1. Introduction

AtheroPortal (the "Portal") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, store, and process your data when you use the Portal.

By accessing or using the Portal, you ("User") agree to comply with this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Data We Collect

2.1 Required Information

• Authentication Data (managed by Auth0):
  • Email address
  • Password (hashed, never stored in plaintext)
  • Authentication logs (login attempts, timestamps, IP address)
• Profile Data (collected upon registration):
  • Age
  • Gender
  • Function (role)
  • Sector
  • Country

2.2 Optional Information

• Affiliation (e.g., university, research institute)
• Research interest
• Data usage purpose
• Prior experience with AtheroExpress data

3. How We Store and Protect Your Data

3.1 Authentication and User Data Storage

• All user authentication and login data is handled exclusively by Auth0.
• The Portal does not store passwords or authentication credentials—these are managed securely by Auth0.
• Authentication logs are stored by Auth0 for security monitoring and may include login timestamps and IP addresses.

3.2 Security Measures

• Auth0 provides industry-standard encryption and multi-factor authentication (MFA) options.
• User data is stored within the European Economic Area (EEA) in compliance with GDPR and Dutch data protection regulations.
• The Portal implements access controls to prevent unauthorized data access.

4. How We Use Your Data

• User authentication and account management (via Auth0)
• Security monitoring and fraud prevention
• Usage analytics (aggregated, non-identifiable)

We do not:

• Sell or share your data with third parties for commercial purposes
• Use your data for targeted advertising
• Store raw passwords or sensitive personal details

5. Data Retention and Deletion

• Authentication logs and user account data are stored for the duration of your account’s existence.
• You may request account deletion at any time by contacting [Insert Contact Email]. Upon deletion:
  • Your authentication data will be removed from Auth0.
  • Any associated profile data will be permanently deleted.

6. Your Rights Under GDPR

As a user in the European Economic Area (EEA), you have rights under GDPR, including:

• Right to access – Request a copy of your stored data.
• Right to rectification – Correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – Request account deletion.
• Right to restrict processing – Limit how we use your data.
• Right to data portability – Obtain a machine-readable copy of your data.

To exercise these rights, email [Insert Contact Email].

7. Third-Party Services

The Portal relies on Auth0 for authentication and security. By using the Portal, you also agree to Auth0’s Privacy Policy, which can be found at: Auth0 Privacy Policy.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page, and continued use of the Portal constitutes acceptance of the revised policy.

For questions, contact: [Insert Contact Email]

1. Introduction

Welcome to AtheroPortal (the “Portal”), an interactive web platform that provides access to summary statistics from the AtheroExpress Biobank (the "Biobank"). This Portal is designed to support scientific and academic research in cardiovascular disease and related areas.

By accessing or using the Portal, you ("User") agree to comply with these Terms of Use. If you do not agree, please discontinue use immediately.

2. Scope of Use

2.1 Permitted Uses

• The Portal may only be used for:
  • Academic and scientific research related to cardiovascular disease and biobank data analysis.
  • Exploratory research and hypothesis generation using summary statistics.
  • Educational purposes by accredited institutions.
• Users may access aggregated, de-identified summary statistics, but not raw data or individual-level participant information.

2.2 Prohibited Uses

• Use the Portal for commercial purposes, including but not limited to product development, consulting, or industry-sponsored research.
• Attempt to re-identify individuals from the provided summary data.
• Share, distribute, or publish Portal data without proper acknowledgment (see Section 4).
• Use automated methods, bots, or scripts to scrape, copy, or mass-download data.
• Modify, create derivative works, or sublicense the data or software components of the Portal.
• Use the Portal for clinical decision-making or medical diagnosis.

Failure to adhere to these restrictions may result in revocation of access, legal action, and liability for damages.

3. Registration and User Accounts

To access the Portal, Users must register an account and provide:

• Mandatory information: Age, Gender, Function (role), Sector, Country.
• Optional information: Affiliation, Research Interest, Data Usage Purpose, Prior Experience with AtheroExpress data.

The Portal reserves the right to deny or revoke access to users who provide false information or violate ethical research guidelines.

4. Data Ownership, Licensing, and Publication Policy

4.1 Data Ownership

All data available through the Portal remains the property of the AtheroExpress Biobank. Users are granted a limited, revocable, non-exclusive, non-transferable right to access and use the summary statistics provided through the Portal.

4.2 Licensing and Attribution

The Portal operates under a Creative Commons BY-NC-ND 4.0 License. Users may use the Portal’s insights and results in publications without written approval, provided that they:

• Acknowledge the AtheroExpress Biobank and reference the AtheroPortal publication (to be made available once published).
• Provide attribution as required by the Creative Commons BY-NC-ND 4.0 License.

No commercial use, modifications, or redistribution of the content is permitted without written authorization.

4.3 Data Disclaimer

• Data Provided "As Is": The data made available through the Portal is provided "as is”, and the Portal and the AtheroExpress Biobank make no representations or warranties, express or implied, regarding the accuracy, completeness, or reliability of the data. Summary statistics are generated dynamically on the fly, and therefore the Portal does not guarantee the accuracy or reliability of any results or conclusions derived from these statistics.
• No Liability for Published Results: The Portal and the AtheroExpress Biobank shall not be held liable for any outcomes, conclusions, or results that Users report in their publications or research based on the data accessed through the Portal. Users are solely responsible for ensuring the accuracy, integrity, and appropriate interpretation of their findings.
• Notification of Errors or Discrepancies: Should Users identify any errors, discrepancies, or concerns related to the data, they are encouraged to promptly notify the Portal at [Insert Contact Email]. The Portal will take reasonable steps to address and resolve any issues that are brought to its attention, but assumes no obligation or liability to do so.

5. Research Ethics and Compliance

• Follow institutional ethics review board (ERB) approvals where applicable.
• Abide by GDPR and Dutch data protection laws in all research activities.
• Refrain from combining the Portal data with external datasets in an attempt to re-identify individuals.

The Portal reserves the right to audit usage and revoke access if unethical research practices are suspected.

6. Security and Data Integrity

• Authentication is managed through Auth0, ensuring secure login and identity verification.
• Users must not share login credentials. Any suspected breach must be reported to [Insert Contact Email] immediately.
• The Portal is subject to regular security audits and protective measures to prevent unauthorized access.

7. Data Retention and Deletion

• User-provided data is stored within the European Economic Area (EEA) under strict security policies.
• Personal data is retained only as long as necessary for research monitoring and security.
• Users can request data deletion or modification via [Insert Contact Email].

8. Termination of Access

• The Portal reserves the right to suspend or terminate accounts if Users violate these Terms.
• Modify or discontinue services at any time without prior notice.
• Report breaches to institutions, funding bodies, or regulators if misuse occurs.

9. Amendments and Updates

These Terms may be updated periodically. Continued use of the Portal after modifications constitutes acceptance of the revised Terms.

For questions, contact: [Insert Contact Email]