Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address
• Name (optional)
• Academic institution and ORCID (for academic verification)
• Password (stored as a secure hash)
• Selected subscription plan

1.2 User Content and Research Data

We collect and store:

• Documents you upload (TXT, CSV, JSONL, PDF, DOCX files)
• Custom metadata schemas and document annotations
• Corpus snapshots and analysis results
• Search queries and analysis parameters
• Collaborator permissions and sharing settings

1.3 Usage and Analytics Data

We automatically collect:

• AI token usage and analysis request history
• Login timestamps and session information
• Browser type, IP address, and device information
• Feature usage patterns and error logs

1.4 Cookies and Tracking Technologies

We use cookies for authentication and session management. Essential cookies are required for the service to function properly. We do not use third-party advertising cookies.

2. How We Use Your Information

We use the collected information to:

• Provide Services: Process your documents, perform linguistic analyses, and generate visualizations
• AI Processing: Send document text to OpenAI's API for advanced analysis features (classification, sentiment analysis, semantic similarity, etc.)
• Manage Accounts: Authenticate users, track subscription plans, and enforce usage limits
• Improve Platform: Monitor system performance, fix bugs, and develop new features
• Communicate: Send service updates, respond to support requests, and verify academic status
• Compliance: Maintain security, prevent abuse, and comply with legal obligations

3. Third-Party Services

3.1 OpenAI Integration

When you use AI-powered features, portions of your document text are sent to OpenAI's API for processing. OpenAI processes this data according to their Privacy Policy and Business Terms. We implement intelligent sampling (5K-20K tokens per analysis) to minimize data transmission while maintaining accuracy.

3.2 Other Service Providers

We may use third-party services for:

• Payment processing (subscription plans)
• Email delivery (transactional emails)
• Hosting infrastructure (data storage and computing)

4. Data Storage and Security

Your data is stored in secure databases with industry-standard encryption. We implement:

• Password hashing using bcrypt
• Secure HTTPS connections for all data transmission
• Regular security audits and updates
• Access controls and authentication mechanisms
• Backup systems to prevent data loss

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data as follows:

• Active Accounts: Data is retained while your account is active
• Deleted Accounts: Personal data is permanently deleted within 30 days of account deletion
• Corpus Data: Deleted immediately upon user request
• Backup Data: May persist in backups for up to 90 days
• Legal Requirements: Some data may be retained longer if required by law

6. Your Rights (GDPR & CCPA Compliance)

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in standard formats (PDF, DOCX, XLSX, CSV)
• Opt-Out: Disable AI processing features if you prefer not to use OpenAI integration
• Object: Object to certain data processing activities
• Withdraw Consent: Revoke previously granted permissions

To exercise these rights, please contact us at privacy@corpuscraft.org.

7. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in these circumstances:

• With Your Consent: When you explicitly authorize sharing (e.g., corpus collaboration)
• Service Providers: Third parties that help operate our platform (under strict confidentiality agreements)
• Legal Obligations: When required by law, court order, or government request
• Safety and Security: To protect against fraud, abuse, or security threats
• Business Transfers: In the event of a merger, acquisition, or asset sale

8. International Data Transfers

CorpusCraft operates globally. Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

9. Children's Privacy

CorpusCraft is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated via email. Your continued use of CorpusCraft after changes constitutes acceptance of the updated policy.

11. Contact Information

For privacy-related questions or requests, contact us at: