Privacy Policy

1. Scope

This Privacy Policy explains how ScholarFlow LLC collects, uses, discloses, and protects personal information when you use the Service.

This Policy applies to AcaTrove-operated services and does not override institution-specific policies, customer agreements, or other terms that may independently apply to your use of the Service.

2. Information We Collect

• Account and identity information such as name, email address, affiliation, role, and login credentials or linked identity-provider information.
• Research and workspace content such as documents, drafts, project records, application materials, publication data, lab records, and other files or text you choose to store or process.
• Billing and transactional information such as subscription tier, invoices, payment status, and limited payment metadata supplied by our payment providers.
• Support and communications data such as messages you send us, bug reports, and email delivery metadata.
• Technical and security data such as IP address, device and browser information, access logs, timestamps, error logs, and fraud- or abuse-prevention signals.

3. Sources of Information

• information you provide directly to us;
• workspace owners, institution administrators, or collaborators who provision your access;
• identity providers and integrations you choose to connect;
• automated logs and monitoring systems generated as part of operating the Service.

4. How We Use Information

• provide, operate, maintain, and secure the Service;
• authenticate users, enforce permissions, and prevent abuse;
• process documents, requests, and workflows you initiate;
• support AI-assisted features you request;
• communicate with you about account activity, product updates, billing, and support;
• comply with law, resolve disputes, and enforce agreements.

5. AI Processing

When you use AI-assisted features, we may send the relevant prompt, document excerpts, workspace context, and related metadata to third-party AI providers strictly to process your request.

AI processing may involve third-party providers listed on our subprocessor page. You should not submit content you are not authorized to share, and you should review AI-generated output before relying on it.

6. How We Share Information

Our current public subprocessor list is available at https://www.scholarflow.cv/subprocessors.

• service providers that help us operate the Service, such as hosting, communications, billing, authentication, and AI vendors;
• workspace or institution administrators where your account is managed by an organization;
• courts, regulators, law enforcement, or other third parties when required by law or necessary to protect rights, safety, or the Service;
• a buyer, investor, or successor entity in connection with a merger, financing, acquisition, bankruptcy, or asset sale, subject to appropriate confidentiality and notice obligations where required.

7. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, and similar technologies for authentication, session continuity, security, user preferences, and measuring service performance.

We do not sell personal information, and we do not knowingly share personal information for cross-context behavioral advertising.

8. Retention

We retain personal information for as long as reasonably necessary to provide the Service, comply with legal and accounting obligations, resolve disputes, maintain security records, and enforce our agreements.

Retention periods vary by data type, subscription status, customer configuration, and legal requirements. We may retain limited backup or security records for a longer period where reasonably necessary.

9. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. Those safeguards include access controls, encryption in transit where supported, authentication measures, and security monitoring appropriate to the Service.

No system is perfectly secure, and we cannot guarantee absolute security. If we confirm a security incident affecting personal information and notice is required by law, we will provide notice consistent with applicable law.

10. Your Rights and Choices

Depending on your location and relationship to the Service, you may have rights to access, correct, delete, restrict, object to certain processing, or request export of personal information.

We may need to verify your identity and authority before acting on a request. You can start a request from the account section of your settings page or by emailing privacy@acatrove.com.

We may deny or limit requests where permitted by law, including when we must retain information for legal, security, fraud-prevention, or contractual reasons.

11. U.S. State Disclosures and Children

Where U.S. state privacy laws apply, we honor rights granted by those laws, subject to lawful exceptions. We do not knowingly collect personal information from children under the minimum age stated in our Terms. If you believe a child provided personal information in violation of applicable law, contact us so we can review and take appropriate action.

12. International Transfers

We and our service providers may process information in the United States and other countries that may have different data-protection laws than your home jurisdiction. Where required, we use appropriate safeguards for cross-border transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, we will update the Last Updated date above and provide notice where required by law.

14. Contact

Privacy questions and data requests: privacy@acatrove.com

Support: hello@acatrove.com

Terms: Terms of Service