Privacy Policy
Last updated: 2026-07-05. This document describes RefScout as it currently operates during its friendly pilot phase and will be updated as features change.
Short version: We collect only what is needed to run the service. We do not sell your data and we do not use your content to train AI models. Manuscript text you submit for analysis is sent to Anthropic (Claude) to process your request and is not stored by us afterwards.
Data controller: Insectivora Oy, the operator of RefScout.
Business ID (Y-tunnus): 3482079-5.
Registered address: Nikinväylä 38 C 10, 33580 Tampere, Finland.
Privacy contact: roman.v.glazkov@gmail.com
(interim address — this will change to privacy@refscout.app once the refscout.app domain cutover completes).
1. Who we are
RefScout is an academic source-discovery tool that helps researchers find and cite real papers. The data controller responsible for your personal data is Insectivora Oy (see the controller box above). "We", "us" and "our" refer to Insectivora Oy operating RefScout. For any privacy question or request, contact roman.v.glazkov@gmail.com (interim contact until privacy@refscout.app goes live with the domain cutover).
2. What data we collect
- Account & sign-in. Your email address, and — if you register with email/password — a bcrypt-hashed password (never your plain-text password). If you sign in with Google, GitHub or ORCID, we receive your verified email and a provider identifier from that service. We also store a display name.
- Optional profile. If you choose to provide them: discipline, institution / institution type, research stage, role, and field of study. These are optional and used to tailor results.
- Consent flags. Whether you have opted in to analytics and to product-improvement processing.
- Search history. The search queries you run and which tool (mode) you used, with a timestamp, so you can revisit past searches.
- Usage counts. Which endpoint you called and when (not the content of your queries), to enforce fair-use daily limits. For signed-out users we log the IP address and endpoint for the same purpose.
- Saved papers & collections. Paper metadata (title, authors, DOI, venue, year, your tags/notes/rating) that you choose to save to your library.
- Analytics events. If you opt in, product-usage events (an event type and a small payload) to understand how features are used.
- Support & feedback. If you send a bug report, error report, feedback, or an alpha-access request: the name, email and message you provide.
- Billing identifiers. Only if a paid plan is ever active and you subscribe: a Stripe customer ID and subscription ID. Payments are disabled during the pilot, so no billing data is collected today. We never see or store card details.
- Server logs. Standard web-server logs (IP address, timestamp, HTTP method, path, response code) for security and debugging.
3. What we do NOT store
- The manuscript text you paste into Cite (and, if enabled, Draft/Verify) is sent to the Anthropic API to process your request and is not stored on our servers after the request completes.
- We do not use your content to train AI models, and Anthropic does not train its models on API inputs under its API terms.
- We do not sell your personal data to anyone.
4. Why we process your data, and the legal basis
| Purpose | Legal basis (GDPR Art. 6) |
| Create your account and authenticate you | Performance of a contract — Art. 6(1)(b) |
| Run Scout / Cite / BibCheck / PreSubmit, including sending manuscript text you submit to Anthropic for processing and search terms to academic databases | Performance of a contract — Art. 6(1)(b) |
| Save your library, tags and notes | Performance of a contract — Art. 6(1)(b) |
| Enforce fair-use limits and prevent abuse of the service and third-party APIs; keep security logs | Legitimate interests — Art. 6(1)(f) |
| Product analytics and product-improvement processing | Consent — Art. 6(1)(a) (only if you opt in; withdraw any time) |
| Optional profile fields (discipline, institution, etc.) | Consent — Art. 6(1)(a) |
| Process payments (when a paid plan is active — currently disabled) | Performance of a contract — Art. 6(1)(b) |
5. Who we share data with
We do not sell your data. We share it only with the providers needed to run RefScout:
- Anthropic (Claude API) — the manuscript text and detected claims you submit for Cite (and, if enabled, Draft/Verify) are sent to Anthropic to generate results. Not used to train their models under the API terms.
- Google, GitHub, ORCID — only if you choose that sign-in method; we receive your verified email and a provider identifier.
- Academic search providers — Semantic Scholar, OpenAlex, CrossRef, DBLP, Europe PMC, Unpaywall and arXiv receive your search terms or DOIs to return results. We do not send them your account identity.
- Stripe — payment processing. Disabled during the pilot; no payment data is shared today.
6. International transfers
Some providers process data in the United States. Where we transfer personal data outside the EU/EEA, we rely on an appropriate safeguard:
- Stripe, Google and GitHub — certified under the EU-US Data Privacy Framework (DPF).
- Anthropic — not DPF-certified; transfers are covered by the European Commission's Standard Contractual Clauses (SCCs) in Anthropic's data-processing terms.
These transfer mechanisms are re-verified periodically, as certifications can change.
7. How long we keep data
- Account & profile data — kept while your account is active; deleted within 30 days of a deletion request.
- Search history — kept while your account is active, or 12 months, whichever is shorter; deleted with your account.
- Manuscript text sent for analysis — not retained after the request completes.
- Usage counts & analytics events — up to 90 days.
- Server logs — up to 30 days.
- Backups — purged on a rolling cycle of no more than 6 months.
These periods are our current defaults for the pilot and may be adjusted as the service matures.
8. Your rights
If you are in the EU/EEA you have the right to:
- Access a copy of the personal data we hold about you;
- Rectify inaccurate data;
- Erase your account and associated data;
- Restrict or object to certain processing;
- Data portability — receive your data in a portable format;
- Withdraw consent at any time for anything based on consent (e.g. analytics) — this does not affect processing done before withdrawal.
How to exercise these rights. Email roman.v.glazkov@gmail.com (interim contact until privacy@refscout.app goes live), preferably from the email address on your account. Requests are handled manually (we do not yet offer an automated self-service tool) and completed within 30 days. Account and data deletion (profile, saved papers, collections, search history, usage records) works the same way.
9. Right to complain
If you believe we have handled your data unlawfully, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Finnish supervisory authority, the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): tietosuoja.fi.
10. Is providing data required?
An email address and a sign-in identity are required to create an account and use the parts of RefScout that need an account — without them we cannot provide those features. Optional profile fields and analytics consent are entirely voluntary and not required to use the service.
11. Automated decision-making
RefScout's outputs — BibCheck, PreSubmit, Cite (and, if enabled, Verify) results — are academic writing aids. They are suggestions and checks to help you, not automated decisions that produce legal or similarly significant effects about you. GDPR Article 22 (automated individual decision-making) does not apply. You remain responsible for verifying results before relying on them.
12. Security
Passwords are hashed with bcrypt. Sessions/JWTs are signed with a server-side secret. All traffic uses HTTPS. Payments, when active, are handled entirely by Stripe's PCI-compliant infrastructure.
13. Changes to this policy
We may update this policy as the service changes. Significant changes will be communicated to registered users. The "Last updated" date at the top reflects the most recent revision.