Privacy Policy

1. Information We Collect

1.1 Information You Provide

Account Information:

• Email address
• Name (optional)
• Password (encrypted)
• Profile picture (if using OAuth providers like Google or GitHub)

Payment Information:

• Billing address
• Payment method details (processed securely by Stripe; we do not store credit card numbers)

Content You Create:

• Search queries and claims
• Saved searches and results
• Annotations and comments
• Workspace and collaboration data

1.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on the Service
• Search queries and results
• Export and download activity
• API usage (for API subscribers)

Device and Browser Information:

• IP address
• Browser type and version
• Operating system
• Device identifiers
• Screen resolution
• Referring website

Cookies and Similar Technologies:

• Session cookies (for authentication)
• Preference cookies (for settings like dark mode)
• Analytics cookies (for understanding usage patterns)

See our Cookie Policy for more details.

1.3 Information from Third Parties

OAuth Providers:

• If you sign in with Google, GitHub, or other OAuth providers, we receive basic profile information (name, email, profile picture)
• We do not access your contacts, files, or other data from these providers

Payment Processors:

• Stripe provides us with payment confirmation and subscription status
• We do not receive or store your full credit card information

2. How We Use Your Information

We use the information we collect to:

2.1 Provide and Improve the Service

• Process your searches and generate results
• Save your claims and preferences
• Provide customer support
• Analyze usage patterns to improve features
• Fix bugs and technical issues
• Develop new features and functionality

2.2 Manage Your Account

• Authenticate your identity
• Process payments and subscriptions
• Send account-related notifications
• Enforce usage limits based on your plan
• Manage team workspaces and collaboration

2.3 Communicate with You

• Send service updates and announcements
• Respond to your inquiries and support requests
• Send marketing communications (with your consent; you can opt out anytime)
• Notify you of new features or changes to the Service

2.4 Ensure Security and Compliance

• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and property
• Maintain security and integrity of the Service

2.5 Analytics and Research

• Understand how users interact with the Service
• Measure the effectiveness of features
• Conduct research to improve AI accuracy
• Generate aggregated, anonymized statistics

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who help us operate the Service:

• Vercel: Hosting and infrastructure
• Stripe: Payment processing
• OpenAI, Anthropic, etc.: AI/LLM providers for text analysis
• Sentry: Error tracking and monitoring
• Email service providers: Transactional and marketing emails

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Collaboration Features

• When you share a claim or workspace, we share relevant data with the people you invite
• Team members can see searches, annotations, and comments within shared workspaces
• You control what you share and with whom

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or subpoenas
• Government or regulatory requests
• Legal processes or investigations
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

3.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

3.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify you personally, such as:

• Popular search topics and trends
• Usage statistics and analytics
• Research findings based on aggregated data

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for 90 days after deletion
• Search History: Retained based on your plan (30 days for free, 1 year for Basic, unlimited for Pro/Enterprise)
• Payment Records: Retained for 7 years for tax and accounting purposes
• Analytics Data: Retained for up to 2 years in aggregated form
• Backup Data: May be retained for up to 90 days in backup systems

You can request deletion of your data at any time by contacting us or deleting your account. Some data may be retained in backup systems for a limited time or as required by law.

5. Your Rights and Choices

5.1 Access and Portability

• You can access your account information through your account settings
• You can export your data (searches, saved claims) in JSON or CSV format
• Contact us to request a complete copy of your data

5.2 Correction and Update

• You can update your account information at any time through your account settings
• Contact us if you need help correcting inaccurate data

5.3 Deletion

• You can delete your account at any time through account settings
• Deletion is permanent and cannot be undone
• Some data may be retained in backups for up to 90 days
• We may retain certain data as required by law or for legitimate business purposes

5.4 Marketing Communications

• You can opt out of marketing emails by clicking "unsubscribe" in any email
• You can manage email preferences in your account settings
• We will still send you essential service-related emails (e.g., billing, security alerts)

5.5 Cookies

• You can control cookies through your browser settings
• Disabling cookies may limit functionality of the Service
• See our Cookie Policy for more information

5.6 Do Not Track

We do not currently respond to "Do Not Track" signals from browsers. We will update this policy if we implement Do Not Track support in the future.

6. Regional Privacy Rights

6.1 European Economic Area (EEA) - GDPR

If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, legal obligations, and legitimate interests
• Right to Object: You can object to processing based on legitimate interests
• Right to Restriction: You can request restriction of processing in certain circumstances
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority
• Data Transfers: We use standard contractual clauses for transfers outside the EEA

6.2 California - CCPA/CPRA

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Authorized Agent: You may designate an authorized agent to make requests on your behalf

6.3 Other Regions

We comply with applicable data protection laws in all jurisdictions where we operate. If you have questions about your rights in your region, please contact us.

7. Security

We implement industry-standard security measures to protect your information:

• Encryption: Data in transit is encrypted using TLS/SSL; data at rest is encrypted
• Access Controls: Limited access to personal data on a need-to-know basis
• Authentication: Secure password hashing (bcrypt) and optional two-factor authentication
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Audits: Periodic security assessments and penetration testing
• Incident Response: Procedures for detecting, responding to, and reporting security incidents

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. Children's Privacy

The Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy, including:

• Using service providers that comply with applicable data protection laws
• Implementing standard contractual clauses approved by the European Commission
• Ensuring adequate security measures are in place

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email (if you have an account)
• Display a prominent notice on the Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: