Privacy Policy

1. Introduction

Welcome to Elicit ("we," "our," or "us"). Elicit is a mobile application that provides AI-powered academic research assistance, including paper search, analysis, comparison, and citation generation. We are committed to protecting your privacy and ensuring transparency about how we handle your data.

This Privacy Policy describes the types of information we collect from users of the Elicit mobile application (the "App") and our website at elicit.ourapps.website (the "Website"), how we use and protect that information, and your choices regarding your data.

By using our App or Website, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

• Search Queries: When you search for academic papers, we process your search terms to deliver relevant results. Search queries may be stored locally on your device as part of your search history.
• Saved Papers & Collections: Papers you bookmark and organize into collections are stored locally on your device.
• Preferences & Settings: Your app configuration choices, including analysis mode, citation format preference, student mode settings, and results-per-page preference.
• Subscription Information: When you purchase a subscription, payment processing is handled entirely by Apple through the App Store. We do not collect, store, or have access to your payment card details, billing address, or other financial information.

2.2 Information Collected Automatically

• Device Identifier: We generate a random unique device identifier (UUID) on first launch. This identifier is not linked to your Apple ID, name, email, phone number, or any other personally identifiable information. It is used solely for analytics, rate limiting, and abuse prevention.
• App Installation Data: We record the date and time of first app installation along with the device identifier for analytics purposes.
• API Request Logs: We log API requests including the endpoint accessed, HTTP method, response status code, response time, and the anonymous device identifier. These logs are used for performance monitoring, error tracking, and abuse detection.
• App Version & Platform: Basic information about your app version and operating system to ensure compatibility and troubleshoot issues.

2.3 Information We Do NOT Collect

• Your real name, email address, or phone number
• Your Apple ID or any Apple account information
• Your precise or approximate geographic location
• Your contacts, photos, camera, microphone, or other device sensors
• Your browsing history outside the app
• Any biometric data (Face ID / Touch ID)
• Advertising identifiers (IDFA)
• Payment or banking information (handled by Apple)

3. How We Use Your Information

We use the collected information for the following purposes:

• Provide Core Functionality: Process your search queries against academic databases (OpenAlex, PubMed), generate AI-powered analyses and summaries using GPT-4o, compare papers, and produce citations.
• Service Improvement: Analyze aggregated, anonymized usage patterns to improve app performance, identify popular features, and optimize search result quality.
• Abuse Prevention: Monitor request patterns to detect and prevent abuse, excessive usage, or automated access. We may temporarily or permanently restrict access from device identifiers exhibiting abusive behavior.
• Rate Limiting: Apply fair-use request limits to ensure service quality and availability for all users.
• Error Monitoring: Track API errors and response times to identify and fix technical issues quickly.
• Subscription Verification: Verify your subscription status through RevenueCat (our subscription management provider) to grant access to premium features.

4. Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal information. We share data with third-party services only as necessary to provide our core functionality:

4.1 OpenAI (GPT-4o)

Your search queries and paper abstracts are sent to OpenAI's API for AI-powered analysis, summarization, and comparison. OpenAI processes this data according to their Privacy Policy and Terms of Use. We use the API tier which means your data is not used to train OpenAI's models.

4.2 OpenAlex

We query the OpenAlex academic database to search for and retrieve paper metadata (titles, authors, abstracts, DOIs, citation counts, publication dates). OpenAlex is a free, open-source catalog of the world's scholarly papers. See their documentation.

4.3 PubMed / NCBI

We query the PubMed database maintained by the National Center for Biotechnology Information (NCBI) for biomedical and life sciences paper metadata. See the NCBI Privacy Policy.

4.4 RevenueCat

We use RevenueCat to manage subscriptions and verify purchase status. RevenueCat receives your anonymous app user ID (device identifier) and subscription transaction data from Apple. They do not receive your name, email, or any personally identifying information. See RevenueCat's Privacy Policy.

4.5 Apple App Store

All in-app purchases and subscriptions are processed by Apple. Apple handles all payment processing and billing. We receive only confirmation of active subscriptions, not payment details.

4.6 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Elicit, our users, or the public.

5. Data Storage & Security

5.1 Local Storage

The majority of your data — saved papers, collections, search history, and app preferences — is stored locally on your device using iOS native storage mechanisms (UserDefaults). This data never leaves your device and is not transmitted to our servers. Uninstalling the app permanently deletes all locally stored data.

5.2 Server-Side Storage

Our backend server stores:

• Anonymous device identifiers and installation timestamps
• API request logs (endpoint, status code, response time, anonymous device ID)
• No search query content, paper content, or analysis results are stored on our servers

5.3 Security Measures

We implement appropriate technical and organizational security measures, including:

• HTTPS/TLS encryption for all data transmitted between the app and our servers
• Rate limiting to prevent abuse and denial-of-service attacks
• Secure server infrastructure with restricted access
• API keys stored securely in environment variables, never exposed to clients
• Regular security monitoring and log review

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of data transmitted to or stored by our service.

6. Data Retention

• Local Data: Retained on your device until you clear it within the app settings or uninstall the app.
• API Request Logs: Retained for up to 90 days for performance monitoring and abuse detection, then automatically purged.
• Device Identifiers & Install Records: Retained for as long as the service is operational to prevent duplicate install counting and support abuse prevention.
• Blocked Device Records: Retained indefinitely or until manually removed by our administrators if a device was blocked for abuse.

7. Your Rights & Choices

You have the following rights regarding your data:

7.1 Data Deletion

• Local Data: You can clear all saved papers, collections, and search history through the "Clear All Data" option in Settings. You can also clear search history separately.
• Server Data: Since we only store anonymous device identifiers and request logs, you can effectively reset your server-side data by reinstalling the app, which generates a new device identifier.

7.2 Subscription Management

You can manage or cancel your subscription at any time through your Apple ID settings. You can also restore previous purchases through the "Restore Purchases" option in the app's Settings.

7.3 Opt-Out

Since we do not collect advertising identifiers or personal information, there is no ad tracking to opt out of. The minimal analytics we collect (anonymous request logs) are essential for service operation and abuse prevention.

7.4 Data Portability

Your locally stored data (saved papers, collections) exists only on your device. We do not currently offer a data export feature, but your paper references include DOIs and titles that allow you to find them in any academic database.

7.5 European Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. Since we collect only anonymous device identifiers, most of our data does not constitute personal data under GDPR. If you believe any of your data constitutes personal data and wish to exercise your rights, please contact us.

7.6 California Users (CCPA)

If you are a California resident, you have rights under the CCPA including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. For requests, contact us using the information below.

8. Children's Privacy

Our service is intended for general audiences and is not directed at children under the age of 13 (or applicable age in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to remove such information.

Since we do not collect personal information (names, emails, etc.) from any users, the risk of inadvertently collecting children's data is minimal. However, the app's content — academic research papers — is primarily designed for university-level users and above.

9. International Data Transfers

Our servers may be located in different jurisdictions. By using the App, you consent to the transfer of your anonymous usage data (device identifier, request logs) to servers that may be located outside your country of residence. We ensure that appropriate safeguards are in place for any such transfers.

Third-party services we use (OpenAI, RevenueCat) may also process data in the United States or other countries. Please refer to their respective privacy policies for details on their data handling practices.

10. Cookies & Tracking Technologies

Our mobile app does not use cookies, web beacons, pixels, or similar tracking technologies. We do not use any third-party analytics SDKs (such as Google Analytics, Firebase Analytics, or Facebook SDK). Our website is a static informational site and does not use cookies for tracking purposes.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify users through an in-app notification or update description for significant changes

We encourage you to review this Privacy Policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@elicit.app

We will respond to your inquiry within 30 days.