01Legal and trust
The operating rules behind the research workspace.
Find the current policies for data handling, accounts, AI and connected providers, processor terms, service switching, billing, cancellation, and account deletion.
02Policy index
Choose the document that matches your question.
Privacy Policy
LabRat processes account, workspace, usage, device, and support information to operate an AI-assisted product research service. Research inputs may be sent to the AI or web-search provider selected for the workspace. Requests concerning personal data can be submitted through the Data Requests page.
Terms of Service
You keep ownership of your content and grant LabRat the limited rights needed to process it. You are responsible for account security, workspace activity, connected providers, lawful use, and verifying AI-generated outputs before acting on them.
Cookie Policy
LabRat uses necessary browser storage for authentication and product state. Optional Firebase / Google Analytics remains unloaded until you consent, and can be rejected or withdrawn without losing core service access.
Acceptable Use Policy
Do not use LabRat for unlawful, harmful, deceptive, infringing, or security-abusive activity. Do not bypass limits or use automation in a way that degrades the service or violates source and provider terms.
Data Requests and Account Deletion
Signed-in users can use the Web or mobile Privacy Request Center. Web offers an immediate JSON export. Deletion is scheduled after a 7-day cancellation period; solo workspaces can be deleted automatically, while team ownership conflicts receive administrator review.
Subprocessor List
Cloudflare and Supabase support core delivery and account data. Firebase supports analytics, crash reporting, and notifications. AI, search, and payment providers process data only when the corresponding route is used or enabled.
Data Processing Addendum
The Customer controls its workspace purposes and instructions. The identified LabRat operator processes Customer Personal Data only to provide and secure the service, under confidentiality, security, subprocessor, assistance, deletion, audit, and transfer obligations.
Switching and Data Portability Terms
Authenticated users can create a durable export job for eligible account and owned-workspace data and download the completed UTF-8 NDJSON package. Customers can request an assisted transition of no more than 30 calendar days, at least 30 days of post-transition retrieval, and deletion after successful retrieval, with no switching charge.
Refund and Cancellation Policy
Cancel through the available provider or support before renewal. Paid access generally continues to the end of the current period. Refunds are reviewed under the payment-channel rules, applicable law, and the facts of the charge.
AI Transparency Notice
LabRat clearly identifies AI-assisted workflows, distinguishes hosted platform AI from Local BYOK execution, preserves human control, adds signed machine-readable provenance to supported outputs, and requires important outputs to be verified before use.
Security Updates and Vulnerability Disclosure
LabRat accepts coordinated vulnerability reports, provides security fixes without an added security-update fee, maintains release evidence and an SBOM, and uses a five-year minimum planning baseline for distributed products unless a documented shorter expected lifetime lawfully applies.
Accessibility Statement
LabRat targets WCAG 2.2 Level AA, supports keyboard and assistive-technology use where implemented, and provides a direct route to report barriers or request an accessible alternative.