Privacy Policy

Clear, plain-English privacy information for researchers, students, labs, and institutional review.

Privacy Policy – Version 1.1 · Effective date: January 22, 2026

No selling of dataNo training on your documents (default)Exportable + deletableAudit-ready

What this policy means for you

  • You control what you upload and what you export.
  • You can download your data and delete your data from Settings.
  • AI features only run when you trigger them, and are designed to be RCR-compliant (traceable, no fabrication, human review).
  • Optional cookies are off by default; you can change cookie preferences any time.
Account SettingsContactView policy archive

A) Introduction

This Privacy Policy explains how this platform collects and uses data.

The platform is built to help researchers, students, labs, and teams with research assistance: evidence mapping, synthesis, hypothesis drafting, and grant editing.

We also commit to Responsible Conduct of Research (RCR): outputs should be traceable to user-provided sources, avoid fabrication, and require human review before export.

B) What data we collect

We collect the following categories of data:

  • Account information: email address and basic account records.
  • Uploaded documents: papers and drafts you upload or paste (for example PDFs, extracted text, or grant drafts).
  • Generated outputs: syntheses, evidence maps, claims, hypotheses, drafts, grant edits, and audit logs you generate.
  • Usage metadata: timestamps and feature usage events used for reliability, debugging, and security.

What we do NOT collect:

  • We do not sell personal data.
  • We do not train external AI models on your uploaded documents by default.

C) How we use data

We use data only to provide and operate the service you request.

  • Provide requested features (research synthesis, claims tracking, hypothesis drafting, grant editing).
  • Improve reliability and enforce safety/compliance rules (including RCR guardrails).
  • Maintain auditability and security (for example, run logs and admin audit events).

E) AI & third-party processing

Some features use third-party processors. We disclose them clearly so institutional reviewers and lab teams can assess risk.

  • AI providers: OpenAI and Google Gemini (used to process text for AI features you trigger).
  • Payment processor: Stripe (used for billing/subscriptions if enabled).
  • Hosting and database providers: reputable cloud hosting plus a hosted Postgres database.

Important notes:

  • We send only the text needed to perform the requested task.
  • We do not send passwords or payment card details to AI providers.
  • AI outputs are constrained by RCR and traceability rules (no fabricated claims; evidence links where applicable).

F) Data retention

We keep data only as long as needed for the service, subject to your settings and deletion requests.

  • Uploaded documents may be retained while your account is active and/or according to your organization’s retention settings.
  • You can delete your data from Account Settings.
  • Some deployments offer an option such as “Do not retain uploaded documents after processing.” If enabled, the system minimizes stored content after extraction.

G) Your rights (GDPR)

If you are covered by GDPR (for example EU/EEA users), you have rights over your personal data.

In this product, the main controls are available in Account Settings.

  • Right to access: view what data is stored about you.
  • Right to download: export your data.
  • Right to delete: request deletion of your data (irreversible).
  • Right to withdraw consent: you can withdraw consent (including AI processors consent) from Settings.

H) Cookies & tracking

We use essential cookies/storage for sign-in, security, and core app behavior.

Optional cookies (like analytics or functional preferences) are off by default and require your choice.

You can manage cookie preferences in the cookie banner and on this page.

Cookie preferences

Essential cookies are always on (sign-in, security). Optional cookies are off by default.

Current: Not set

I) Security measures

  • Encryption in transit (HTTPS).
  • Access controls and organization-level separation.
  • Audit logs for sensitive actions.
  • Breach notification commitment: if we become aware of a breach affecting your account, we will notify impacted users without undue delay and aim to provide an initial update within 72 hours when feasible.

J) International users

If you are in the EU/EEA, GDPR rights apply.

If you use the service from outside the country where it is hosted, your data may be processed in other jurisdictions as part of providing the service.

K) Contact information

For privacy or data protection questions, contact us:

  • Email: contact@example.com
  • Or use the Contact page: /contact

Consent alignment

  • Consent is not implied. Before AI processing runs, you are asked to affirmatively accept the relevant consent checkboxes.
  • You can withdraw consent in Account Settings.
Ethics StatementPrivacy Policy archive