Legal Documents
Terms of Service, Privacy Policy, Cookie Policy, EULA, Acceptable Use Policy, DPA, and SLA for BCILattice and BCINexus.
Legal Documents Index
| Document | Who It Applies To | Last Updated |
|---|---|---|
| Terms of Service | All users of BCINexus.io and BCILattice | 1 March 2025 |
| Privacy Policy | All users | 1 March 2025 |
| Cookie Policy | BCINexus.io website visitors | 1 March 2025 |
| End User Licence Agreement (EULA) | BCILattice desktop app users | 1 March 2025 |
| Acceptable Use Policy | All users | 1 March 2025 |
| Data Processing Agreement (DPA) | Institution & Enterprise customers | 1 March 2025 |
| Service Level Agreement (SLA) | Paid plan customers | 1 March 2025 |
| Open Source Notices | All BCILattice users | 1 March 2025 |
Terms of Service
Effective date: 1 March 2025 · Last updated: 1 March 2025
These Terms of Service ("Terms") govern your access to and use of BCINexus Ltd's ("BCINexus", "we", "us") products and services, including the BCILattice desktop application and the BCINexus platform ("Services"). By creating an account or using the Services, you agree to these Terms.
1. Eligibility
You must be at least 18 years old to create a BCINexus account. If you are using the Services on behalf of an organisation, you represent that you have authority to bind that organisation to these Terms.
2. Your Account
You are responsible for maintaining the security of your account credentials. You must promptly notify us of any unauthorised access. BCINexus is not liable for losses resulting from unauthorised use of your account.
3. Acceptable Use
You agree not to use the Services to: (a) violate any applicable law; (b) infringe the intellectual property rights of others; (c) upload malicious code or interfere with the Services; (d) use the Services in a way that violates the Acceptable Use Policy. BCINexus reserves the right to suspend or terminate accounts that violate these Terms.
4. Intellectual Property
BCILattice software and the BCINexus platform are owned by BCINexus Ltd. Your subscription grants you a limited, non-transferable, non-exclusive licence to use the software as described in the EULA. You retain ownership of all data, pipelines, and content you upload or create.
5. Subscriptions & Payment
Paid plans are billed in advance on a monthly or annual basis. All fees are non-refundable except as required by applicable law or as stated in the refund policy. BCINexus reserves the right to change pricing with 30 days' notice. Failure to pay may result in suspension of your account.
6. Termination
You may cancel your account at any time via account settings. BCINexus may terminate or suspend your account for violation of these Terms. Upon termination, your access to cloud features will cease. Local BCILattice data remains on your machine and is unaffected.
7. Disclaimers
The Services are provided "as is" without warranty of any kind. BCINexus does not warrant that the Services will be uninterrupted, error-free, or suitable for any particular clinical or regulatory purpose unless explicitly agreed in an enterprise contract.
8. Limitation of Liability
To the maximum extent permitted by law, BCINexus shall not be liable for indirect, incidental, consequential, or punitive damages. BCINexus's total cumulative liability shall not exceed the fees paid by you in the 12 months preceding the claim.
9. Governing Law
These Terms are governed by the laws of England and Wales. Disputes shall be resolved in the courts of England and Wales, unless you are a consumer in an EU member state, in which case you may bring proceedings in your local courts.
10. Changes to Terms
BCINexus may update these Terms. We will notify you by email and in-app notification at least 30 days before material changes take effect. Continued use of the Services after that date constitutes acceptance of the updated Terms.
Privacy Policy
Effective date: 1 March 2025 · Last updated: 1 March 2025
This Privacy Policy explains how BCINexus Ltd ("BCINexus", "we") collects, uses, and protects your personal data when you use BCILattice and the BCINexus platform. BCINexus is committed to protecting your privacy and complying with GDPR and UK GDPR.
Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Account | Name, email, password hash, institution | Authentication, account management |
| Usage | Feature usage events, error logs (opt-in) | Product improvement, crash diagnosis |
| Billing | Payment method (via Stripe, we do not store card numbers) | Subscription management |
| Cloud sync | Session metadata, pipeline configs, result summaries (opt-in) | Cloud backup and collaboration |
| Support | Email content, attached files | Providing customer support |
We do not collect raw brain signal recordings unless you explicitly upload them via Data Manager. BCILattice processes all EEG/fNIRS/EMG data locally on your machine.
Legal Basis (GDPR)
- Contract, Processing necessary to perform your subscription agreement
- Legitimate interest, Product security, fraud prevention, service improvement
- Consent, Optional analytics/crash reporting; marketing communications
- Legal obligation, Compliance with applicable laws
Your Rights (GDPR)
You have the right to access, correct, port, and erase your personal data. To exercise any of these rights, email privacy@bcinexus.io. We will respond within 30 days. You have the right to lodge a complaint with your supervisory authority.
Data Retention
Account data is retained for the duration of your account. Data is deleted within 30 days of account deletion. Backups are purged within 90 days. Billing records are retained for 7 years as required by financial regulations.
Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| AWS (eu-west-1) | Cloud hosting and storage | All cloud-stored data (encrypted at rest) |
| Stripe | Payment processing | Billing information only |
| Postmark | Transactional email | Email address, message content |
Cookie Policy
Effective date: 1 March 2025 · Last updated: 1 March 2025
BCINexus.io uses the following cookies:
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
bcn_session | Essential | Maintains your login session on the website | Session |
bcn_csrf | Essential | CSRF protection for form submissions | Session |
bcn_prefs | Functional | Stores UI preferences (dark/light mode, language) | 1 year |
_ga | Analytics (opt-in) | Google Analytics, page view counting only | 2 years |
Essential cookies cannot be disabled as they are necessary for the website to function. Analytics cookies are opt-in and can be disabled via the cookie banner or in Account → Privacy Settings.
The BCILattice desktop application does not use browser cookies. It stores preferences in your OS user profile directory.
End User Licence Agreement (EULA)
Effective date: 1 March 2025 · Last updated: 1 March 2025
This End User Licence Agreement governs your use of the BCILattice desktop application ("Software"). By installing or using the Software, you agree to these terms.
Licence Grant
BCINexus Ltd grants you a personal, non-exclusive, non-transferable, revocable licence to install and use BCILattice on machines you own or control, subject to your active subscription.
Restrictions
You may not: (a) reverse engineer, decompile, or disassemble the Software; (b) redistribute, rent, or sublicence the Software to third parties; (c) remove copyright or trademark notices; (d) use the Software to build a competing product.
Ownership
BCILattice remains the intellectual property of BCINexus Ltd. This licence does not transfer any ownership rights. You retain ownership of all data, pipelines, and models you create with the Software.
Open Source Components
BCILattice includes open source components. See Open Source Notices for the full list and applicable licences.
Academic & Research Use
Academic users (verified) may use BCILattice for non-commercial research and teaching. Publication of research conducted with BCILattice is permitted and encouraged. Please cite BCILattice in publications, citation format available at bcinexus.io/cite.
Acceptable Use Policy
Effective date: 1 March 2025 · Last updated: 1 March 2025
You agree not to use BCILattice or BCINexus to:
- Conduct non-consensual data collection or experiments involving human subjects without appropriate ethics approval
- Upload data that contains personally identifiable information (PII) in violation of applicable data protection laws
- Share community pipelines that infringe third-party copyrights or include malicious code
- Circumvent subscription limits or share account credentials to allow multiple users to use a single-user plan simultaneously
- Use the Services to train models for harmful, deceptive, or discriminatory applications
- Probe, scan, or test the vulnerability of BCINexus systems without written authorisation
- Use the Services in any way that violates export control laws or sanctions
Violation of this policy may result in immediate account suspension.
Data Processing Agreement (DPA)
Effective date: 1 March 2025 · Last updated: 1 March 2025
A Data Processing Agreement is available for Institution and Enterprise customers who process personal data (including health/clinical data) through BCINexus as a data processor under GDPR (Art. 28). The DPA includes Standard Contractual Clauses (SCCs) for international data transfers.
The DPA covers:
- Subject matter, duration, and nature of processing
- Categories of data subjects and personal data
- BCINexus's obligations as data processor
- Sub-processor list and notification process
- Technical and organisational security measures
- Data deletion and return obligations
- Breach notification obligations
- Right to audit BCINexus's processing activities
To request a DPA, email legal@bcinexus.io with your organisation name and the subject line "DPA Request".
Service Level Agreement (SLA)
Effective date: 1 March 2025 · Last updated: 1 March 2025
| Plan | Support Channel | Response Time | Uptime SLA |
|---|---|---|---|
| Free | Community forum | Best effort | No SLA |
| Researcher | 5 business days | 99.5% monthly | |
| Lab | Priority email | 48 business hours | 99.5% monthly |
| Institution | Priority email + Slack | 24 business hours | 99.9% monthly |
| Enterprise | Named engineer + phone | 4 business hours (critical) | 99.9% monthly + downtime credits |
Uptime SLA scope: BCINexus cloud API and web platform. Local BCILattice app functionality is not subject to uptime SLA as it runs locally.
Downtime credits (Enterprise): If monthly uptime falls below 99.9%, affected customers receive service credits equal to 10× the downtime (in hours) as a credit against future invoices, capped at 30% of the monthly fee.
Open Source Notices
BCILattice incorporates the following open source components. Full licence texts are included in the BCILattice installation at Help → Open Source Licences.
| Component | Licence | Copyright |
|---|---|---|
| PyQt6 | GPL v3 / Riverbank Commercial | Riverbank Computing Ltd |
| PyTorch | BSD 3-Clause | PyTorch Contributors |
| scikit-learn | BSD 3-Clause | scikit-learn Contributors |
| MNE-Python | BSD 3-Clause | MNE Contributors |
| NumPy | BSD 3-Clause | NumPy Contributors |
| SciPy | BSD 3-Clause | SciPy Contributors |
| Pandas | BSD 3-Clause | Pandas Contributors |
| MLflow | Apache 2.0 | Databricks Inc. |
| FastAPI | MIT | Sebastián Ramírez |
| PostgreSQL | PostgreSQL Licence | PostgreSQL Global Development Group |
| SQLAlchemy | MIT | Michael Bayer |
| SHAP | MIT | Scott Lundberg |
| ONNX Runtime | MIT | Microsoft Corporation |
| Jinja2 | BSD 3-Clause | Armin Ronacher |
| WeasyPrint | BSD 3-Clause | CourtBouillon |
| Next.js | MIT | Vercel Inc. |
| React | MIT | Meta Platforms Inc. |
| Tailwind CSS | MIT | Tailwind Labs Inc. |
A full Software Bill of Materials (SBOM) in SPDX format is available on request for enterprise IT security reviews.
Legal Contact
Registered in England and Wales
Legal & Compliance: legal@bcinexus.io
Privacy (GDPR requests): privacy@bcinexus.io
Security disclosures: security@bcinexus.io
For BAA, DPA, MSA, GxP Validation Packs, or custom enterprise agreements, email legal@bcinexus.io with your organisation name and the document you need.