FirstAuthor
FirstAuthor

Data Processing & Privacy

How we handle and protect your data

Last updated: 2025-11-28

Important: First Author is operated by Dr. Philipp Münch – AI Software & SaaS (sole proprietorship) and remains in active beta. We follow industry-standard security practices and are committed to protecting your data, but as a bootstrapped small business we cannot provide enterprise-grade guarantees. By using this service, you acknowledge that you do so at your own discretion and risk. For mission-critical or highly sensitive research, we strongly recommend maintaining local backups.

This document explains how First Author handles your manuscript data, where information is stored, and how you can control what gets shared with AI services.

What This Covers

  • Applies to: Content you create in the manuscript editor, including text you submit to AI Style Check and AI Suggestions
  • Does not apply to: Files that stay on your device, website analytics, or third-party tools you configure yourself

Where Your Data Lives

WhatWhereDetails
Editor contentYour browser (local storage)Stays on your device unless you save to a workspace or enable collaboration
Workspace documentsFirst Author servers (EU)Your manuscript text, metadata, and AI results are stored in European data centers for team collaboration
Real-time collaborationTiptap Cloud (Europe)When collaborating with others, your document is synchronized through Tiptap's encrypted infrastructure hosted in European data centers
Images & figuresVercel Blob Storage (global)Uploaded files are stored securely with unguessable URLs that require workspace authentication
MetadataDatabase (EU)References, measurements, and collaboration settings are stored in our European database
AnalyticsAggregate numbers onlyWe count usage statistics but do not collect your manuscript text

Real-Time Collaboration

  • When you work with others, your document is synced through Tiptap Cloud, a third-party collaboration service
  • Each collaboration session is private to your workspace members only
  • Your display name and email are shared so others can see who's editing
  • Only your document content is synchronized—billing info, references, and other data stay on First Author servers
  • Tiptap Cloud uses servers located in Europe (Hetzner data centers) with encryption and SOC 2 Type II certification. Learn more at Tiptap's security documentation

Your Images & Files

  • When you upload figures or paste screenshots, they're securely stored in Vercel Blob Storage (backed by AWS S3)
  • File information (name, size, type) is kept separate from the file itself
  • Only workspace members can access your files through secure, private URLs
  • When you delete a file, both the file and its information are permanently removed

Other Data

  • References, lab memberships, and usage statistics are stored in our European database
  • Your actual manuscript text stays in your browser or the collaboration service
  • We keep backups and can restore data if needed
  • All structured data remains in EU servers unless you request otherwise

AI Style Check & Suggestions

When you click the Style Check button or use AI Suggestions, here's what happens:

  1. Preparation: We clean up your text by removing internal metadata and extra formatting
  2. Sending to AI: Your text is sent through OpenRouter to Claude Haiku 4.5 (the Bedrock-hosted version)
  3. Privacy protection:
    • Your text is not used for AI training—Anthropic and OpenRouter have agreed not to use our requests for model improvement
    • Zero retention policy—your prompts and responses are not logged or stored by the AI provider
  4. What we keep: Only the AI's suggestions (scores, summaries, issues) are saved to show your collaborators. The original text sent to the AI is discarded

What Information Goes to the AI

For Style Check & AI Suggestions:

Only the specific paragraph you're checking is sent, along with:

  • A random workspace ID (no identifying information)
  • The section type (e.g., "Methods" or "Discussion")
  • Writing guidelines for that section
  • Your selected paragraph text

For Reference Chat:

When you use the chat feature on a reference, the following is sent:

  • Extracted text from the uploaded PDF (up to 30,000 characters)
  • Your chat messages and conversation history
  • A random workspace ID (no identifying information)

We do not send your entire manuscript, your name, email, or any other personal information.

How to Disable AI Features

You have complete control over AI usage:

  1. Go to Settings → Manuscript display → AI assistance
  2. Turn off Enable AI features
  3. The AI button disappears and no text is ever sent to external services

What We Store from AI Checks

We save:

  • The AI's suggestions and highlights so your team can see them
  • Usage statistics for monitoring and preventing abuse

We do NOT store:

  • The original text you sent to the AI
  • The AI's full responses
  • Anything while AI features are disabled

AI Model & Privacy

Which AI model do we use?

We use Claude Haiku 4.5 through Amazon Bedrock (global.anthropic.claude-haiku-4-5-20251001-v1:0) specifically because it offers a zero-retention guarantee—meaning your data is never logged or stored by the AI provider.

Can I use my own AI account?

Currently, we manage the AI service connection for all users through a shared account. Custom AI configurations are not supported at this time.

Security & Data Protection

We implement industry-standard security practices:

  • Encrypted connections: All data transfers use TLS 1.2 or higher encryption (browser → First Author → AI services)
  • Minimal access: AI services only see the specific paragraph you're checking—not your billing info, payment details, or other documents
  • Confidential treatment: All AI requests are handled as sensitive manuscript data
  • Easy deletion: You can dismiss AI suggestions anytime (block menu → "Dismiss") and they're immediately removed from our database

Your Data Rights

You have control over your data:

  • Access: You can view all your stored data through the application interface
  • Export: Download your manuscripts, notes, and measurements at any time
  • Delete: Remove workspaces, documents, or your entire account when you choose
  • Portability: Your data is stored in standard formats for easy migration

For data subject access requests or questions about exercising these rights, please contact us.

Data Retention

  • Active workspaces: Data is retained as long as your account is active
  • Deleted content: When you delete documents or workspaces, they are permanently removed from our systems (backups may retain data for up to 30 days)
  • Inactive accounts: We may delete accounts inactive for more than 24 months after notifying you via email

Questions or Concerns?

If you have questions about how we handle your data, please contact Dr. Philipp Münch – AI Software & SaaS at muench@hsph.harvard.edu. We're committed to transparency and continuous improvement of our privacy practices.

As a beta product operated by Dr. Philipp Münch – AI Software & SaaS, First Author is provided "as-is" without warranty of any kind. By using this service, you agree to use it at your own risk. This document may be updated as the platform evolves.
FirstAuthor.ai — Reproducible manuscript writing