Legal

Privacy Policy

PeerReviewAI LLC · peerreviewai.org
Last Updated: May 21, 2026

Introduction

PeerReviewAI LLC (“we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and safeguard your information. This Privacy Policy applies to individuals who access this website (“Site”) and our online web application services (“Services”).

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:

  1. Personal Data We Collect
  2. How We Use Your Personal Data
  3. How We Share Your Personal Data
  4. Data Retention
  5. “Do Not Track” Signals
  6. Security
  7. Children’s Privacy
  8. Your Privacy Rights
  9. Notice to California Residents
  10. Accessibility
  11. How to Contact Us

1. Personal Data We Collect

We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data:

Personal Data You Provide

Depending on how you interact with our Site and Services, we will collect the following personal data that you voluntarily provide to us for the following purposes:

  • New account. If you create an account, you will provide us with your name, email address, and authentication provider information (e.g., Google account details if you sign up with the “Continue with Google” feature.)
  • Contact Us. If you contact us, you will provide us with your name, email address, reason for contacting us, and any information you choose to provide in your message. You may also provide us with the name of your company and other optional contact information.

Personal Data as You Navigate Our Site

Website Use. We use privacy-preserving analytics tools to understand aggregate site usage, including page views, referral sources, and site performance. These tools do not use cookies, do not collect personally identifiable information, and do not track individual users across websites. We also collect the referring URL and any campaign parameters (such as UTM source, medium, and campaign tags) associated with your signup to understand how users find our Service. We use a session management cookie solely to keep you signed in and maintain login functionality. We do not use advertising, marketing, or third-party tracking cookies.

Email Communications. We track email delivery and engagement metrics (such as whether emails are delivered, opened, or clicked) to improve our communications. Our marketing and digest emails include an unsubscribe link through which you can unsubscribe from future communications. You may also manage your email preferences from your account profile.

2. How We Use Your Personal Data

In addition to the purposes stated above, we may use all the personal data we collect in accordance with applicable law such as to:

  • Communicate with you about Services updates, billing, or other operational notices;
  • Deliver the free monthly research digest and/or the paid Premium Journal Club subscription based on your selected topics;
  • Investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms and Conditions, and to otherwise fulfill our legal obligations;
  • Monitor compliance with and enforce this Privacy Policy and any applicable agreements and policies;
  • Provide, maintain, and improve the Site and Services;
  • Defend our legal rights and the rights of others;
  • Fulfill any other purposes for which you provide it;
  • Address any purpose that is reasonably necessary to or compatible with the original purpose for which we collected the personal data as disclosed to you; and
  • Comply with applicable law.

3. How We Share Your Personal Data

We may share the personal data that we collect about you in the following ways:

  • To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
  • For a purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary, including to protect the health or safety of others.

4. Data Retention

Our Services

We do not store or process your payment data. We do not store the content of your manuscript or the generated review on our servers. When you generate a review of your uploaded material, we log limited usage metadata. The metadata categories are:

  • Date and time of the review;
  • Review type (for example, Journal Club Essentials, Peer Review, Author Review, Readiness Score);
  • Word count of the uploaded manuscript (exact integer);
  • Review generation time and performance metrics;
  • Detected study-type classification and primary statistical method name;
  • Reporting guideline match and compliance-audit outcome flag for Author Review;
  • Readiness score (integer, 1 to 10, where generated);
  • Review ratings and written feedback you voluntarily provide;
  • Feature usage (for example, PDF exports, tracked-changes downloads, share-with-colleague feature);
  • Abandoned-session metadata, which may include your account email address where the session was started but not completed; and
  • Use of the “Share with Colleague” feature and associated email address entered, which is only used to deliver the shared review and stored as a record of the share event (sender, recipient, review type, timestamp) in our reviewShares collection. If you are a recipient of a shared review and you would like your email address removed, you may contact us using the method provided in Section 10 and we will delete the record within 30 days.

Our AI Service Provider

PeerReviewAI processes manuscript data through a US-based enterprise AI model provider operating under a Business Associate Agreement (BAA) and Zero Data Retention (ZDR) terms with PeerReviewAI. A copy of our executed BAA and ZDR instruments, along with the AI model provider’s independent SOC 2 Type 2, SOC 3, and HIPAA attestations, are available upon request to institutional compliance teams, auditors, and procurement reviewers. Under these agreements:

  • Customer data submitted for processing is not stored at rest after the API response is returned, except where retention is required by law or to enforce the provider’s usage policy.
  • Customer data is processed in real time and promptly discarded, with no logging or non-ephemeral storage of prompts or outputs.
  • Any prompt-caching optimizations hold only mathematical representations in memory for a limited time and are promptly deleted after expiry. Your manuscript text is not stored in the cache.
  • Your manuscripts are never used to train or fine tune any AI model. Neither we nor our AI model provider use your submitted manuscripts or generated reviews for model training.
  • The AI model provider may access a limited amount of customer content solely to operate Trust & Safety controls, to resolve support or debugging issues that require access to the content to identify and resolve, and to improve or tailor its eligible services for PeerReviewAI specifically. None of this content is used to train AI models.
  • If a session is flagged by the provider’s automated systems for a potential policy violation, inputs and outputs may be retained for up to two (2) years consistent with the provider’s standard safety practices.

5. “Do Not Track” Signals

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

6. Security

We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

7. Children’s Privacy

The Site and Services are not intended for children under 13 years of age. We do not knowingly collect, use, or disclose personal data from children under 13.

8. Your Privacy Rights

Under applicable privacy laws, you have the right to access the personal information we hold about you, request correction of inaccurate information, request deletion of your account and associated data, unsubscribe from the research digest or the Premium Journal Club subscription at any time, delete manuscript and review data at any time using the “Delete Paper” button, and request a copy of your account data in a portable format. To exercise any of these rights, contact us at support@peerreviewai.org. We may request information to verify your identity before acting on a request, and will respond to verified requests within 30 days. If we deny a request in whole or in part, you may appeal in writing to the same email address. We will respond to appeals within 30 days.

9. Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (“CCPA”), requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. This section of the Privacy Policy is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this section does not apply to you and you should not rely on it.

The CCPA defines “personal information” to mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available, deidentified, or aggregated information, or lawfully obtained, truthful information that is a matter of public concern.

We collect and use your personal information as described in Sections 1 and 2 of this Privacy Policy. We do not sell or share your personal information.

Shine the Light Law

We do not disclose personal data obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83.

10. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please click here to download a black-and-white PDF version.

11. How to Contact Us

To contact us for questions or concerns about our Privacy Policy or practices, please email us at support@peerreviewai.org.