Privacy Policy

Last Updated: December 3, 2024

1. Information We Collect

RefExtract collects minimal information necessary to provide our service:

• Account Data: Your email, name, and profile picture from Google OAuth
• Search Data: Your research topics, keywords, and search history
• Usage Data: Number of searches performed, tier level, and subscription status
• Payment Information: Processed securely through Stripe (we never see your card details)
• Session Data: Secure session tokens to keep you logged in

2. How We Use Your Information

We use the information we collect to:

• Process your academic reference searches
• Track usage limits based on your subscription tier
• Store your search history for easy access
• Process payments and manage subscriptions
• Improve our service and user experience
• Send transactional emails (payment confirmations only)

3. Data Storage

Database Storage: We store your account information, search history, and usage statistics in a secure PostgreSQL database hosted on Railway. This data persists across sessions and allows you to access your history from any device.

Session Storage: Secure session tokens are stored in your browser's localStorage to keep you logged in. These can be cleared at any time by logging out.

Payment Data: All payment information is handled by Stripe, Inc. We never store credit card details on our servers.

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We share data only with:

• Google: For authentication via Google OAuth (subject to Google's Privacy Policy)
• Stripe: For payment processing (subject to Stripe's Privacy Policy)
• OpenAlex: Your search queries are sent to OpenAlex API to retrieve academic papers
• Railway: Our hosting provider where the database is securely stored

5. Cookies and Tracking

RefExtract uses minimal tracking:

• We use localStorage to store your session token for authentication
• No third-party advertising cookies
• No cross-site tracking
• Google OAuth may use cookies for authentication

6. Your Rights

You have the right to:

• Access your data stored in our database
• Request deletion of your account and all associated data
• Export your search history
• Cancel your subscription at any time
• Request information about data we've collected

7. Data Security

We implement industry-standard security measures to protect your information:

• All connections use HTTPS encryption
• Passwords are never stored (Google OAuth authentication)
• Database hosted on secure Railway infrastructure
• Session tokens expire after 30 days
• Payment processing is PCI-DSS compliant via Stripe

8. Children's Privacy

RefExtract is intended for use by individuals 13 years or older. We do not knowingly collect information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last Updated" date at the top of this policy.

10. Third-Party Services

RefExtract integrates with:

• Google OAuth: Authentication - Google Privacy Policy
• Stripe: Payment processing - Stripe Privacy Policy
• OpenAlex: Academic database - OpenAlex
• Railway: Cloud hosting - Railway Privacy Policy

Last updated: December 5, 2024