Privacy Policy

Last Updated: January 2025

1. Introduction

ResearchAI ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered research platform ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

We comply with GDPR, CCPA, and other applicable data protection regulations.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service:

  • Account Information: Name, email address, password (encrypted)
  • Billing Information: Payment details processed securely via Stripe (we do not store credit card numbers)
  • Research Requests: Topics, descriptions, and parameters you provide for report generation
  • Communications: Messages you send us via support, email, or chat
  • Profile Information: Optional company name, job title, industry

2.2 Information Automatically Collected

When you use the Service, we automatically collect certain information:

  • Usage Data: Pages visited, features used, time spent, reports generated
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies and Tracking: See our Cookie Policy for details
  • Log Data: Server logs including timestamps, error messages, performance data

2.3 Information from Third Parties

We may receive information from:

  • Payment Processors: Stripe provides transaction and billing information
  • Authentication Providers: If you sign in via Google, LinkedIn, etc.
  • Analytics Services: Aggregated usage data to improve the Service

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Provision

  • Generate AI-powered research reports based on your requests
  • Store and manage your generated reports
  • Process payments and manage subscriptions
  • Send transactional emails (report completion, quota notifications)
  • Provide customer support

3.2 Service Improvement

  • Analyze usage patterns to improve features
  • Identify and fix technical issues
  • Monitor service performance and reliability
  • Develop new features based on user behavior (anonymized)

3.3 Communications

  • Send important service updates and security notices
  • Respond to your inquiries and support requests
  • Send marketing emails (you can opt out anytime)
  • Request feedback and conduct surveys

3.4 Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Prevent fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Protect our rights, property, and safety

4. AI Data Processing

✓ Your Data is Never Used to Train AI Models

We want to be crystal clear: Your research requests and generated reports are NEVER used to train Anthropic's AI models or any other AI systems. Your data remains private.

Here's how AI data processing works:

  • Your research request is sent to Anthropic's Claude AI via encrypted connection
  • Claude processes your request and generates a report
  • The generated report is returned to our servers and stored securely
  • Anthropic does NOT store or train on your data (per their enterprise agreement)
  • We do NOT share your requests or reports with any third parties

4.1 Data Minimization

We only send the minimum necessary information to AI services:

  • Your research topic and parameters
  • Selected report type and framework
  • NO personal identifying information unless explicitly included in your request

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share your information only in these limited circumstances:

5.1 Service Providers

We work with trusted third-party service providers:

  • Anthropic: AI model for report generation (enterprise agreement, no training on your data)
  • Stripe: Payment processing (PCI DSS compliant)
  • Supabase: Secure database hosting (SOC 2 Type II certified)
  • Resend: Transactional email delivery
  • Analytics: Usage analytics (anonymized data only)

All service providers are contractually obligated to protect your data and use it only for specified purposes.

5.2 Legal Requirements

We may disclose your information if required by law:

  • To comply with legal obligations or court orders
  • To respond to lawful requests from government authorities
  • To protect our rights, property, or safety
  • To investigate fraud or security issues

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you and provide choices regarding your data.

6. Data Security

We implement industry-standard security measures to protect your data:

6.1 Encryption

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Passwords: Bcrypt hashing (never stored in plain text)

6.2 Access Controls

  • Multi-factor authentication (MFA) available
  • Role-based access control (RBAC) for team accounts
  • Regular access audits and monitoring
  • Least privilege principle for internal systems

6.3 Infrastructure

  • Secure cloud hosting with SOC 2 Type II certification
  • Regular security audits and penetration testing
  • 24/7 security monitoring and incident response
  • Automated backups with encryption

Note: While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

  • Account Data: Retained while your account is active
  • Generated Reports: Stored indefinitely unless you delete them
  • Usage Logs: Retained for 90 days for performance monitoring
  • Billing Records: Retained for 7 years for tax and accounting purposes
  • Support Communications: Retained for 3 years

When you delete your account, we delete or anonymize your personal information within 30 days, except where retention is required by law.

8. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights regarding your personal data:

8.1 GDPR Rights (EU/EEA Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing for direct marketing
  • Right to Restriction: Request limitation of processing
  • Right to Withdraw Consent: Withdraw consent at any time

8.2 CCPA Rights (California Users)

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of "sale" of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

8.3 Exercising Your Rights

To exercise any of these rights, contact us at:

Email: privacy@researchai.com

Data Protection Officer: dpo@researchai.com

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. Cookies and Tracking

We use cookies and similar tracking technologies. For detailed information, see our Cookie Policy.

9.1 Types of Cookies

  • Essential Cookies: Required for the Service to function (login, security)
  • Analytics Cookies: Help us understand usage patterns (anonymous)
  • Preference Cookies: Remember your settings and preferences

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit Service functionality.

10. International Data Transfers

Your information may be processed in countries other than your country of residence. We ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data Processing Agreements with all service providers
  • Adequacy decisions where applicable
  • Encryption of data in transit and at rest

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending an email notification
  • Displaying an in-app notification

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Privacy Email: privacy@researchai.com

Data Protection Officer: dpo@researchai.com

Support: support@researchai.com

Website: researchai.com

Our Commitment to Privacy

  • ✓ Your data is NEVER used to train AI models
  • ✓ We NEVER sell your personal information
  • ✓ Enterprise-grade encryption (256-bit)
  • ✓ GDPR and CCPA compliant
  • ✓ You can delete your data anytime
Terms of ServiceCookie PolicySecurity & Privacy