Privacy Policy

Scholise ("we", "us", "our") operates the Scholise web application at scholise.com. This policy explains what data we collect, why, and how we protect it.

1. Data we collect

• Account information — your email address and display name, provided when you sign up via Supabase authentication.
• Project and workspace data — project titles, research questions, saved source metadata (titles, authors, paper IDs, publication dates), Evidence Table entries, Outline content, Counter-Evidence runs, export preferences, and Research Assistant conversation messages (including citations, follow-up suggestions, and search transparency metadata shown in chat).
• Usage counters — plan-related totals (e.g. projects, searches, saved sources per project, draft checks, and AI analyses), used to enforce plan limits.
• Payment information — processed entirely by Stripe. We store your Stripe customer ID and subscription status but never see or store your card number, CVC, or billing address.

2. Data we do not collect

• We do not collect or store credit card details.
• We do not track you across other websites.
• We do not sell, rent, or share your data with third parties for advertising.

3. Cookies

Scholise uses a session cookie to keep you logged in. We do not use advertising or tracking cookies, and we do not use third-party analytics cookies.

4. Research content

Sources displayed in Scholise are bibliographic metadata and links retrieved from major academic databases. We also use open-access link services to check for free legal full-text PDF links when a source has a paper ID. We do not host full-text copies of academic papers. If you paste or enter text into a project — for example, notes or custom descriptions — that text is stored in your project data and may be processed to provide features such as AI summaries and evidence extraction.

5. AI-assisted features

Certain features — including Research Assistant responses, source summarisation, relevance ranking, Outline generation, Draft Check, and source discovery — use third-party AI providers. When these features run:

• We send only the minimum metadata required (e.g. title, abstract snippet, your research question) to the AI provider.
• AI-enhanced search: Scholise may refine search phrasing and discover additional scholarly sources. Your research question and minimal source metadata are used for this purpose. No payment details are included.
• Draft Check: when you run a draft check, we process your pasted text and your project's saved source titles to return sentence-level labels and suggested source matches. Draft text and results are stored in your project for your review.
• We do not send your full project data, email, or account details to AI providers.
• We do not train models on your content. Your data is used solely to produce a response for you. The AI provider may retain request logs briefly for abuse monitoring — refer to their privacy policy for specifics.

6. Payment processing

Subscriptions and payments are handled by Stripe. When you upgrade to Pro, you are redirected to a Stripe-hosted checkout page. We receive webhook notifications about your subscription status but never have access to your payment method details.

7. Third-party services

Scholise relies on a small number of third-party services to operate. Each processes only the minimum data required:

• Supabase — authentication and database hosting (stores your account and project data).
• Stripe — payment processing (handles checkout, subscriptions, invoices).
• AI service providers — power Research Assistant, source summaries, ranking, query expansion, draft checking, and related assistance features (receives only the minimum required research content).
• Academic database providers — peer-reviewed paper search and metadata (title, authors, abstract, citation count, TLDR summaries). Your search queries are sent only as needed; no account data is shared.
• Unpaywall — open-access status and free PDF links for papers with paper IDs. We send paper IDs only; results are cached for 30 days to reduce API calls.
• Vercel — application hosting and edge delivery.

We do not share your data with any other third parties. Each provider's own privacy policy governs how they handle data they process on our behalf.

8. Security

All traffic is encrypted via HTTPS/TLS. Database access is governed by row-level security policies — you can only read or modify your own data. Authentication tokens are short-lived and rotated automatically.

9. Data retention

Your project data is retained for as long as your account is active. If you delete a project, its data is permanently removed from our database within 30 days. If you delete your account, all associated data is deleted within 30 days.

10. Your rights

You may at any time:

• Access your data by viewing your projects and account settings.
• Export your data — references and related project outputs are available from workspace export/reference flows.
• Delete your data by deleting individual projects or your entire account.
• Contact us to request a full data export or erasure at support@scholise.com.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via a notice in the application or by email. Your continued use of Scholise after changes constitutes acceptance.

12. Contact

Questions about this policy? Email us at support@scholise.com.