Authentication

LC-MS-IQ utilizes Supabase Authentication for user account management and authentication services.

Authentication functionality may include:

• User login
• Password management
• Session management
• Account verification
• Password reset functionality

User authentication credentials are managed through the Supabase authentication platform.

LCMS IQ, LLC does not store plaintext user passwords.

Users remain responsible for maintaining the confidentiality of their credentials and preventing unauthorized account access.

Password Security

Password storage and authentication functions are provided through Supabase Authentication.

User passwords are not visible to LCMS IQ, LLC personnel in plaintext form.

Users are responsible for:

• Selecting strong passwords
• Protecting account credentials
• Preventing unauthorized access
• Promptly reporting suspected account compromise

Users should not share credentials with other individuals.

Data Storage

LC-MS-IQ utilizes a managed PostgreSQL database platform provided through Supabase.

Stored information may include:

• User account information
• Company information
• Instrument information
• Method information
• Configuration settings
• Uploaded analytical files
• Trend information
• Reports
• Audit information
• Application metadata

Customers remain responsible for determining whether uploaded information is appropriate for storage within LC-MS-IQ.

Encryption

Communications between users and LC-MS-IQ are transmitted using HTTPS/TLS encryption technologies.

LC-MS-IQ relies upon security features provided by its hosting and infrastructure providers, including Supabase and other third-party service providers utilized by LCMS IQ, LLC.

No internet-connected system can guarantee absolute security.

Users acknowledge and accept the risks inherent in electronic transmission and storage of information.

Infrastructure Providers

LC-MS-IQ utilizes third-party infrastructure and service providers to support platform operations.

Examples may include:

• Supabase
• Cloud hosting providers
• Database providers
• Email providers
• Monitoring providers

The availability and security of third-party services remain outside the direct control of LCMS IQ, LLC.

Customers acknowledge that interruptions, outages, failures, or security incidents affecting third-party providers may affect availability of LC-MS-IQ.

PHI Restriction

LC-MS-IQ is not designed, marketed, or intended for the storage, processing, transmission, or management of:

• Protected Health Information (PHI)
• Electronic Protected Health Information (ePHI)
• Patient-identifiable information

Users shall not upload:

• Patient names
• Dates of birth
• Medical record numbers
• Social Security numbers
• HIPAA-regulated identifiers

unless specifically authorized through a separate written agreement executed by LCMS IQ, LLC.

Any upload of such information shall be deemed unauthorized.

User remains solely responsible for compliance with HIPAA, privacy regulations, institutional requirements, and internal policies.

Use of LC-MS-IQ does not create a Business Associate relationship under HIPAA.