This Privacy Policy explains how LancetClaw ("we", "us", or "our") collects, uses, and protects your personal information when you use our medical literature research platform at lancetclaw.com.
We collect the following types of information:
- Account Information: Name, email address, and authentication details when you register via email, Google, or GitHub.
- Usage Data: Interaction data including workflows used, queries submitted, and credits consumed.
- Payment Information: Billing details processed securely through Stripe. We do not store your full card number on our servers.
- Device Information: IP address, browser type, operating system, and referring URLs for analytics and security purposes.
- Uploaded Content: Papers, DOIs, figures, or reference lists you submit for analysis. These are processed to deliver our services and are not shared with third parties.
- To provide and operate our medical literature workflows (Understand, Find Citations, Check References, Explain Figures)
- To manage your account, subscription, and credit balance
- To process payments through Stripe
- To send transactional emails (account verification, password reset, billing receipts)
- To improve our services through aggregated, anonymized usage analytics
- To detect and prevent fraud or abuse
We use industry-standard security measures including encrypted connections (TLS), secure authentication via Better Auth, and Stripe-certified payment processing. Access to user data is restricted to essential operations only.
We use the following third-party services:
- Stripe — Payment processing
- Google / GitHub — Optional social authentication
- Resend — Transactional email delivery
- Umami — Privacy-focused web analytics (no cookies, no personal data)
These providers process data only as necessary to deliver their services and are bound by their own privacy policies.
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
LancetClaw processes sensitive research data. We take extra precautions for medical content:
- We do not train AI models on your data. Your uploaded papers, queries, and results are never used to train or improve any AI model.
- Uploaded PDFs are processed in memory and not permanently stored. Once your session ends, uploaded documents are deleted from our servers.
- Query history is tied to your account and can be deleted at any time from your settings.
- We do not share your research queries or uploaded manuscripts with any third party, including AI model providers. Queries are sent to AI providers for processing only and are not retained by them for training.
- Citation verification queries (DOI/PMID lookups to PubMed, CrossRef, Europe PMC) are standard database API calls that do not contain your personal information.
For users in the European Economic Area (EEA):
- Legal basis: We process your data based on legitimate interest (providing the service), contractual necessity (your subscription), and consent (optional analytics).
- Data location: User data is stored in the EU/US via Supabase (PostgreSQL). Payment data is processed by Stripe, which is GDPR-compliant.
- Right to access: You can request a copy of all data we hold about you.
- Right to erasure: You can request complete deletion of your account and all associated data.
- Right to portability: You can request your data in a machine-readable format.
- Data Protection Officer: Contact us at support@lancetclaw.com for any GDPR requests.
You may request access to, correction of, or deletion of your personal data by contacting us at support@lancetclaw.com. We respond to all requests within 30 days.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated via email to registered users.
If you have any questions about this Privacy Policy or data handling, please contact us at support@lancetclaw.com.