Privacy Policy

1. Introduction

Research Room AI ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our Service at researchroomai.com.

2. Information We Collect

2.1 Account Information

When you create an account via Google OAuth, we collect:

• Email address: Used for account identification and communication
• Name: Retrieved from your Google profile for personalization
• Profile picture: Retrieved from your Google account
• Google User ID: Used for secure authentication

2.2 Usage Data

We automatically collect information about your use of the Service:

• Research queries: Topics, year ranges, and search parameters you submit
• Project data: Literature review projects you create, including status and metadata
• Paper interactions: Papers you view, download, or analyze
• API usage: Number of requests, processing times, and error logs
• Device information: Browser type, operating system, IP address
• Session data: Login times, page views, feature usage

2.3 Payment Information

Payment transactions are processed by Paddle.com, our payment processor. We do not store your full credit card information. Paddle collects and processes:

• Payment card details
• Billing address
• Transaction history

For Paddle's privacy practices, visit: paddle.com/privacy

3. Third-Party Services

Our Service integrates with the following third-party services that may collect data:

3.1 Authentication

• Google OAuth: For secure user authentication. Google's privacy policy: policies.google.com/privacy
• Supabase: Authentication and database infrastructure. Supabase privacy policy: supabase.com/privacy

3.2 AI Processing

• Groq API: For fast AI text analysis and extraction. Your paper contents are processed by Groq's AI models.
• Google Gemini API: Fallback AI service for text analysis when Groq is unavailable.

Paper text is sent to these AI services for analysis. These services may temporarily process but do not permanently store your research content.

3.3 Academic Data Sources

• Google Scholar: Academic paper search (via ScrapingDog API)
• Unpaywall: Open-access PDF discovery
• OpenAlex: Academic metadata
• Semantic Scholar: Paper metadata and citations

3.4 Infrastructure

• Vercel: Hosting and CDN services
• Railway: Backend infrastructure and worker processes
• Cloudflare R2: PDF file storage
• Redis: Job queue and caching
• PostgreSQL: Primary database via Supabase

4. Cookies and Tracking

We use cookies and similar technologies to:

• Authentication cookies: Keep you logged in (Supabase session tokens)
• Preference cookies: Remember your settings
• Security cookies: Prevent unauthorized access and CSRF attacks

We do not currently use Google Analytics or other third-party analytics services, but may implement them in the future with prior notice.

5. How We Use Your Information

We use collected information to:

• Provide and maintain the Service
• Process your literature review requests
• Authenticate your account and maintain security
• Send service-related notifications and updates
• Process payments through Paddle
• Improve our AI models and Service quality
• Respond to support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

6. Data Storage and Security

Your data is stored securely using industry-standard practices:

• Database: PostgreSQL hosted by Supabase with row-level security
• PDF Storage: Cloudflare R2 with pre-signed URLs for secure access
• Encryption: Data in transit is encrypted using TLS/SSL
• Authentication: OAuth 2.0 with secure token storage
• Access Control: User data is isolated and access-controlled

While we implement robust security measures, no online service is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your data as follows:

• Account data: Until you delete your account
• Project data: Until you delete specific projects
• PDF files: Automatically deleted when associated projects are removed
• Logs and analytics: Up to 90 days for security and debugging
• Payment records: As required by Paddle and tax regulations (typically 7 years)

8. Data Sharing

We do not sell your personal data. We may share your information only in these circumstances:

• Service providers: Third-party services listed in Section 3 to operate the Service
• Legal requirements: When required by law or to protect our rights
• Business transfers: In case of merger, acquisition, or sale of assets
• With your consent: When you explicitly authorize sharing

9. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your account and data
• Export: Download your project data in CSV format
• Objection: Object to certain data processing activities
• Withdraw consent: Revoke consent for data processing (may affect Service access)

To exercise these rights, contact us at: support@researchroomai.com

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. International Users

Your data may be transferred to and processed in countries other than your own. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data:

• Email: support@researchroomai.com
• Website: researchroomai.com/contact