Privacy Policy

Welcome to Polyref. We know that your privacy is important, and we're committed to protecting it. This Privacy Policy explains how we collect, use, and protect your personal data when you use Polyref.

We aim to collect only what we need, be transparent about how it's used, and give you control over your data.

Polyref is operated by Deeplit Ltd (t/a Polyref), a company registered in Ireland, which acts as the data controller for your personal data.

1. Information we collect

We collect only what's needed to run the service:

a) Information you provide

  • Account info: name, email, password
  • Profile info (optional): research interests, affiliation
  • Content: queries, PDF documents and research papers you upload, annotations
  • Communications: messages to support

b) Usage & device data

  • IP address, browser, device type
  • Usage logs (searches, features used, interactions)

c) Payment data

  • Payments are handled securely by Stripe, an industry-leading payment processor. We never store your card details; all payment information is processed and stored by Stripe in accordance with PCI-DSS standards.

2. How we use your data

We use your data to:

  • Provide and operate Polyref
  • Process accounts and subscriptions
  • Improve search, ranking, and AI outputs
  • Monitor usage and fix issues
  • Communicate updates and support

We do not use your uploaded documents (e.g. PDFs, research papers) or any content derived from them (e.g. summaries, annotations) to train AI models. We may use aggregated or anonymised usage data (which does not identify you and does not include your uploaded content) to improve our systems. You can opt out of this at any time through your account settings or by contacting us.

3. Sharing your data

We only share data where necessary:

  • With trusted service providers (e.g. hosting, payments, analytics)

    These providers process data on our behalf under appropriate data protection agreements.

  • When legally required

Where possible, data is shared in aggregated or anonymised form.

AI service providers

We use third-party AI service providers to process user inputs and generate AI-generated outputs.

When you use AI-powered features, your queries, prompts, and relevant uploaded content may be sent to these providers for processing.

We configure these providers, where possible, not to use your data to train their models. These providers process data only to provide responses to your requests.

We ensure appropriate data protection agreements and safeguards are in place with these providers, including where data is transferred outside the European Economic Area.

4. Your content

You retain full ownership of all PDF documents and research papers you upload to Polyref, as well as any content derived from them (e.g. AI-generated summaries, annotations, and extracted data). Your uploaded documents are your property.

  • We process your documents only to provide the service (e.g. retrieval, summarisation, AI-assisted analysis)
  • We do not train any AI or machine learning models on your uploaded documents or their derivatives
  • You can delete your papers at any time, which removes them and their associated data from our systems
  • You are in control of what you upload, so please avoid sensitive or confidential data unless you are comfortable doing so

You can also delete your account at any time to remove all your data, with limited exceptions:

  • Support tickets (retained for audit and dispute resolution)
  • Billing and subscription records (retained for accounting, tax, and refund purposes)
  • LLM usage logs (retained for cost reconciliation with AI providers)

5. Cookies & tracking

We use cookies and similar technologies to keep the service running smoothly, keep you logged in, and remember your preferences.

We also use analytics tools (e.g. Google Analytics) to understand how Polyref is used and improve it over time. These cookies are only set with your consent where required.

You can manage or withdraw your consent at any time through our cookie settings or your browser.

6. Data retention

We retain different categories of data for different periods depending on their purpose (e.g. account data, billing records, and logs).

We keep data only as long as necessary to:

  • Provide the service
  • Meet legal obligations
  • Prevent abuse

7. Security

We take security seriously. We implement appropriate technical and organisational measures to protect your data, including encryption and secure storage. However, no system is completely secure.

8. Your rights (GDPR)

You have the right to:

  • Access your data
  • Correct or delete it
  • Object to processing
  • Request data portability

We aim to make exercising these rights straightforward. Just contact us.

You also have the right to lodge a complaint with your local data protection authority (for example, the Irish Data Protection Commission).

9. International transfers

Your data is processed and stored within the European Economic Area (EEA) where possible (e.g. EU-based cloud providers).

If any data is transferred outside the EEA, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

10. Changes

We may update this policy from time to time. If changes are significant, we'll make this clear.

12. Legal basis for processing

We process your personal data under the following legal bases:

  • Contract – to provide and operate the Polyref service
  • Legitimate interests – to improve the service, prevent abuse, and ensure security
  • Legal obligations – where required for accounting, tax, or legal compliance
  • Consent – where required (e.g. analytics cookies)

13. Contact

If you have any questions about privacy or your data, you can contact us at: support@polyref.ai