Back to Home

Privacy Policy (Beta)

Last updated: January 2, 2026

Introduction: The Zero-Knowledge Paradigm

APA Gen is committed to protecting your academic integrity and privacy through a Zero-Knowledge Architecture. Unlike traditional SaaS models, we operate as a "blind infrastructure." This means we technically cannot access, read, or monetize the content of your research (bibliographies, citations, statistical outputs). Our servers strictly manage authentication and quotas, leaving all statistical data processing to occur exclusively in your local browser environment.

1. Data We DO NOT Collect

To ensure maximum confidentiality, our system is designed to be technically incapable of accessing "Content Data." We do NOT collect or store:

  • Research Data: Your statistical outputs, citations, and bibliographies reside exclusively in your browser's Local Storage/RAM. They are never transmitted to our servers in plain text.
  • Semantic Content: We do not analyze your research topics for profiling or advertising purposes.
  • Decryption Keys: You hold the sole control over your local data.

2. Data We Collect & Purpose

We collect minimal metadata solely to provide the service and prevent abuse:

  • Identity (Google OAuth): Name, Email, Avatar, and User ID. Used for secure authentication.
  • Usage Metadata: We track the count of analyses performed to enforce quota limits (e.g., free tier limits). We do not track what was analyzed.
  • Technical Data (PostHog EU): Browser type and OS for performance monitoring and debugging.

3. Third-Party Infrastructure & Google Limited Use

We utilize trusted sub-processors who are bound by strict Data Processing Agreements (DPA). Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements:

  • Google Inc. (OAuth): We only access your public profile and email for authentication. We do not use this data for advertising or transfer it to third parties beyond infrastructure providers.
  • Supabase Inc. (Backend): For secure database management (auth and quota metadata). Access is secured via Row Level Security (RLS).
  • PostHog Inc. (EU Instance): For anonymized product analytics. Session recording is disabled.

4. Your Rights (GDPR/CCPA)

You have the right to access, correct, and delete your personal data. However, due to our Zero-Knowledge architecture, a unique limitation applies:

Important Limitation: We cannot recover, export, or restore your citations or research data if you lose your device or clear your browser cache, as this data never exists on our servers. Your right to access applies only to your account and usage logs.

California Users: We do not "sell" or "share" your personal data for cross-context behavioral advertising.

5. Security & Retention

We enforce HTTPS/TLS encryption for all communications. Account metadata is retained while your account is active. Technical logs are retained for a limited period (e.g., 12 months). Local data in your browser persists until you clear it.

Contact Us

For privacy inquiries or to exercise your rights, please contact us via our Contact Form.