Privacy Policy

Last updated: June 12, 2026

中文摘要：我们只收集提供服务所必需的数据——账号邮箱、收藏/笔记等你主动保存的内容、匿名化的使用统计。浏览器插件会优先使用本地缓存；未缓存时，仅向 AILatest 接口发送期刊名、ISSN 等识别所需字段，不上传你的浏览记录、检索关键词或论文阅读内容。支付由第三方收单方（Merchant of Record）处理，我们不接触你的银行卡信息。如中英文有出入，以英文版为准。

1. What We Collect

Account data

Email address (for email-code sign-in and account notices).
If you sign in with GitHub or Google: your public profile name, avatar and the email address shared by the provider. We never receive your password.

Content you save

Favorites, lists, tags, notes and submission records you create. Stored to provide cross-device sync.

Usage data

Server logs and aggregated analytics (pages viewed, country-level location derived from IP, browser type) used to operate and improve the Service. We use Google Tag Manager / analytics; you can opt out via standard browser controls or our ?noanalytics flag.

Payment data

Payments are processed by our Merchant of Record (e.g. Lemon Squeezy / Paddle). They collect and process your payment details under their own privacy policies. We only receive order metadata (plan, amount, status) — never card numbers.

2. Browser Extension

The extension uses local cache first. When a journal is not cached, it sends only the journal name, ISSN and other fields necessary for journal identification to the AILatest lookup API.
Pages you visit, search queries and article reading content are not sent to our servers for journal lookup.
If you sign in inside the extension, your account token is stored in the browser's extension storage and used only to call our API (favorites sync, entitlements).
The extension does not collect browsing history and does not inject ads or trackers.

3. How We Use Data

Provide and secure the Service (authentication, sync, abuse prevention, rate limiting).
Operate subscriptions (trial status, entitlements, billing events from the Merchant of Record).
Improve the product through aggregated, non-identifying statistics.
Send transactional email (sign-in codes, important account or billing notices). Marketing email is sent only with your consent and always has an unsubscribe link.

We do not sell personal data, and we do not use your notes or saved content to train AI models.

4. Cookies and Local Storage

We use localStorage and similar technologies to keep you signed in, remember preferences (language, favorites before sign-in), and measure usage. Essential storage cannot be disabled without breaking sign-in.

5. Service Providers

We rely on a small set of processors to run the Service: Cloudflare (hosting, CDN, database), Resend (transactional email), Google (OAuth sign-in, analytics), GitHub (OAuth sign-in), and our Merchant of Record (payments). Each receives only what is necessary for its function.

6. Data Retention and Deletion

Account data is kept while your account is active.
You may delete your account by contacting [email protected]; we delete or anonymize personal data within 30 days, except records we must keep for legal or accounting reasons.
Sign-in codes expire within 10 minutes and are stored only as salted hashes.

7. Your Rights

Depending on your jurisdiction (e.g. GDPR, CCPA, PIPL), you may have the right to access, correct, export or delete your personal data, and to object to or restrict certain processing. Contact us at [email protected] and we will respond within 30 days.

8. Security

Data is encrypted in transit (TLS). Authentication uses signed tokens; verification codes are stored hashed with a server-side secret. No method of transmission or storage is 100% secure, but we follow industry practices to protect your data.

9. Children

The Service is not directed at children under 16, and we do not knowingly collect their data.

10. Changes

We may update this Policy; material changes will be announced on the Service. The "Last updated" date above reflects the current version.

11. Contact

Privacy questions and requests: [email protected] · Contact page