The short version: SmartCiter never sees your manuscripts. Your documents go directly from your browser to the AI provider you choose. We only collect your email address for login — nothing else.
1. What We Collect
SmartCiter collects only the minimum data necessary to provide the service:
- Email address — used for institutional login verification only
- Institution affiliation — derived from your email domain to grant appropriate access
- Usage counts — anonymous counts of analysis runs per institution (no content, no text)
- Session data — standard browser session cookies for authentication state
2. What We Do NOT Collect
- ❌ Manuscript content — your document text is never sent to SmartCiter servers
- ❌ Citation data — your references are never stored on our systems
- ❌ AI responses — analysis results go directly to your browser
- ❌ API keys — your AI provider keys are stored only in your browser (localStorage or Word document settings)
- ❌ Uploaded files — .pdf, .docx, .txt files are parsed entirely client-side in your browser
3. How Your Manuscript Is Processed
When you click Analyze in the web analyzer or run an AI feature in the Word add-in:
- Your manuscript text is read locally in your browser or Word application
- The text is sent directly from your device to the AI provider you selected (Groq, OpenAI, Anthropic, Google, or xAI)
- The AI provider processes it under their own privacy policy and returns a result
- The result is displayed in your browser or Word sidebar
- SmartCiter's servers are never involved in this data flow
We strongly recommend reviewing the privacy policy of your chosen AI provider. For most institutional use, we recommend Groq, which does not use submitted data for model training by default.
4. Third-Party Services We Connect To
SmartCiter queries the following external services to fetch citation metadata. Only paper titles, DOIs, author names, or PMID numbers are sent — never your manuscript text:
- CrossRef (crossref.org) — DOI lookup and metadata retrieval
- PubMed / NCBI (ncbi.nlm.nih.gov) — PMID lookup and biomedical metadata
- Semantic Scholar (semanticscholar.org) — paper search and title matching
- OpenAlex (openalex.org) — open academic paper search
- Unpaywall (unpaywall.org) — open-access PDF linking
5. Institutional Data
For institutions with a paid license, the following is stored in our database:
- Institution name and verified email domain (e.g. university.edu)
- Administrator contact email
- User email addresses of registered members from the institution
- Aggregate usage statistics (number of analyses per month, not content)
- License start date and seat count
Individual user manuscripts and citation data are never stored, even for institutional accounts.
6. Data Security
User authentication data is managed through Supabase with row-level security policies. All data in transit uses TLS encryption. API keys you enter are never transmitted to our servers.
7. Data Retention
Your email and institution affiliation are retained for as long as your institution's license is active. You may request deletion of your account data at any time by emailing support@f2yapps.com. Deletion is processed within 30 days.
8. Your Rights
- Access — request a copy of the data we hold about you
- Correction — update your email or institutional affiliation
- Deletion — request complete removal of your account data
- Portability — receive your data in a machine-readable format
To exercise any of these rights, email support@f2yapps.com.
9. Cookies
SmartCiter uses only a single session cookie for authentication state. We do not use advertising cookies, tracking pixels, or third-party analytics. No cookie consent banner is required beyond this disclosure.
10. Changes to This Policy
We will post updates to this page with a revised date when any material changes are made. Continued use of SmartCiter after changes constitutes acceptance.
11. Contact
For privacy questions: support@f2yapps.com