Privacy Policy

Last updated: February 2026

1. Introduction

SiestaStudio ("the Service"), operated by Arsalan Akhtar, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our Service.

2. Information We Collect

Account Information

  • Name and email address (from registration or OAuth provider)
  • Profile image (from OAuth provider, if available)
  • OAuth provider identifiers (Google, GitHub, or ORCID ID)

Optional Profile Information

  • Organization / institution
  • Position / role
  • Country
  • Research field

Usage Data

  • Saved calculations and input file configurations
  • Workflow definitions and preset configurations
  • Uploaded output files for analysis (SCF, DOS, bands, PDOS)
  • Login timestamps and activity history
  • Storage usage statistics

3. How We Use Your Information

  • To provide and maintain the Service
  • To authenticate your identity and manage your account
  • To save and retrieve your calculations
  • To send product updates, newsletters, and tips (only with your explicit consent)
  • To improve the Service based on usage patterns

4. Marketing Communications (GDPR)

We only send marketing communications if you have explicitly opted in via the marketing consent checkbox in your profile. You can withdraw consent at any time by updating your email preferences in your profile settings. We record the date of your consent for compliance purposes.

5. Data Storage and Security

Your data is stored on MongoDB Atlas with encryption at rest and in transit. We use industry-standard security measures to protect your information. Account passwords are hashed using bcrypt and are never stored in plaintext.

6. Third-Party Services

We use the following third-party services:

  • Google, GitHub, ORCID — for OAuth authentication (we receive only your public profile information)
  • Cloudflare Turnstile — for bot protection during registration and sign-in
  • MongoDB Atlas — for data storage
  • PseudoDojo — for downloading pseudopotential files (PSML); requests are proxied through our server

7. Your Rights

You have the right to:

  • Access your personal data through your profile page
  • Update your profile information at any time
  • Delete your account and all associated data from your profile settings
  • Withdraw consent for marketing communications at any time
  • Export your data by contacting us

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data and saved calculations are permanently removed. Anonymized audit logs may be retained for security purposes.

9. Cookies

We use essential cookies for authentication session management. We do not use tracking or advertising cookies.

10. Children's Privacy

The Service is intended for researchers and students in higher education. We do not knowingly collect information from children under 16.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email (if you have opted in to communications) or by posting a notice on the Service.

12. Contact

For questions about this Privacy Policy or to exercise your data rights, please contact us at sr.arsalan.akhtar@gmail.com.