Last updated May 29, 2026

Privacy Policy

Necktie Labs, LLC ("Regiome," "we," "us," or "our") operates a read-only service that helps users search, retrieve, summarize, and cite public medical and regulatory source records through agent workflows. This Privacy Policy explains how we collect, use, disclose, and retain information when you use Regiome, including the website at regiome.io, the MCP endpoint at mcp.regiome.io, and services that link to this policy.

If you access Regiome through ChatGPT or another third-party platform, that platform may separately collect and process your prompts, outputs, account information, and interaction history under its own terms and privacy policy. We do not control third-party platform practices.

1. Product scope

Regiome is designed for public source research and source-record workflow support. It is not designed for electronic health record access, patient intake, care delivery, billing, claims processing, patient monitoring, diagnosis, treatment, prescribing, or protected health information workflows.

Regiome is not offered as a HIPAA-compliant service for the public endpoint. Do not submit protected health information, patient records, medical images, insurance information, credentials, secrets, trade secrets, privileged material, or other sensitive personal or confidential information unless a separate written agreement expressly permits it.

2. Information we collect

We may collect or process the following categories of information:

• Contact information, such as your name, email address, organization, and message content if you contact us.
• Account or access information if we provide accounts, authentication, API keys, or access tokens.
• Prompt and request information, such as tool names, query parameters, source identifiers, source URLs, and other content you submit to the service.
• Output and response information, such as retrieved source records, summaries, metadata, provenance, errors, and response sizes.
• Device and network information, such as IP address, browser or client type, user agent, timestamps, approximate location derived from IP address, and request headers.
• Operational information, such as logs, diagnostics, latency, rate-limit counters, abuse signals, security events, and service health metrics.
• Platform information received from third-party platforms or MCP clients, such as account identifiers or integration metadata, if the platform provides it to us.

We do not intentionally collect patient records, PHI, payment card information, government identity numbers, biometric identifiers, precise geolocation, or children's data through the public service.

3. Public source records

Regiome retrieves data from public source systems such as FDA, ClinicalTrials.gov, PubMed/NCBI, NIH RePORTER, NLM Clinical Tables, and related public APIs. Those records are governed by the notices, licenses, terms, retention practices, and access policies of the relevant source systems.

Source systems may receive requests that are necessary to retrieve records, such as search terms, identifiers, API keys associated with our deployment, IP addresses, and technical request metadata.

4. How we use information

We use information to:

• Provide read-only search, lookup, fetch, summarization, and citation workflows.
• Operate, maintain, secure, debug, and improve Regiome.
• Authenticate users, issue or validate tokens, enforce rate limits, and prevent abuse.
• Monitor uptime, latency, source availability, error rates, and service health.
• Respond to support, privacy, security, and business inquiries.
• Investigate violations of our terms, security events, fraud, misuse, or unlawful activity.
• Comply with legal obligations, platform-review obligations, and lawful requests.
• Create aggregated or de-identified operational statistics.

We do not use public-service prompts or tool requests to provide medical care, make clinical decisions, or build patient profiles.

5. AI and model use

Regiome may be accessed through AI platforms or MCP clients that process prompts and outputs outside our control. We may also use AI or automated systems to operate the service, classify errors, identify abuse, improve tool descriptions, summarize source records, or support development and quality assurance.

We do not intend to use public-service submissions containing personal information to train general-purpose foundation models. If an enterprise agreement sets different data-use terms, that agreement controls for the covered deployment.

6. How we disclose information

We may disclose information:

• To service providers that host, secure, monitor, analyze, support, or operate Regiome.
• To third-party platforms or MCP clients involved in your use of the service.
• To upstream public source systems when needed to retrieve records.
• To professional advisers, auditors, insurers, or business partners under appropriate obligations.
• As part of a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets.
• To comply with law, legal process, platform-review requirements, or government requests.
• To enforce our terms, protect rights and safety, investigate abuse, or respond to security incidents.
• With your consent or at your direction.

We do not sell personal information for money. We do not use personal information from the public service for cross-context behavioral advertising. If that changes, we will update this policy and provide any legally required choices.

7. Cookies and analytics

Our website and service may use cookies, local storage, logs, analytics, or similar technologies for essential operation, security, diagnostics, abuse prevention, and usage measurement. You can configure your browser to block cookies, but some features may not work.

We do not currently use cookies for cross-context behavioral advertising on the public service.

8. Retention

We retain information for as long as needed to provide, secure, debug, improve, defend, or discontinue the service, comply with law, resolve disputes, enforce agreements, and maintain business records. Retention periods may vary based on data type, sensitivity, source, account status, legal requirements, and operational needs.

We may retain aggregated or de-identified information that no longer reasonably identifies you.

9. Security

We use administrative, technical, and organizational safeguards designed to protect information processed by Regiome. No internet service, cloud service, AI platform, or public API workflow is fully secure. Do not submit sensitive information to the public service.

Security concerns can be reported to security@regiome.io.

10. Children's privacy

Regiome is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child provided personal information, contact privacy@regiome.io.

11. Your choices and rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, or objection regarding personal information we process. You may also have rights to opt out of certain sales, targeted advertising, or profiling. Because these rights vary by jurisdiction, we will handle requests as required by applicable law.

To make a privacy request, contact privacy@regiome.io. We may need to verify your identity before responding. We may deny requests where an exception applies, such as security, legal compliance, fraud prevention, debugging, free expression, or records we must keep.

You can reduce data collection by avoiding sensitive submissions, limiting the information in prompts and tool requests, configuring your browser, and using any privacy controls offered by the third-party platform through which you access Regiome.

12. International use

Regiome is operated from the United States. If you access it from outside the United States, your information may be processed in the United States and other jurisdictions that may not provide the same data protection laws as your location.

13. Changes to this policy

We may update this Privacy Policy from time to time. The current version will be posted on this page with the updated date above. If we make material changes, we will provide notice as required by law.

14. Contact

Privacy questions and requests can be sent to privacy@regiome.io. Support questions can be sent to support@regiome.io.