Privacy Policy

1. Introduction

Metascience Platform ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Key Points:

• We collect minimal personal information (email and password for authentication)
• We do NOT sell, rent, or share your personal data with third parties
• We use Supabase for secure data storage and authentication
• You have full control over your data and can request deletion at any time

2. Information We Collect

2.1 Information You Provide

When you create an account, we collect:

• Email Address: Used for account creation, authentication, and password recovery
• Password: Securely hashed and stored by Supabase Auth (we never store plain-text passwords)
• User ID: Automatically generated unique identifier for your account

2.2 Usage Data

We collect information about how you interact with the Service:

• Search queries: DOIs and search terms you enter (stored temporarily for analysis)
• Feedback: Ratings (1-5 stars), feedback type, and messages you submit
• Tab interactions: Which features you use (search, analysis, review, citation)
• Timestamps: When you create or update feedback

2.3 Automatically Collected Information

• Session Cookies: Authentication tokens to keep you logged in
• Browser Information: Standard browser data sent with HTTP requests
• IP Address: May be logged by our hosting provider for security purposes

2.4 Information We Do NOT Collect

• We do NOT collect your name, address, phone number, or other identifying information
• We do NOT use tracking pixels or advertising cookies
• We do NOT collect payment information (the service is free)
• We do NOT track your browsing activity outside our Service

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Creating and managing your user account
• Authenticating you when you log in
• Providing citation network analysis and visualization
• Saving your search history and preferences

3.2 Service Improvement

• Analyzing feedback to improve features and user experience
• Identifying and fixing bugs or technical issues
• Understanding which features are most valuable to users

3.3 Communication

• Sending password reset emails when requested
• Notifying you of important service updates or security issues

3.4 Security and Legal Compliance

• Detecting and preventing fraud or abuse
• Protecting against security threats
• Complying with legal obligations if required

4. How We Store Your Information

4.1 Supabase Infrastructure

All user data is stored securely using Supabase, a PostgreSQL database service with:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Authentication: Industry-standard authentication with bcrypt password hashing
• Row-Level Security: Database policies ensure users can only access their own data
• Regular Backups: Automatic backups to prevent data loss

4.2 Data Location

Your data is stored on Supabase's secure servers. For information about Supabase's data centers and security practices, please refer to Supabase's Security Documentation.

4.3 Data Retention

• Account Data: Retained while your account is active
• Feedback Data: Retained indefinitely unless you request deletion
• Session Data: Automatically expires after logout or session timeout
• Deleted Accounts: Personal data is permanently deleted within 30 days of account deletion request

5. Data Sharing and Disclosure

5.1 We Do NOT Sell or Share Your Data

We do NOT sell, rent, or share your personal information with third parties for marketing or commercial purposes.

5.2 Service Providers

We use the following trusted service providers:

• Supabase: Database and authentication services. Supabase has access to your data only for the purpose of providing infrastructure services.

5.3 Academic APIs

When you perform searches, we query the following APIs with your search terms:

• Semantic Scholar API: To retrieve citation and paper data
• OpenAlex API: To retrieve scholarly metadata
• OpenCitations API: To retrieve citation relationships

These queries contain only the DOIs or search terms you provide, NOT your personal information. Each API has its own privacy policy and terms of service.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

6. Cookies and Tracking

6.1 Essential Cookies

We use essential cookies for:

• Authentication: Session cookies to keep you logged in
• Security: CSRF protection tokens

6.2 No Advertising or Analytics Cookies

We do NOT use:

• Google Analytics or other third-party analytics
• Advertising cookies or tracking pixels
• Social media tracking widgets
• Cross-site tracking technologies

7. Your Privacy Rights

You have the following rights regarding your personal data:

7.1 Access

You can access your account information at any time through your profile page.

7.2 Correction

You can update your email address through your profile settings or by requesting a password reset to verify access.

7.3 Deletion

You have the right to request deletion of your account and all associated personal data. To delete your account, use the feedback form to submit a deletion request, and we will process it within 30 days.

7.4 Data Portability

You can request a copy of your data (feedback submissions, account information) by contacting us through the feedback form.

7.5 Opt-Out

You can opt out of receiving non-essential emails. Note that we may still send security-related or account-critical notifications.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using the Service, you consent to such transfers.

10. Security Measures

We implement industry-standard security measures including:

• Encryption: TLS/SSL for data in transit, encryption at rest
• Password Hashing: Bcrypt algorithm for secure password storage
• Row-Level Security: Database policies to prevent unauthorized access
• Authentication Tokens: Secure session management
• Regular Updates: Security patches and dependency updates

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

11. Third-Party Links

Our Service may contain links to third-party websites (e.g., academic papers, databases). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this page
• Posting a notice in the application (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on your consent and our legitimate interest in providing the Service
• Data Protection Officer: Contact us through the feedback form for data protection inquiries
• Right to Object: You can object to processing of your data
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority

14. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell personal information
• Non-Discrimination: We will not discriminate against you for exercising your rights

15. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of becoming aware of the breach, as required by applicable laws.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us using the feedback form available in the application. We will respond to all legitimate requests within 30 days.