Data Policy

An account requires an email and a password. You can optionally link an ORCID iD from settings so reviews are attributable to the verified researcher; the link is removable at any time. Submitted papers (PDF or DOCX) and the reviews we generate are stored against your account so you can return to them. Stripe handles checkout end-to-end. We receive a customer reference and entitlement records, never card data. Standard server logs (IP, user agent, request path) are kept for 30 days for debugging and abuse response.

Submitted manuscripts and the reviews we generate are sent to a third-party LLM API for inference. We only work with providers whose enterprise terms prohibit training on customer API inputs and outputs by default. We have not opted in to any training program. We do not train models ourselves on customer manuscripts.

All connections use TLS 1.2 or newer. Database backups are encrypted at rest before upload to object storage and tested on a recurring restore cadence. Passwords are stored as bcrypt hashes. Sessions use HMAC-signed, HttpOnly/Secure cookies with SameSite=Lax.

A small set of vendors handles parts of the service. Each one sees only what it needs to do its job.

• LLM provider. Receives the manuscript text and returns the structured review. Operates under enterprise API terms with no training on submitted content.
• DigitalOcean. Application hosting, managed PostgreSQL, and Spaces (S3-compatible) blob storage for PDFs and database backups. SOC 2 Type II certified.
• Stripe. Payment processing. Privacy policy.

Anonymous uploads (no account attached) are deleted after 7 days. Account-attached papers and reviews are kept for as long as the account is active. Deleting the account removes the associated personal data within 30 days. Reviews that have been made public via the leaderboard remain visible; the corresponding author can request takedown by email (see §7). Encrypted backups follow a tiered retention of 7 daily / 4 weekly / 3 monthly snapshots.

Two HttpOnly/Secure/SameSite=Lax cookies:user_session authenticates a logged-in account, andbuyer_session binds an unclaimed review-pass purchase to your browser. No tracking pixels, analytics cookies, or third-party advertising.

You can request a copy of your data, an export of your reviews, an account deletion, or a takedown of a review you authored, by emailing [email protected]. We respond within five working days. Deletions complete within 30 days. Account details (name, email, ORCID link) can be edited directly from the settings page.

Material changes to this policy will be posted here with an updated date. Questions about the policy itself, or anything related to data handling: [email protected].