Privacy Policy | BioDocs.ai

1. Introduction

Welcome to BioDocs.ai ("BioDocs.ai", "we", "us", or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered biomedical research platform and related services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Key Privacy Disclosures (Summary)

This summary is provided to make our data practices easy to understand. Full details are provided in the sections below.

Data collection: We collect account information (including basic Google profile data when you sign in with Google), content you upload or create, and usage/device information.
Data usage: We use your information to provide the Service, personalize your experience, secure accounts, process payments, and improve product performance.
Data storage: We store account and Service data in our databases and infrastructure providers. We use encryption in transit (TLS) and apply access controls.
Data sharing: We do not sell personal information. We share limited data with service providers (authentication, hosting, analytics, payment processors, and AI processing) only as necessary to operate the Service.
Retention & deletion: We retain data while your account is active (and longer where required for legal/security reasons). You can request deletion by emailing us at privacy@biodocs.ai.

3. Information We Collect

2.1 Information You Provide

Account Information: When you create an account, we collect your name, email address, and profile picture through Google OAuth authentication.
User Content: Documents, research papers, presentations, and other content you create, upload, or generate using our Service.
Communications: Information you provide when you contact us for support or feedback.
Payment Information: If you subscribe to premium features, we collect billing information through our secure payment processors (Stripe, PayPal, Razorpay). We do not store complete credit card numbers on our servers.

2.2 Information Collected Automatically

Usage Data: Information about how you interact with our Service, including features used, time spent, and actions taken.
Device Information: Browser type, operating system, device identifiers, and IP address.
Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your experience and analyze usage patterns.
Log Data: Server logs that record your interactions with our Service.

2.3 Information from Third Parties

Google OAuth: When you sign in with Google, we receive your basic profile information (name, email, profile picture) as authorized by you.
Research Databases: We access publicly available research databases (PubMed, arXiv) to provide citation and research features.

Google User Data Disclosure

This section specifically addresses how BioDocs.ai handles data obtained through Google APIs and Google Sign-In, in compliance with the Google API Services User Data Policy.

We only use Google Sign-In to authenticate you. We do not request access to Gmail, Google Drive, Google Calendar, Contacts, or any other Google services.

Data Accessed (Google user data)

When you sign in with Google, we access the following data as authorized by you. This is typically provided under the OAuth scopes openid, email, and profile.

Email Address: Your Google account email address for account identification and communication.
Name: Your display name from your Google profile.
Profile Picture: Your Google profile photo (if available) for display within our application.

Data Usage (how we use Google user data)

Authentication: To verify your identity and create/access your BioDocs.ai account.
Account Display: To display your name and profile picture within the application.
Communication: To send you important account notifications, security alerts, and (with your consent) marketing communications.

Data Sharing (if and how Google user data is shared)

We do NOT share, sell, rent, or trade your Google user data with any third parties for their commercial purposes. Your Google data may only be shared in these limited circumstances:

Service Providers: With our infrastructure providers (Supabase for authentication, cloud hosting) solely to operate our Service under strict data protection agreements.
Legal Requirements: If required by law, court order, or government regulation.

Data Storage & Protection

Storage: Basic Google profile data (email, name, profile photo URL) is stored in our application database to support account creation and login.
Access Controls: Access to stored user data is restricted to authorized personnel and systems required to operate the Service.
Encryption in Transit: We use TLS/SSL to protect data in transit.
Encryption at Rest: Our infrastructure providers encrypt stored data at rest where supported.
OAuth Tokens: We do not store Google OAuth access tokens longer than necessary for authentication.

Data Retention & Deletion

Retention Period: We retain Google profile data for as long as your BioDocs.ai account is active.
Deletion Request: You can request deletion of your account and associated data by emailing us at privacy@biodocs.ai from your registered email address.
Deletion Timeline: Upon a verified deletion request, we will permanently remove your Google profile data from our active systems within 30 days, unless retention is required by law, security, or fraud prevention.
Revoke Access: You can also revoke BioDocs.ai's access at any time through your Google Account permissions.

Limited Use Disclosure

BioDocs.ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Service
Process your requests and transactions
Generate AI-powered content, including research papers, presentations, and citations
Personalize your experience and provide relevant recommendations
Communicate with you about updates, security alerts, and support
Analyze usage patterns to improve our Service
Detect, prevent, and address technical issues and security threats
Comply with legal obligations

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: With third-party vendors who assist us in operating our Service (cloud hosting, payment processing, analytics).
AI Processing: Your content may be processed by AI providers (OpenAI, Google AI, Cerebras) to generate responses. We use enterprise-grade APIs with data protection agreements.
Legal Requirements: When required by law, legal process, or government request.
Business Transfers: In connection with a merger, acquisition, or sale of assets.
With Your Consent: When you explicitly authorize us to share your information.

6. Data Storage

We store information needed to operate the Service, including account data, user-generated content, and usage/security logs. Storage may include databases and object storage managed by our infrastructure providers.

Account data: Stored to manage authentication, authorization, and billing status.
User content: Stored so you can access your files, projects, and generated outputs across sessions and devices.
Operational logs: Stored for security monitoring, abuse prevention, and debugging.

7. Data Security

We implement industry-standard security measures to protect your information, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication through OAuth 2.0
Regular security audits and vulnerability assessments
Access controls and employee training
Secure cloud infrastructure with SOC 2 compliant providers

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention and Deletion

We retain personal information for as long as your account is active or as needed to provide the Service. We may retain certain information for longer if required for legal compliance, security, fraud prevention, dispute resolution, or enforcement of agreements.

Account data retention: Retained while your account is active.
Content retention: Retained while your account is active, unless you delete specific content or request account deletion.
Deletion request: To request account deletion, email us at privacy@biodocs.ai from your registered email address.
Deletion timeline: After verifying your request, we will delete or anonymize your personal information from active systems within a reasonable period (typically within 30 days), subject to legal/security exceptions.

9. Your Rights and Choices

Depending on your location, you may have the following rights:

Access: Request a copy of your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Portability: Request a portable copy of your data
Opt-out: Opt out of marketing communications
Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@biodocs.ai.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for the Service to function properly (authentication, security)
Analytics Cookies: To understand how users interact with our Service
Preference Cookies: To remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Service.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@biodocs.ai.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

BioDocs.ai

Email: privacy@biodocs.ai

Website: https://www.biodocs.ai

15. Additional Information for EEA/UK Users

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations.
Data Protection Officer: You may contact our data protection team at privacy@biodocs.ai.
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

16. Additional Information for California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

Right to Know: Request information about the categories and specific pieces of personal information we have collected.
Right to Delete: Request deletion of your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Do Not Sell: We do not sell your personal information to third parties.