Privacy Policy
01 Information We Collect
- Account data: Email address and display name from Google or GitHub OAuth, managed by Supabase Authentication.
- Payment data: Subscription status and billing metadata via Stripe. We never store card numbers or bank details.
- Usage data: AI analysis count, feature usage metrics, and session analytics for quota enforcement and product improvement.
- Uploaded content: PDFs, images, figures, extracted text, prompts, generated analyses, embeddings, and research metadata you process in SciLens (see Section 3).
02 PeerDrop — Zero Knowledge Architecture
PeerDrop transfers files directly between devices using WebRTC. AxonReady servers never see, store, or process your files. Files do not pass through our databases, logs, or storage. Our signaling server facilitates peer connection only — it does not have access to file content.
03 AI Data Processing — SciLens
When you use SciLens, relevant content is transmitted to third-party AI providers for the feature you request. You consent to this by using the service.
| Provider | Purpose | Data Sent | Retention |
|---|---|---|---|
| Google Gemini | Vision, charts, figures, audio, video | Images, rendered pages, media, prompts | Per Google AI Terms ↗ |
| DeepSeek | Text synthesis, analysis, reasoning | Extracted text, prompts, metadata | Per DeepSeek Privacy ↗ |
| Groq / NVIDIA | Fallback inference, chat routing | Prompts and text context | Per each provider's policy |
| OpenRouter | Multi-model routing fallback | Prompts and text context | OpenRouter Privacy ↗ |
Storage in SciLens: We may store uploaded PDFs, extracted text, thumbnails, analysis results, embeddings, and usage records in your Supabase-backed account to provide history, library, duplicate detection, and quota enforcement.
04 Third-Party Services
- Supabase: User authentication, database, and Edge Functions. Data stored in AWS us-east-1.
- Stripe: Payment processing and subscription management.
- Google Gemini API: Multimodal AI processing.
- DeepSeek API: Text-based AI analysis.
- Groq / NVIDIA: Optional fallback AI inference.
- SendGrid: Transactional emails (welcome messages, account notifications).
- Google Analytics: Website traffic analysis only. We do not use advertising or remarketing products.
- Cloudflare: CDN, DNS, and DDoS protection.
05 Cookies
Essential cookies: Required to maintain your login session, tier authorization, and UI preferences (dark mode, language). Cannot be disabled without breaking the service.
Analytics cookies: Google Analytics cookies to understand site traffic. You may disable these in your browser settings without affecting service functionality.
We do not use advertising, tracking, or third-party behavioral cookies.
06 Your Rights — GDPR (EU/EEA Users)
Our legal basis for processing: consent (provided at registration) and legitimate interest (providing requested services). For EU users, you have the following rights:
Request a copy of your personal data.
Correct inaccurate data we hold.
Delete your account and all associated data.
Receive your data in a machine-readable format (JSON).
Limit how we use your data.
Object to processing for certain purposes.
To exercise any right, contact contact@axonready.com. We respond within the period required by applicable law (typically 30 days for GDPR).
07 Your Rights — CCPA (California Residents)
Under the California Consumer Privacy Act, California residents have the right to:
- Know what personal information we collect, use, disclose, and sell (we do not sell personal data);
- Delete personal information we have collected, subject to legal exceptions;
- Opt-out of the sale of personal information — we do not sell data, so no opt-out is required;
- Non-discrimination — we will not discriminate against you for exercising these rights.
To submit a CCPA request, contact contact@axonready.com.
08 International Data Transfers
AxonReady is operated from the United States. By using our services, you acknowledge that your data is processed and stored in the United States (primarily via Supabase on AWS us-east-1) and potentially in other countries where our AI providers operate.
For EU/EEA users: Where we transfer personal data outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission, or on the recipient's compliance with an adequacy decision. Our AI providers — including Google and others — maintain EU data processing agreements and appropriate transfer mechanisms.
09 Data Retention
We retain your data for as long as your account is active. When you delete your account:
- Profile and authentication data are permanently deleted within 30 days.
- Analysis results, saved papers, and embeddings are permanently deleted.
- Stripe retains billing records as required by financial regulations (typically 7 years).
- Anonymized, aggregated usage statistics may be retained indefinitely as they cannot identify individuals.
Note: Data already transmitted to and processed by third-party AI providers is subject to their own retention policies. AxonReady cannot delete data held by those providers on your behalf.
10 Security
We implement industry-standard security measures: encrypted connections (TLS 1.2+), row-level security policies in our Supabase database, API key rotation, rate-limited endpoints, and access controls. However, no electronic transmission is 100% secure. You use the service at your own risk.
Report security vulnerabilities to legal@axonready.com.
11 Children's Privacy
AxonReady services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us at contact@axonready.com and we will delete it promptly.
12 Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect. The "Effective" date at the top of this page reflects the most recent version.