Loading…
Loading…
This notice describes the data handled by the current CiteRounds beta implementation.
Account registration stores your name, email address, an Argon2 password hash, account timestamps, and the paper identifiers you save. Voluntary research-workflow and product-feedback forms store the answers you submit; product feedback may include a contact email if you choose to provide one. The service may also process security and operational logs such as request time, network address, endpoint, and error information. It does not currently collect payment details.
We use account data to authenticate you, provide saved-paper features, recover access, and protect the service. Survey responses are used to understand research workflows, diagnose product problems, and prioritize beta improvements. An optional feedback email is used only to follow up about that feedback. Do not submit patient-identifiable, special-category, or confidential clinical data.
The paper-synthesis pipeline processes public research articles, not account content. Search queries are embedded by the CiteRounds search service for retrieval; the current application does not intentionally use account search queries to train a generative model.
Infrastructure, database, email-delivery, and model-routing providers may process data on the operator’s behalf. Production deployment should document the selected providers, locations, safeguards, and retention settings before admitting external beta users.
Account data is retained while the beta account is active and as needed for security or legal obligations. You can permanently delete your account and saved-paper library from the account page. Anonymous survey responses are not linked to an account and are retained for beta analysis; responses containing an optional contact email require a manual deletion request. Operational backups and security logs may expire on separate schedules.
You may avoid optional use, sign out, or delete your account. Depending on your location, you may also have rights to access, correct, restrict, object to, or export personal data. The operator must publish a monitored privacy contact before opening the beta beyond invited testers.
Passwords are hashed and browser sessions use HttpOnly cookies. Production requires HTTPS and unique secrets. No system is completely secure, and the beta does not claim HIPAA, ISO 27001, SOC 2, or similar certification.