1. Introduction

AVIADA AGENTIC AI SOLUTIONS LTD ("we," "our," or "us") operates VerifyScience (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using VerifyScience, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Company Information

3. Information We Collect

3.1 Information You Provide

• Account Information: When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google.
• Claude API Key: You provide your own Anthropic Claude API key, which is stored encrypted in our secure database (Supabase).
• Payment Information: Payment details (credit card information) are processed and stored by Stripe, our third-party payment processor. We do not store your payment card details.
• Research Content: Articles, documents, or text you submit for verification are processed by the Anthropic Claude API using your provided API key.

3.2 Automatically Collected Information

• Usage Data: Information about how you interact with our Service, including features used and verification requests made.
• Device Information: Browser type, operating system, and device identifiers.
• Log Data: IP address, access times, and pages visited for security and service improvement purposes.

3.3 Information We Do NOT Collect

• We do not use cookies for tracking or advertising purposes
• We do not use Google Analytics or similar tracking services
• We do not collect sensitive personal information beyond what's necessary for the Service
• We do not sell your personal information to third parties

3.4 Chrome Extension Data

• Paper Metadata Only: Our Chrome browser extension accesses only paper metadata (DOI, title, authors, abstract, journal name) from PubMed pages you visit while the extension is active.
• No Browsing Tracking: The extension does not track your browsing history and does not collect data from pages other than supported research paper sites (currently PubMed).
• Explicit Action Required: No data is transmitted to our servers until you explicitly click "Verify This Paper" in the extension popup.
• Local Token Storage: Authentication tokens are stored locally in your browser using Chrome's built-in storage API and expire after 7 days. Tokens are HMAC-SHA256 signed and validated server-side on every request. Tokens are cleared on extension uninstall or manual logout.
• No Remote Code: The extension does not load or execute any remote JavaScript. All code is bundled within the extension package.

4. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide and maintain our research verification service
• Authentication: To verify your identity and manage your account
• Payment Processing: To process subscription payments via Stripe
• Customer Support: To respond to your inquiries and provide assistance
• Service Improvement: To analyze usage patterns and improve our Service
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with applicable laws and regulations

5. Data Storage and Security

5.1 Where Your Data is Stored

• User Data: Stored securely using Supabase PostgreSQL database with encrypted API keys
• Claude API Keys: Encrypted with AES-256-GCM before storage in our secure Supabase database. Encryption keys are managed via environment variables and never exposed to client code.
• Payment Data: Stored and processed by Stripe (PCI-DSS compliant)
• Authentication Data: Managed by Google OAuth 2.0

5.2 Security Measures

• All data transmission is encrypted using HTTPS/TLS
• Claude API keys are encrypted before storage
• We implement industry-standard security practices to protect your data
• Regular security audits and updates
• Access controls and authentication requirements for all data access

5.3 Data Retention

• Account data is retained as long as your account is active
• Verification history is retained for 7 days (automatically deleted after)
• Deleted account data is removed within 30 days
• Payment records are retained as required by law and Stripe's retention policies

6. Third-Party Services

We use the following third-party services:

• Google OAuth: For secure authentication (Privacy Policy: Google Privacy Policy)
• Anthropic Claude API: For AI-powered analysis (Privacy Policy: Anthropic Privacy Policy)
• Stripe: For payment processing (Privacy Policy: Stripe Privacy Policy)
• Supabase: For secure database storage (Privacy Policy: Supabase Privacy Policy)
• Netlify: For hosting and serverless functions (Privacy Policy: Netlify Privacy Policy)
• OpenAlex & Crossref: For external signals — citation counts, retraction status, and open access metadata. Only paper identifiers (DOI) are sent; no user data is transmitted.
• Resend: For transactional email delivery — verification completion notifications and account communications.

These services have their own privacy policies and data practices. We are not responsible for their privacy practices or content.

7. Your Privacy Rights

7.1 GDPR Rights (UK/EU Users)

If you are located in the UK or EU, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt-out of the sale of personal information (Note: We do not sell personal information)
• Non-discrimination for exercising your privacy rights

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

• Service Providers: With third-party service providers who assist in operating our Service (Google, Stripe, Supabase, Netlify, Anthropic)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others
• With Your Consent: With your explicit consent for any other purpose

9. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected], and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the United Kingdom. These countries may have data protection laws different from those of your country. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. Significant changes will be communicated via email or prominent notice on our Service.

You are advised to review this Privacy Policy periodically. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Your Consent

By using VerifyScience, you consent to this Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our Service.