

We use industry-standard safeguards: TLS for all traffic, encryption at rest for databases and file storage, scoped access controls, and regular security review. No system is perfectly secure. If we learn of a security incident that affects your information, we will notify affected users in a reasonable timeframe as required by applicable law.

8. International transfers

The Service is operated from the United States. If you access it from outside the U.S., your information will be transferred to and processed in the United States. By using the Service you consent to this transfer.

9. Children

The Service is not directed to children under 16 and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

10. Changes to this policy

We may update this Policy from time to time. Material changes will be announced via the Service or email at least 30 days before they take effect. The "Effective date" at the top always reflects the current version.

11. Contact

Questions about this Privacy Policy, or to exercise any of your rights? Contact us at hello@meta-analysis.io.

← Back to home