Privacy Policy

Scholise ("we", "us", "our") operates the Scholise web application at scholise.com. This policy explains what data we collect, why, and how we protect it.

1. Data we collect

• Account information — your email address and display name, provided when you sign up via Supabase authentication.
• Project data — project titles, research questions, saved source metadata (titles, authors, DOIs, publication dates), evidence table entries, generated Outlines (Beta), and draft check results (the text you paste, sentence-level labels, and suggested source links).
• Usage counters — plan-related totals (e.g. projects, searches, saved sources per project, draft checks, and AI analyses), used to enforce plan limits.
• Payment information — processed entirely by Stripe. We store your Stripe customer ID and subscription status but never see or store your card number, CVC, or billing address.

2. Data we do not collect

• We do not collect or store credit card details.
• We do not track you across other websites.
• We do not sell, rent, or share your data with third parties for advertising.

3. Cookies

Scholise uses a session cookie to keep you logged in. We do not use advertising or tracking cookies, and we do not use third-party analytics cookies.

4. Research content

Sources displayed in Scholise are bibliographic metadata and links retrieved from public APIs (OpenAlex, Crossref, Semantic Scholar). We also use Unpaywall to check for free legal full-text PDF links when a source has a DOI. We do not host full-text copies of academic papers. If you paste or enter text into a project — for example, notes or custom descriptions — that text is stored in your project data and may be processed to provide features such as AI summaries and evidence extraction.

5. AI features

Certain features — including source summarisation, relevance ranking, Outline (Beta) generation, draft check (sentence-level analysis for uncited claims), and AI-powered source discovery — use third-party AI providers (currently Anthropic's Claude API). When these features run:

• We send only the minimum metadata required (e.g. title, abstract snippet, your research question) to the AI provider.
• AI-enhanced search: Scholise uses Claude to improve search queries with academic terminology and to search the web for additional scholarly sources (Google Scholar, PubMed, arXiv, and other repositories). Your research question is sent to the AI provider for this purpose. No other personal data is included.
• Draft check: When you run a draft check, we send your pasted text and your project's saved source titles to the AI provider. The AI returns sentence-level labels (Supported, Needs Citation, Over-claiming, Low Confidence, Opinion) and suggested source matches. Draft text and results are stored in your project for you to review.
• We do not send your full project data, email, or account details to AI providers.
• We do not train models on your content. Your data is used solely to produce a response for you. The AI provider may retain request logs briefly for abuse monitoring — refer to their privacy policy for specifics.

6. Payment processing

Subscriptions and payments are handled by Stripe. When you upgrade to Pro, you are redirected to a Stripe-hosted checkout page. We receive webhook notifications about your subscription status but never have access to your payment method details.

7. Third-party services

Scholise relies on a small number of third-party services to operate. Each processes only the minimum data required:

• Supabase — authentication and database hosting (stores your account and project data).
• Stripe — payment processing (handles checkout, subscriptions, invoices).
• Anthropic (Claude API) — AI features including source summaries, relevance ranking, query expansion, draft check, and AI-powered web search for academic sources (receives research question, source metadata, and draft text when you run a draft check).
• Semantic Scholar — academic paper search and metadata (title, authors, abstract, citation count, TLDR summaries). Your search queries are sent to their API; no account data is shared.
• Unpaywall — open-access status and free PDF links for papers with DOIs. We send DOIs only; results are cached for 30 days to reduce API calls.
• Vercel — application hosting and edge delivery.

We do not share your data with any other third parties. Each provider's own privacy policy governs how they handle data they process on our behalf.

8. Security

All traffic is encrypted via HTTPS/TLS. Database access is governed by row-level security policies — you can only read or modify your own data. Authentication tokens are short-lived and rotated automatically.

9. Data retention

Your project data is retained for as long as your account is active. If you delete a project, its data is permanently removed from our database within 30 days. If you delete your account, all associated data is deleted within 30 days.

10. Your rights

You may at any time:

• Access your data by viewing your projects and account settings.
• Export your data — citation references are available from the References tab in each project.
• Delete your data by deleting individual projects or your entire account.
• Contact us to request a full data export or erasure at support@scholise.com.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via a notice in the application or by email. Your continued use of Scholise after changes constitutes acceptance.

12. Contact

Questions about this policy? Email us at support@scholise.com.