src/content/legal/config.ts and have a licensed attorney review this page (and the rest of src/app/(legal)/) for your business and jurisdictions before launch. See docs/legal.md. Remove this notice once reviewed.Privacy Policy
Version 1.0 · Effective July 5, 2026 · Last updated July 5, 2026
1. Who we are
Kaiserauer Solutions LLC, a Michigan limited liability company ("we", "us"), located at Available upon written request to the contact email below., operates this website and application, including the Good Study Framework study evaluator (the "Service"). This policy explains what personal information we collect, why, and the choices and rights you have.
2. Information we collect
Account data: name, email address, and password (stored as a salted hash, never in plain text) — or, if you sign in with Google/Apple, the profile information those providers share with us.
Billing data: if we ever offer a paid plan and you subscribe, our payment processor Stripe collects and stores your payment method; we receive your subscription status and Stripe customer ID, not your full card number.
Content you provide: the study text, abstract, DOI, or PMID you submit to the evaluator, and — if you're signed in — the resulting evaluation reports we save to your account history. Anonymous (signed-out) evaluations are not stored. See AI Disclosure for what's sent to our AI provider when you enable AI assist.
Technical data: IP address, browser/device information, session tokens, and log data, collected automatically to operate and secure the Service. Your IP address is also used, in hashed/bucketed form, to enforce the AI-assist free-usage limit described in the AI Disclosure.
Cookies: see our Cookie Policy.
3. How we use information
- To provide, maintain, and secure the Service (e.g. authentication, fraud prevention, and enforcing AI-assist usage limits).
- To process payments and manage subscriptions, if and when we offer them.
- To send account, security, and (where applicable) billing emails.
- To run AI assist when you request it, including sending your submitted study text to the AI provider named in the AI Disclosure.
- To comply with legal obligations and enforce our Terms and Acceptable Use Policy.
[TODO: if you add analytics, marketing, or advertising tools, list them here and in the Cookie Policy, and add the required consent/opt-out mechanism before enabling them.]
4. Legal basis (EU/UK visitors)
If you're in the EEA, UK, or Switzerland, the GDPR/UK GDPR requires a lawful basis for each use above: performance of a contract (providing the Service you signed up for), legitimate interests (security, fraud prevention, abuse-limit enforcement, product improvement), consent (where we ask for it, e.g. optional cookies), and legal obligation (tax, compliance). You can withdraw consent-based processing at any time without affecting past processing.
5. Who we share information with
We don't sell your personal information. We share it only with:
- Service providers who process data on our behalf (e.g. hosting/infrastructure, Stripe for billing if enabled, our email provider for transactional email).
- AI providers, when you use AI assist — currently: Anthropic (see AI Disclosure for what's sent and why).
- PubMed/NCBI and Crossref, when you submit a DOI, PMID, or PubMed link, so we can retrieve the study's metadata and abstract text.
- Law enforcement or other parties when required by law, or to protect the rights, safety, or property of us or others.
- A successor entity in the event of a merger, acquisition, or asset sale, with notice to you.
6. Data retention
We retain account data, and saved evaluation reports, for as long as your account is active, and for a reasonable period afterward to comply with legal, tax, and security obligations. You can request deletion at any time (Section 8); some data may be retained where law requires it (e.g. billing records).
7. International transfers
We're based in the United States, and information we collect is processed there and by service providers in other countries. Where GDPR applies, we rely on appropriate safeguards for transfers out of the EEA/UK (e.g. Standard Contractual Clauses) with our providers.
8. Your rights
California residents (CCPA/CPRA): you have the right to know what personal information we collect and how we use/disclose it, to request deletion, to correct inaccurate information, and to opt out of the sale or sharing of personal information — we don't sell or share personal information as those terms are defined by the CCPA/CPRA. You won't be discriminated against for exercising these rights.
Other U.S. states (e.g. Virginia, Colorado, Connecticut, Utah, and others with comprehensive privacy laws) provide similar rights to access, correct, delete, and obtain a copy of your data, and to opt out of targeted advertising, sale, or certain profiling — to the extent those laws apply to us.
EEA/UK/Switzerland residents (GDPR/UK GDPR): you have the right to access, correct, delete, restrict or object to processing, and receive a portable copy of your data, and to lodge a complaint with your local data protection authority.
To exercise any of these rights, email ajkaiserauer@gmail.com. We may need to verify your identity before fulfilling a request.
[TODO: if you'll have a meaningful EU/UK user base, confirm whether you need to appoint an Article 27 GDPR representative / UK GDPR representative, and consider whether a cookie/consent banner needs a "reject non-essential" control — see Cookie Policy.]
9. Children's privacy
The Service isn't directed to children under 13 (or under 16 where required by applicable law), and we don't knowingly collect personal information from them. If you believe a child has provided us personal information, contact ajkaiserauer@gmail.com and we'll delete it.
10. Security
We use technical and organizational measures appropriate to the sensitivity of the data we hold (encryption in transit, hashed passwords, access controls) — see docs/security.md in this project for the current baseline. No method of transmission or storage is 100% secure.
11. Changes to this policy
We may update this policy from time to time. Material changes will update the "Version" and "Last updated" date above, and where required by law we'll provide additional notice.
12. Contact
Questions or rights requests: ajkaiserauer@gmail.com — Available upon written request to the contact email below..