Privacy Policy

1. Scope

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use ScholarFlow websites, applications, APIs, and related services. This Policy does not replace institution-specific policies that may also apply to your use of the Service.

2. Information We Collect

• Account and identity information (name, email, role, affiliation).
• Authentication and security data (login activity, tokens, device signals).
• Content data (documents, drafts, project records, lab and workflow data).
• Operational telemetry (feature usage, diagnostics, logs, API metadata).
• Billing and subscription metadata from payment providers.

3. Sources of Information

We collect information from:

• you directly (forms, uploads, account settings, support requests);
• institutional or team administrators who provision your access;
• integrations and identity providers you authorize;
• automated logging and security monitoring systems.

4. How We Use Information

• provide, maintain, and secure the Service;
• authenticate users and enforce permissions;
• enable collaboration, workflows, and reporting features;
• deliver AI-assisted analysis and generation features;
• monitor abuse, investigate incidents, and improve reliability;
• meet legal, contractual, and compliance obligations.

5. Legal Bases (Where Applicable)

Depending on your region, we rely on one or more of the following legal bases:

• performance of a contract with you or your organization;
• legitimate interests (service security, fraud prevention, product improvement);
• consent where required;
• compliance with legal obligations.

6. AI and Model Processing

We may send selected content to AI providers to process requests you initiate. We limit the transferred data to what is needed for requested functionality and apply contractual controls with processors where available. You should not rely on AI output without review.

7. Sharing and Disclosures

We may share information with:

• service providers (hosting, storage, analytics, identity, AI, communications);
• your organization administrators where your account is organization-managed;
• law enforcement or regulators when required by law;
• successor entities in a merger, acquisition, or asset transfer.

Subprocessor details may be published at https://www.scholarflow.cv/subprocessors.

8. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, session continuity, security, preferences, and aggregate analytics. You can control cookie behavior through browser settings, subject to required-service cookies for authentication and security.

9. Retention

We retain data for as long as needed to provide the Service, satisfy contractual and legal requirements, resolve disputes, and enforce agreements. Retention periods may vary by data category, customer configuration, and legal hold requirements.

10. International Transfers

We may process data in countries other than your own. Where required, we apply appropriate transfer safeguards and contractual controls for cross-border transfers.

11. Security

We maintain security safeguards designed to protect confidentiality, integrity, and availability of data. No method of transmission or storage is completely secure, but we apply risk-based controls and incident-response procedures.

12. Your Privacy Rights

Depending on location, you may have rights to access, correct, delete, restrict, object, or export personal information. You may also have rights related to automated decision-making and to withdraw consent where processing is consent-based.

Submit requests via https://www.scholarflow.cv/settings or email hello@scholarflow.ai.

13. California and U.S. State Disclosures

Where state privacy laws apply, you may have rights to know, access, delete, and correct personal information and to appeal certain decisions. We do not sell personal information for monetary consideration. We do not knowingly share personal information for cross-context behavioral advertising.

14. Children's Privacy

The Service is not directed to children under 18. If you believe a child has provided personal information in violation of applicable law, contact us to request deletion.

15. Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. Material updates will be communicated using reasonable notice methods before they become effective where required by law.

16. Contact

Privacy questions: hello@scholarflow.ai

Data protection contact: hello@scholarflow.ai

Terms: Terms of Service