Your papers.
Your questions.
A short version: we don't sell your data, we don't train models on your library, and you can delete everything at any time. The long version is below.
LAST UPDATED · MAY 2026 · v1.3
The TL;DR
For people who don't read privacy policies — even if they should.
- Your library is yours. We store your PDFs to serve them back to you. We do not train models on them. We do not share them with third parties.
- We log what's needed to run the product. Account info, usage events, billing data — kept for as long as you have an account.
- You can delete it all. One click in Settings → Delete account. Everything is removed within 30 days.
- We process data in the US and EU. With standard contractual clauses for cross-border transfers.
- No surprises.If we ever change anything material, we'll email you before it takes effect.
Three categories
Account data, content data, usage data.
Account data. Name, email, password hash, organization, billing details. Provided by you on signup. Used to authenticate, bill, and contact you about your account.
Content data. PDFs you upload, folders, notes, comments, chat messages, generated literature reviews. Stored encrypted at rest. Used only to provide the product to you and the people you share with.
Usage data. Pages visited, features used, error logs, device and browser metadata, IP address. Used to operate the service, debug issues, and improve features. Aggregated for analytics; never sold.
And what we don't
Five short rules.
- To run the product. Indexing your library, answering your questions, generating reviews, syncing folders.
- To bill you (Pro and Team plans). Processed by Stripe — we never see card numbers.
- To support you.If you email us, we read it. We don't read your library to “help” you proactively.
- To improve the product.Aggregated usage signals (e.g. “X% of users use the citation network this week”) — never tied to your content.
- Never: sell data, share with advertisers, train external models on your private corpus.
Vendors we use
Audited, contracted, listed publicly.
To run Litericaai we use a small set of trusted infrastructure providers. Each is bound by data-processing agreements and is named publicly:
- AWS — primary hosting (us-east-1, eu-west-1)
- Stripe — payment processing
- OpenAI & Anthropic — inference for chat and review generation, under zero-retention agreements (your content is not used for training and is not retained beyond the request)
- Postmark — transactional email
- Sentry — error monitoring (scrubbed of PII)
The current list is maintained at Security. We email Pro and Team customers before adding any new subprocessor.
GDPR / CCPA
Access, correct, export, delete.
Depending on where you live, you have rights under the GDPR, the UK GDPR, the CCPA, and similar frameworks. You can:
- Access a copy of the personal data we hold about you
- Correct inaccurate data via Settings or by emailing us
- Export your library as a zip of original PDFs plus a JSON archive of your chats and reviews
- Delete your account and all associated data
- Object to certain processing or withdraw consent
Email privacy@litericaai.com. We respond within 30 days.
The minimum
Session, preference, basic analytics.
We use a small number of first-party cookies: a session cookie to keep you logged in, a preference cookie to remember your theme, and self-hosted analytics that does not set cross-site trackers. No third-party advertising cookies. You can disable analytics in Settings → Privacy.
Reach the DPO
For privacy questions or complaints.
Data Protection Officer · privacy@litericaai.com
If you are in the EU and feel your concern is not adequately addressed, you may lodge a complaint with your local data protection authority.