SciFig Privacy Policy for Researchers

We know you care about how your personal information is used and shared, and we take your privacy seriously. This Privacy Policy explains how SciFig collects and processes personal data only as necessary to develop, provide, and improve our Services, as required by law, or for the purposes explicitly stated herein. This Policy applies to SciFig and its affiliates and subsidiaries. SciFig serves as the data controller for personal data processed through the Services. By using the Services, you accept the practices described in this Policy and consent to the collection and sharing described herein. Users with disabilities may request this Policy in an alternative format by contacting hello@scifig.ai.

1. What Information We Collect

Information You Provide

• Registration Information: Username, password, date of birth, email address, and for organizational representatives, business details and physical address.
• User Content: Profile information, scientific figure prompts, descriptions, uploaded images, sketches, PDFs, and any material created or shared through the Services.
• Payment Information: Third-party payment processors (Stripe) handle transactions on our behalf. We do not store full payment card details, though we retain transaction records for compliance and support purposes.
• Correspondence Information: Support messages, feedback, and associated details collected through various communication channels.
• Surveys and Promotions: Information gathered when you participate in surveys, research studies, promotions, or sponsored events, with your consent.

Information We Collect Automatically

• Technical and Device Information: IP address, browser type, mobile carrier, device identifiers, operating system, network type, and screen resolution.
• Usage Information: Pages viewed, interaction duration, access times, navigation paths, clicks, searches, and referring URLs.
• Location Information: General geographic area inferred from your IP address; precise location collected only where necessary for location-based functions or legitimate business purposes.
• Cookies and Similar Technologies: Used to operate and optimize the Services, enable features, and enhance user experience. You can manage these through your browser or device settings. See our Cookie Policy for details.

Information From Other Sources

When you register through third-party account providers (such as Google), those services may share your username, public profile details, and other authorized information with us. Limited information such as app ID and access token may be shared with these providers for authentication purposes.

2. How We Use Your Information

We use the information we collect to: verify eligibility and create accounts; provide, maintain, and improve the Services; fulfill your requests and process transactions; perform internal operations and analytics; display personalized content; communicate changes and updates; provide customer support; protect the platform and enforce our Terms; detect and prevent fraud; and support other purposes disclosed at the time of collection.

Lawful Basis for Processing (GDPR)

• (a) Performance of a Contract: Creating accounts, providing Services, processing payments, and handling inquiries.
• (b) Consent: Marketing emails, surveys, beta programs, and device data access are based on your consent, which you can withdraw at any time.
• (c) Legal Obligations: Compliance with tax rules, regulatory requirements, identity verification, and honoring data subject rights.
• (d) Legitimate Interests: Securing the platform, preventing fraud, improving Services, personalizing experiences, and supporting analytics.
• (e) Protection of Vital Interests: In rare cases involving serious risk of harm.
• (f) Establishment, Exercise, or Defense of Legal Claims: Processing information for asserting or defending legal claims and managing disputes.
• (g) Other Permissible Grounds: Additional lawful bases as provided by applicable local law.

We may aggregate or de-identify information for trend analysis, feature improvement, and research purposes.

Exclusions of Liability

SciFig is not liable for information leakage or misuse caused by: (a) your failure to secure account credentials; (b) software, hardware, or network vulnerabilities beyond our reasonable control; (c) legal or regulatory requirements; (d) force majeure events; or (e) necessary data sharing as described in Section 3.

3. How We Share Your Information

We do not sell your personal information. However, we may share your information in the following circumstances:

• Service Providers or Business Partners: We share information with trusted third-party vendors, including payment processors (Stripe), hosting providers, analytics firms, and marketing partners. All service providers are contractually bound to process data only on our behalf and in accordance with our instructions.
• Corporate Group: Information may be shared with subsidiaries, parent entities, and affiliates under common ownership. These entities may operate internationally, and appropriate safeguards are implemented for cross-border transfers.
• Legal and Compliance Obligations: We may disclose information to law enforcement, regulators, or courts when necessary to comply with law, enforce our Terms of Service, investigate violations, detect fraud, protect rights and safety, or defend legal claims.
• Sale or Merger: Information may be shared in connection with corporate transactions including mergers, acquisitions, asset sales, financing, restructuring, or bankruptcy. Recipients must honor this Policy or provide equivalent protection.
• With Your Consent: We may share information with third parties when you consent or direct us to do so, with explicit consent obtained where required by law.

International Data Transfers

Personal information is stored on secure servers and may be processed internationally by our affiliates and service providers. When transferring data from the EEA, UK, or Switzerland to countries without adequate protection determinations, we implement appropriate safeguards including European Commission Standard Contractual Clauses, UK Addendum, and supplementary technical and organizational measures.

4. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Access and Confirmation: Request confirmation of whether we process your data, and obtain a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal information.
• Erasure (Right to be Forgotten): Request deletion of your personal data in certain circumstances. We may decline erasure requests where retention is necessary for legal obligations, dispute resolution, or legitimate interests.
• Restriction of Processing: Request limitation of processing in specific situations.
• Data Portability: Request your personal information in a structured, commonly used, machine-readable format for transfer to another controller.
• Withdrawal of Consent: Where processing relies on your consent, you may withdraw it at any time. Withdrawal may impact your access to certain features but does not affect the lawfulness of prior processing.
• Opt-Out of Sales and Targeted Advertising (U.S. Residents): Individuals covered by CCPA/CPRA may opt out of the sale of personal information or sharing for cross-context behavioral advertising.
• Objection to Processing: Object to processing in certain cases, including direct marketing.
• Complaints: Lodge complaints with your local data protection authority.

To exercise any of these rights, please contact us at hello@scifig.ai. We will respond within 15 days after verifying your identity.

5. Data Security

We employ reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, the transmission of information via the internet is not completely secure, and any transmission is at your own risk. We encourage you to use strong, unique passwords and to avoid reusing credentials across services.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which it was collected. Information may be retained for longer periods to comply with legal obligations or to establish, exercise, or defend legal claims. After termination of your use of the Services, information may be stored in aggregated, anonymized form.

7. Information Relating to Minors

The Services are not directed at children under 13 years of age (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at hello@scifig.ai so we can take appropriate action.

8. Privacy Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated through the Services or by other appropriate means. The "Effective Date" at the top of this Policy indicates when the latest changes took effect. Your continued use of the Services after any updates constitutes your agreement to the revised Policy.

9. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at hello@scifig.ai. We aim to respond to all privacy-related requests within 15 days after verifying your identity.
hello@scifig.ai