PaperSmith legal

Privacy Policy

What PaperSmith receives when you use the service, why we need it, and the choices available to you.

Effective and last updated June 24, 2026

The short version: we use your information to provide citation verification, manage your account and subscription, and keep PaperSmith reliable. We do not sell personal information or use uploaded papers for advertising.

01Scope and who is responsible

This Privacy Policy explains how PaperSmith (“we,” “us,” or “our”) handles personal information when you use our websites, applications, support channels, and citation-verification service (the “Service”). It does not govern third-party websites or services that have their own privacy policies.

PaperSmith is responsible for the processing described here. If you use the Service through an organization that separately controls your account or content, that organization may also be responsible for some processing under its own policies.

02Information we collect

Account information. When you sign in, your identity provider gives us information needed to create and secure your account:

  • Google: name, email address, profile image, and provider account identifier.
  • ORCID: ORCID iD and name. The sign-in scope currently used by PaperSmith does not provide your email address.

Research content. We receive manuscripts, reference or source PDFs, .psv files, and other material you upload. We also create information from that material, including bibliographic entries, citations, claims, source passages, confidence data, annotations, and verification results.

Uploaded PDFs may include paywalled or institutionally accessed works if you choose to upload them. PaperSmith stores those manual uploads as private account or project content and uses them to provide verification features, including text extraction and passage matching.

Account settings and activity. We store preferences such as an institutional proxy prefix, project and library organization, plan status, trial dates, verification usage, invite-code redemption, and actions needed to operate and secure the Service.

Billing information. Stripe processes payment-card details. We receive related records such as a Stripe customer identifier, subscription and payment status, plan, billing dates, and limited transaction information, but we do not receive or store your full card number.

Technical and support information. Our systems and service providers may receive IP address, browser and device details, request timestamps, pages or features used, diagnostic events, error traces, and information you include in a support message.

03How and why we use information

We use personal information to:

  • provide, process, display, import, and export citation-verification projects;
  • find research metadata and potentially available source material;
  • authenticate users, prevent abuse, enforce limits, and protect the Service;
  • administer trials, subscriptions, payments, and account requests;
  • diagnose failures, support users, and improve reliability and usability;
  • communicate about transactions, security, support, or material Service changes; and
  • comply with law and establish, exercise, or defend legal claims.

Where a law requires a legal basis, we process information as needed to perform our contract with you, pursue legitimate interests such as security and product reliability, comply with legal obligations, or act with your consent. You may withdraw consent for future processing where consent is the basis, without affecting earlier lawful processing.

04How we disclose information

We disclose information only as needed for the purposes above, including to these categories of recipients:

  • AI processing: relevant text and project context are sent to OpenAI’s API to extract and assess citations, claims, and passages.
  • Hosting, storage, and operations: providers such as Supabase and our cloud hosting and queue infrastructure process account data, files, database records, and service traffic on our behalf.
  • Authentication and billing: Google and ORCID support sign-in, and Stripe processes subscriptions and payments.
  • Error monitoring: when enabled, Sentry receives diagnostic and performance information that may include technical identifiers, request context, and error details.
  • Research discovery: PaperSmith may send citation metadata, identifiers, or search terms to scholarly and book services such as Crossref, OpenAlex, arXiv, PubMed, Unpaywall, Semantic Scholar, CORE, and Google Books. Requests to a repository, publisher, or user-configured library proxy may reveal request and network information to that service.
  • Legal and business events: we may disclose information when reasonably necessary to comply with law, protect rights or safety, investigate abuse, or complete a merger, financing, acquisition, reorganization, or sale of assets.

We do not sell personal information, share it for cross-context behavioral advertising, or disclose uploaded papers to advertisers. If you export or share a .psv file, its recipient can see the project information contained in that file.

05Cookies and diagnostics

PaperSmith uses cookies or comparable browser storage that are necessary to authenticate you, maintain a session, preserve preferences, and protect the Service. We do not use third-party advertising cookies. When error monitoring is enabled, limited performance and diagnostic events may be collected as described above.

Blocking necessary cookies may prevent sign-in or other features from working. Your browser controls can remove stored cookies when you sign out or stop using the Service.

06Data retention and deletion

We generally retain account information and project content while your account is active so you can return to your work. You can delete individual projects in the Service. You can also request deletion of your account and associated personal information by contacting us.

After deletion, limited copies may remain temporarily in backups, logs, fraud-prevention records, or disaster-recovery systems. We may retain transaction records and other information longer when required for tax, accounting, legal, security, copyright, or dispute-resolution purposes.

Manually uploaded PDFs are not placed in PaperSmith’s shared open-access cache. Research metadata and source files that PaperSmith independently obtained with recorded open-access provenance may remain in shared caches without being associated with your account.

07International data transfers

PaperSmith and its providers may process information in the United States and other countries whose privacy laws differ from those where you live. Where required, we rely on recognized transfer mechanisms and contractual safeguards for international transfers. Contact us if you would like more information about safeguards relevant to your data.

08Security

We use reasonable administrative, technical, and organizational measures intended to protect information, including access controls and encrypted transport. No online service can guarantee absolute security. You are responsible for protecting your identity-provider account and for choosing carefully what you upload or include in an exported .psv file.

09Your choices and privacy rights

Depending on where you live, you may have the right to request access to, correction of, deletion of, or a portable copy of personal information; to object to or restrict processing; or to withdraw consent. You may also have the right to appeal our response or complain to your local data-protection authority.

To make a request, email contact@papersmith.net. We may need to verify your identity before acting. We will not discriminate against you for exercising a privacy right, and an authorized agent may submit a request where local law allows.

10Children’s privacy

PaperSmith is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child under 16 has provided personal information, contact us so we can investigate and delete it where appropriate.

11Changes and contact

We may update this Privacy Policy as the Service or legal requirements change. We will post the revised policy with a new effective date and, when a change is material, provide reasonable notice through the Service or available contact information.

For privacy questions, requests, or complaints, contact contact@papersmith.net.