Privacy Policy
Last updated: 21 April 2026
1. Who we are
ScholarAI (“we”, “us”, “our”) is an AI-powered academic research assistant operated from the United Kingdom. We are the data controller for the personal data described in this policy.
Contact: support@scholarai.uk
2. What we collect
- Account data — email address and an encrypted password when you register. Authentication is handled by our provider, Supabase.
- Documents you upload — the full text content of the PDF and Word files you upload (assignment briefs, sources, context documents).
- Chat history — the prompts you submit and the AI-generated responses, including citations.
- Payment data — processed directly by Stripe. We do not see or store your card details. We receive a transaction reference from Stripe confirming your purchase.
- Usage data — anonymous analytics (page visits, device type, country, referrer).
- Technical data — IP address, browser type, and session cookies required for authentication.
3. Why we process your data and our legal basis
| Purpose | Legal basis (UK GDPR Article 6) |
|---|---|
| Providing the service (processing your prompts and documents to generate answers) | Contract |
| Account creation and management | Contract |
| Processing payments | Contract |
| Analytics and service improvement | Legitimate interests |
| Security, fraud prevention, and debugging | Legitimate interests |
| Complying with legal obligations | Legal obligation |
4. How your data is used to generate answers
When you submit a prompt, your uploaded documents and your prompt are processed by one of the frontier LLMs to generate a response. This processing is necessary to deliver the service. The AI providers process this data to generate the response and do not use it for model training.
5. International transfers
Some of our third-party service providers operate from outside the UK. Where personal data is transferred outside the UK, we rely on the UK Addendum to the EU Standard Contractual Clauses and require providers to offer equivalent protections to those under UK GDPR.
6. Data retention
- Account and uploaded documents — retained while your account is active. You can delete individual documents at any time from within the app.
- Chat history — retained while your account is active.
- Payment records — retained for 7 years to meet UK tax and accounting obligations.
- Analytics — aggregated and anonymised; retained for up to 14 months.
On account deletion, we remove your personal data within 30 days except where retention is required by law.
7. Cookies
We use only strictly necessary cookies for authentication and session management. We do not use advertising or tracking cookies. Our analytics use anonymous, aggregate data only.
8. Security
We use industry-standard security measures including TLS encryption, hashed passwords, and row-level security in our database. No system is perfectly secure; we encourage you to use a strong password.
9. Children
ScholarAI is not intended for users under the age of 16. We do not knowingly collect data from children.
10. Changes to this policy
We may update this policy from time to time. Material changes will be notified to registered users by email or in-app notice at least 14 days before taking effect.