GDPR Notice

Data Controller

PubAnalyzer (“we”, “us”, “our”) is the controller of your personal data when you use our web-based research tool. For questions or requests, contact: privacy@pubanalyzer.live.

Personal Data We Process

• Account data (name, email, password hash, settings).
• Usage data (log events, device/browser metadata, IP-derived coarse location).
• Content data you provide (uploaded PDFs, arXiv IDs you fetch, notes/annotations, highlights, conversations with AI).
• Support data (messages you send us).

Where Data Comes From

We collect data directly from you (account creation, uploads, notes) and via your use of PubAnalyzer. When you fetch papers by arXiv ID, we retrieve public-domain/CC-licensed content from arXiv on your behalf.

Purposes & Legal Bases

• Provide the service (accounts, document reading, annotation). Art. 6(1)(b) – contract
• AI assistance on highlighted sections and chat. Art. 6(1)(b)
• Improve and secure the service (analytics, debugging, fraud prevention). Art. 6(1)(f) – legitimate interests
• Communications about service changes. Art. 6(1)(b) or (f)
• Marketing with your consent (where required). Art. 6(1)(a)

Cookies & Similar Tech

We use essential cookies (authentication, security, preferences) and, with consent where required, analytics cookies to understand feature usage and improve performance. You can manage non-essential cookies via our cookie banner/settings.

Annotations & AI Processing

When you highlight text or ask questions, the selected content and your prompts are processed by our AI systems to generate summaries and explanations. Your annotations remain in your workspace unless you choose to share them (sharing feature in development).

Sharing & Recipients

We share data with service providers under contract (hosting, storage, analytics, AI inference) strictly to operate PubAnalyzer. We do not sell personal data. If you enable collaborative features, your chosen content is shared with the people you select.

International Transfers

Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (and the UK Addendum, where applicable).

Security

We implement technical and organizational measures appropriate to the risk, including encrypted transport, scoped access, and continuous monitoring. No method is 100% secure, but we work to protect your data.

Data Retention

We retain personal data for as long as needed to provide the service and meet legal/operational obligations. You may delete documents, notes, and your account at any time; some logs may be kept for security and audit.

Your GDPR Rights

• Access, rectify, or erase your personal data
• Portability, restriction, and objection to certain processing
• Withdraw consent at any time (for consent-based processing)
• Lodge a complaint with your local supervisory authority

Exercising Your Rights

Use in-product settings to download or delete content, or email privacy@pubanalyzer.live. We may ask for information to verify your identity before fulfilling requests.

Account Deletion

You can request deletion from your account settings or by contacting us. Deleted content may remain in backups for a limited period before being purged.