This policy explains what ReWiseEd ("we") collects when you use ReWiseEd Research Tools at itsmyresearch.com, and what we do with it. The short version: the research tools run in your browser and we do not collect the material you analyze; if you create an account, we store the profile information you give us.
1. What we collect
| Data | When | Why |
|---|---|---|
| Email address, name | Account signup | Creating your account, confirmation and password-reset email, sign-in |
| Password | Signup / change | Stored only as a salted scrypt hash — we cannot read your password |
| Profile details you choose to add: photo, school/university, LinkedIn, Twitter/X, about | Profile page | Displaying your profile; institution is used for admin scoping |
| Session cookie | Sign-in | Keeping you signed in (httpOnly, expires in 30 days) |
| Terms acceptance (version, time) | Signup | Record that you agreed to the Terms |
| Saved papers and your notes on them (My Library) | When you click Save on a paper | Building your personal reference library. Bibliographic details only (title, authors, year, venue, DOI) plus notes you write; deleted with your account or individually at any time. |
| Basic technical logs (IP, requests) | All requests | Security: rate limiting and abuse prevention; retained briefly by our hosting provider |
| Product usage metrics: which tool ran and the approximate size of its output | When a tool completes | Aggregate feature and usage analytics. Linked to your account when signed in; recorded without any identifier otherwise. Never includes the content you analyze. |
2. What we deliberately do not collect
- Your research material. Text, documents, transcripts, manuscripts, and references you paste into tools are processed in your browser and never sent to or stored on our servers.
- Your AI API keys. Keys you configure are stored in your browser's local storage only. AI requests go directly from your browser to the provider you chose.
- Third-party analytics or advertising trackers. There are none. The only cookie is the session cookie, and only if you sign in. Our own usage metric (above) is a single first-party event per tool run containing no content.
- Tool drafts. Draft text is saved in your browser's local storage on your device, not on our servers.
3. Third parties
- Railway hosts the Service (application and database).
- Resend delivers our transactional email (confirmation and password reset) from noreply@rewiseed.com. They process your email address for that purpose.
- OpenAlex and Crossref receive search queries directly from your browser when you use the keyless scholarly tools. Those queries are subject to their policies.
- Statistical data services (World Bank, and in future Eurostat and OECD) are reached through a caching proxy on our server, because those APIs are often too slow to call directly. Only the public statistical query passes through — an indicator code, country codes, and years. No document, transcript, or personal content is ever sent, and responses are cached briefly to speed up repeat queries.
- Your AI provider (OpenAI, OpenRouter, Groq, Together, or a local model) receives the content you submit through BYOK tools, directly from your browser, under your agreement with them.
- Hugging Face's CDN serves the model weights (~2 GB, one time, then cached on your device) if you choose the free built-in browser model. With that option your content is processed entirely on your own device — no AI provider receives it at all.
- We do not sell personal data, and we do not share it with anyone else except as required by law.
4. Retention and deletion
- Account data is kept while your account exists.
- You can delete your account yourself at any time from your profile page — this permanently removes your account, profile, photo, sessions, and tokens from our database.
- Email confirmation and reset tokens expire automatically (24 hours / 1 hour) and are single-use.
- Sessions expire after 30 days, or immediately on sign-out, password change/reset, or account disable.
5. Your rights
Depending on where you live (e.g., GDPR, CCPA), you may have rights to access, correct, export, restrict, or erase your personal data, and to complain to a supervisory authority. You can exercise access, correction, and erasure directly on your profile page; for anything else, contact us and we will respond within a reasonable period.
6. Security
Passwords are hashed with scrypt and per-user salts; session tokens are stored hashed; connections use HTTPS; state-changing requests are protected against cross-site forgery; authentication endpoints are rate-limited and protected by a challenge puzzle. No system is perfectly secure — if we learn of a breach affecting your data we will notify affected users without undue delay.
7. Children
The Service is not directed to children under 13 (or the applicable minimum age of digital consent), and we do not knowingly collect their data. If you believe a child has created an account, contact us and we will delete it.
8. Changes
We may update this policy; the current version and effective date always appear at the top. Material changes will be communicated to account holders.
9. Contact
Privacy questions and requests: noreply@rewiseed.com.