Privacy Policy

Template notice: these documents are starting points only and do not constitute legal advice. They must be reviewed by a qualified legal professional before a public commercial launch. Replace all placeholders (company name, address, contact emails, registration numbers, hosting provider details).

Operator (placeholder): [Your legal entity name], contact: privacy@example.com

What we collect

Account data (email, authentication identifiers, profile fields you provide).
Project data (titles, research questions, keywords, notes, rankings, comparisons).
Uploaded PDFs and extracted text when you upload files legally.
Paper metadata from public academic indexes and your library selections.
AI-generated summaries, drafts, and copilot messages derived from your inputs.
Billing metadata via Stripe (subscription status, customer id — not full card numbers).
Usage and security logs (requests, rate limits, error diagnostics).
Cookies / local storage required for session and preferences.

Purposes

Providing the service, authentication, billing, AI-assisted features, security, support, and legal compliance.

Legal bases (GDPR)

Performance of a contract (Art. 6(1)(b)).
Legitimate interests such as fraud prevention and service improvement (Art. 6(1)(f)).
Consent where required, e.g. non-essential cookies or certain marketing (Art. 6(1)(a)).
Legal obligation where applicable (Art. 6(1)(c)).

Processors

Supabase (database, auth, storage), Vercel (hosting), Stripe (payments), AI providers you configure (e.g. OpenAI or OpenRouter), and future email providers if enabled.

International transfers

Providers may process data in the EU, UK, US, or other regions. Use their DPAs / SCCs as appropriate and document your transfer mechanism.

Retention

Retain data while the account is active and as needed for legal, tax, and dispute resolution. Define concrete retention windows in your operational policy.

Your rights

Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where applicable. You may lodge a complaint with a supervisory authority (e.g. CNIL in France).

Exports and deletion

Request a copy or deletion via privacy@example.com. Automated deletion may not be available during beta; requests are handled subject to verification and legal holds.

Your PDFs

You are responsible for having the rights to upload and process documents you provide.

AI disclaimer

AI outputs can be inaccurate. You must verify results before academic or legal reliance.

Security

We apply industry-standard measures including TLS, access control, row-level security, and rate limiting. No method is 100% secure.

Version française