Data Processing & Privacy

What This Covers

• Applies to: Content you create in the manuscript editor, text you submit to AI Style Check and AI Suggestions, and data processed by the Chrome extension
• Does not apply to: Files that stay on your device, website analytics, or third-party tools you configure yourself

Where Your Data Lives

Real-Time Collaboration

• When you work with others, your document is synced through Tiptap Cloud, a third-party collaboration service
• Each collaboration session is private to your workspace members only
• Your display name and email are shared so others can see who's editing
• Only your document content is synchronized—billing info, references, and other data stay on First Author servers
• Tiptap Cloud uses servers located in Europe (Hetzner data centers) with encryption and SOC 2 Type II certification. Learn more at Tiptap's security documentation

Your Images, Files & PDFs

• When you upload figures or paste screenshots, they're securely stored in Vercel Blob Storage (backed by AWS S3)
• Reference PDFs: When you upload PDFs for your reference library, they are stored in Vercel Blob Storage. A local copy may also be cached in your browser for offline access
• File information (name, size, type) is kept separate from the file itself
• Only workspace members can access your files through secure, private URLs
• When you delete a file, both the file and its information are permanently removed

Other Data

• References, lab memberships, and usage statistics are stored in our European database
• Your actual manuscript text stays in your browser or the collaboration service
• We keep backups and can restore data if needed
• All structured data remains in EU servers unless you request otherwise

Slack & Status

• Slack community: If you choose to join via our invite link, Slack processes your account information and messages under its own privacy policy.
• Status page: When our site fetches the status summary from status.firstauthor.ai, standard web request metadata (e.g., IP address, user agent) is processed to serve the request.

AI Style Check & Suggestions

When you click the Style Check button or use AI Suggestions, here's what happens:

1. Preparation: We clean up your text by removing internal metadata and extra formatting
2. Sending to AI: Your text is sent through OpenRouter to Anthropic models for processing
3. Privacy protection:
   • We do not include your name, email, or full manuscript—only the selected text and minimal context needed for the feature
   • We instruct our AI providers not to use API prompts for training or model improvement
4. What we keep: Only the AI's suggestions (scores, summaries, issues) are saved to show your collaborators. The original text sent to the AI is discarded

What Information Goes to the AI

For Style Check & AI Suggestions:

Only the specific paragraph you're checking is sent, along with:

• A random workspace ID (no identifying information)
• The section type (e.g., "Methods" or "Discussion")
• Writing guidelines for that section
• Your selected paragraph text

For Reference Chat:

When you use the chat feature on a reference, the following is sent:

• Extracted text from the uploaded PDF (up to 30,000 characters)
• Your chat messages and conversation history
• A random workspace ID (no identifying information)

We do not send your entire manuscript, your name, email, or any other personal information.

How to Disable AI Features

You have complete control over AI usage:

1. Go to View → Manuscript display → AI assistance
2. Turn off Enable AI features
3. The AI button disappears and no text is ever sent to external services

What We Store from AI Checks

We save:

• The AI's suggestions and highlights so your team can see them
• Usage statistics for monitoring and preventing abuse

We do NOT store:

• The original text you sent to the AI
• The AI's full responses
• Anything while AI features are disabled

AI & Privacy

International Data Transfers

While your primary data (manuscripts, metadata, references) is stored in the European Union, certain services require data transfer to the United States:

• AI services: OpenRouter and Anthropic (text sent for AI features)
• Payments: Stripe (payment and billing information)
• Emails: Resend (email addresses for transactional emails)
• File storage: Vercel Blob Storage may use global CDN nodes

These US-based service providers maintain appropriate data protection measures. By using First Author, you consent to these transfers as necessary to provide the service. If you are subject to GDPR or similar regulations and have concerns about international transfers, please contact us.

Security & Data Protection

We implement industry-standard security practices:

• Encrypted connections: All data transfers use TLS 1.2 or higher encryption (browser → First Author → AI services)
• Minimal access: AI services only see the specific paragraph you're checking—not your billing info, payment details, or other documents
• Confidential treatment: All AI requests are handled as sensitive manuscript data
• Easy deletion: You can dismiss AI suggestions anytime (block menu → "Dismiss") and they're immediately removed from our database

Your Data Rights

You have control over your data:

• Access: You can view all your stored data through the application interface
• Export: Download your manuscripts, notes, and measurements at any time
• Delete: Remove workspaces, documents, or your entire account when you choose
• Portability: Your data is stored in standard formats for easy migration

For data subject access requests or questions about exercising these rights, please contact us.

Data Retention

• Active workspaces: Data is retained as long as your account is active
• Deleted content: When you delete documents or workspaces, they are permanently removed from our systems (backups may retain data for up to 30 days)
• Inactive accounts: We may delete accounts inactive for more than 24 months after notifying you via email

Cookies & Local Storage

First Author uses minimal cookies and browser storage:

• Session cookies: Required for authentication and keeping you logged in
• Local storage (IndexedDB): Stores your documents locally in your browser for offline access and performance. This data never leaves your device unless you enable cloud sync
• Preferences: Your display settings and editor preferences are stored locally

We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users.

Chrome Extension

The First Author browser extension helps you import references from the web directly into your workspaces. Here's what data it accesses and how it's handled:

What the Extension Accesses

• Current page URL: Used to detect DOIs and identify reference metadata on sites like PubMed, Google Scholar, and journal websites
• Page content: The extension reads page metadata (title, authors, DOI) to extract reference information. It does not read or transmit other page content
• Your First Author account: The extension authenticates with your First Author account to import references into your workspaces

What the Extension Stores

• Authentication token: Stored in Chrome's local storage to keep you logged in
• Active workspace: Remembers which workspace you last imported to
• Import history: Tracks which URLs/DOIs you've already imported (stored locally) to show visual indicators and avoid duplicates

Data Flow

• Reference metadata (title, authors, DOI, abstract) is sent to First Author servers when you click "Import"
• If you choose to fetch a PDF, the extension may download it from the publisher and upload it to your workspace
• All data transmitted uses encrypted HTTPS connections
• You can disconnect the extension at any time, which clears stored authentication data

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. The notification will include details about what data was affected and recommended steps to protect yourself.

Questions or Concerns?

If you have questions about how we handle your data, please contact Dr. Philipp Münch – AI Software & SaaS at hello@firstauthor.ai. We're committed to transparency and continuous improvement of our privacy practices.