Privacy Policy

Journal Club AI is an academic productivity tool for physicians, researchers, and medical educators. It is operated as an independent software service. For questions about this policy, contact us at info@journalclubai.app.

Account data

When you register, we collect your email address and a securely hashed password. We do not collect your name, phone number, or any other identifying information unless you voluntarily provide it (e.g. when contacting support).

Usage data

We record how many AI analyses you generate each month (for free-tier quota enforcement) and the date of each generation. We do not store the full text of papers you submit to the generator unless you explicitly save an analysis to your Library.

Library content

Papers you save from PubMed Search (title, abstract, authors, journal, PMID) and AI analyses you save to your Library are stored in our database, associated with your account, so you can access them later.

Payment data

Payments are processed by Stripe. We never see or store your card number, CVV, or bank details. We only receive a customer ID and subscription status from Stripe.

Technical data

Like most web services, our servers may log your IP address and browser user-agent string in standard access logs for security and debugging purposes. These logs are retained for a maximum of 30 days.

• To create and manage your account
• To enforce free-tier generation limits and manage Pro subscriptions
• To store and retrieve your saved papers and AI analyses
• To communicate with you about your account (e.g. password reset, billing receipts)
• To improve the service and fix bugs (aggregated, anonymous usage patterns)

We do not sell your data. We do not use your data for advertising.

We use the following sub-processors:

• Supabase – database and authentication (EU / US data centers). Your email address and Library content are stored here.
• Stripe– payment processing. Subject to Stripe's own Privacy Policy.
• Anthropic– the AI model that generates analyses. Text you submit to the generator is transmitted to Anthropic's API. We do not enable training on your data. See Anthropic's Privacy Policy.
• Vercel – hosting and edge infrastructure. Access logs may be retained briefly for operational purposes.

We retain your account data and Library content for as long as your account is active. If you delete your account, all associated data (papers, analyses, folders) is permanently deleted within 30 days. Server access logs are deleted after 30 days.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict certain processing
• Data portability (receive your data in a machine-readable format)

To exercise any of these rights, email info@journalclubai.app. We will respond within 30 days.

We use a single session cookie to keep you logged in (set by Supabase Auth). We do not use third-party tracking cookies or advertising cookies. No cookie banner is shown because we only use strictly necessary cookies.

Your password is never stored in plain text — Supabase uses bcrypt hashing. All data in transit is encrypted via TLS. Access to our database is restricted to server-side code only.

Journal Club AI is intended for adults (18+) working in medical or research settings. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us and we will delete it promptly.

We may update this policy from time to time. Material changes will be communicated by email or by a prominent notice on the site. Continued use of the service after the effective date constitutes acceptance of the revised policy.