Privacy Policy

This Privacy Policy explains how STEMIND ("we", "us", or "our") collects, uses, and protects your personal information. We are committed to complying with the EU/UK General Data Protection Regulation (GDPR) for all users globally.

• →Account Data: Name, email address, password (hashed) when you register.
• →Usage Data: Search history, saved papers, AI Digest task IDs, access timestamps.
• →Billing Data: We DO NOT store your credit card details. Payment processing is handled by Paddle (PCI-DSS compliant).
• →Cookies: HTTP-only JWT cookies are used for authentication. No tracking cookies or ad pixels.

• ·Provide and operate the STEMIND platform (including Labs and sharing features)
• ·Process payments and send tax invoices via Paddle
• ·Prevent fraud and abuse (e.g., IP rate limiting, bot protection)
• ·Contact you for security notices or service updates

To operate the AI Digest feature, we send the raw text of scientific papers to Anthropic's API (Claude model).

We never send your personal data (email, name, billing info) through the AI API. Under Anthropic's B2B API contract, data sent via API is not used to train their models.

• →Right to Access: Export your Library data from Settings.
• →Right to Rectification: Edit your account information in Settings > Profile.
• →Right to be Forgotten: Delete your entire account in Settings. This permanently removes your email, password, and disconnects you from all Labs (hard delete).
• →Right to Restriction: Contact us to temporarily restrict processing of your data.

Your data is stored on Supabase (PostgreSQL, hosted on AWS). All connections are TLS 1.2+ encrypted. Row Level Security (RLS) is enabled across all 31 database tables. We do not share data with third parties beyond Paddle (billing) and Anthropic (AI features).

For any data or GDPR requests, contact our DPO at privacy@stemind.io. We respond within 72 hours.