Version 1.0 | Effective: April 11, 2025

Applies To: All Simreka employees, partners, contractors, and users of Simreka software solutions (including ChemAssist, Virtual Experimentation Platform, and Databank)

1. Purpose

The purpose of this Data Governance Policy is to define the framework and practices by which Simreka manages data across its product and operational ecosystem. This includes ensuring data quality, privacy, security, ownership, and compliance in alignment with global standards and the specific needs of AI-driven R&D in chemicals, materials, and formulations.

2. Scope

This policy applies to:
– All internal and external data processed by Simreka products
– Data used in AI model training (e.g., ChemAssist)
– Customer-submitted proprietary data
– Public domain scientific data (e.g., patents, research articles, chemical databases)
– Data used for analytics, simulation, and model feedback
– On-premise and cloud deployments of Simreka’s software platforms

3. Data Categories

Simreka classifies data into the following categories:
– Customer proprietary data
– Publicly available scientific and regulatory data
– Generated simulation and prediction data
– Personal and business contact information (minimal use)
– Infrastructure and telemetry data (for diagnostics and optimization)

4. Data Security & Protection

Encryption:
– At Rest: All sensitive and proprietary data is encrypted using AES-256 or better.
– In Transit: All communication channels are encrypted via TLS 1.2 or higher.

Access Control:
– Role-based access controls (RBAC) enforced across systems.
– Multi-factor authentication (MFA) required for admin and developer accounts.
– Customer-specific data silos maintained in isolated environments (for both SaaS and on-premise deployments).

On-Premise Flexibility:
– Simreka software can be deployed on-premise to ensure complete ownership and isolation of sensitive data.

5. AI & Model Governance (ChemAssist & Simulation Models)

Model Transparency:
– All model architectures, training datasets (unless customer-owned), and update logs are documented.
– Explanatory metadata accompanies predictions and recommendations from ChemAssist.

Model Auditing:
– Continuous validation of model performance against benchmarks.
– Differential data lineage tracking to ensure AI responses are traceable.

Responsible Use:
– AI is designed for decision support, not replacement of human expertise.
– Customer-specific models can be securely fine-tuned on proprietary data without data leakage.

6. Data Usage & Retention

Customer Data: Used only for client-specific services, with opt-in for training – Retained per contract or deleted upon request
Simulation Results: Used to improve predictive accuracy (anonymized) – Up to 3 years unless extended by customer
Public Data: Used to enhance system intelligence and LLM – Indefinite
Personal Data: Minimal use (e.g., login, billing) – Deleted after account termination or 30 days

7. Regulatory Compliance

Simreka is committed to complying with applicable data privacy and security regulations, including:
– GDPR (EU)
– India DPDP Act
– CCPA/CPRA (California)
– ISO/IEC 27001 alignment

A Data Protection Officer (DPO) oversees policy implementation, risk assessments, and incident response.

8. Data Sharing & Third Parties

– No data is shared with third parties without explicit, documented consent.
– Subprocessors (e.g., cloud providers, analytics tools) are bound by strict DPAs (Data Processing Agreements).
– ChemAssist and other modules never use client proprietary data for training shared models unless explicitly authorized.

9. Data Quality & Stewardship

– Data stewards ensure consistency, completeness, and relevance of critical datasets.
– Anomaly detection and automated flagging help maintain data hygiene.
– Customers can request data correction, export, or deletion through designated support channels.

10. Breach Notification & Incident Response

– All data incidents are logged and escalated to the DPO.
– Clients are notified of any breaches affecting their data within 72 hours.
– A full postmortem and corrective action plan will be shared in such cases.

11. Contact

For any questions or concerns about this policy, please contact:
📧 hello@simreka.com
🛡️ Data Protection Officer – Simreka (Devtaar GmBH)