Privacy Policy

Controller

Dr. Philipp Münch - AI Software & SaaS
c/o COCENTER
Koppoldstr. 1
86551 Aichach
Germany

This policy applies to our website, account creation, waitlist and contact forms, the editor, collaboration features, billing, optional integrations, and AI features.

Categories of Data

• Account and contact data: name, email address, affiliation, account settings, support requests, waitlist submissions, and messages you send us.
• Workspace data: manuscripts, notes, comments, references, measurements, uploaded images and PDFs, collaboration metadata, and share-link related data.
• Technical and security data: IP address, browser and device metadata, request logs, error events, abuse-prevention signals, and browser-side storage used by the product.
• Billing data: selected plan, subscription status, invoice metadata, and customer identifiers from Stripe. We do not store full payment card numbers ourselves.
• Optional integration data: GitHub account and repository metadata, file contents you explicitly connect or import, Slack join requests, and status-page requests.
• AI feature inputs: text passages, prompts, extracted reference text, conversation history, and feature context needed to provide AI checks, AI suggestions, equation and citation checks, or reference chat.

Purposes and Legal Bases

• Art. 6(1)(b) GDPR for account creation, login, workspace operation, collaboration, uploads, support, billing, and AI features you actively request.
• Art. 6(1)(a) GDPR for optional marketing or waitlist communications, and for optional Google Ads conversion tracking where you give consent.
• Art. 6(1)(c) GDPR where processing is necessary to comply with legal obligations, especially tax, accounting, and compliance duties.
• Art. 6(1)(f) GDPR for security, abuse prevention, fraud detection, debugging, service reliability, and aggregate product analytics.
• Art. 6(1)(a) GDPR together with Section 25 TDDDG for non-essential advertising or conversion tracking and comparable access to information stored on your device.

Recipients and Processors

• Vercel for hosting, delivery, logs, web analytics, database, and file storage infrastructure.
• Tiptap Cloud for optional real-time collaboration.
• Resend for transactional emails such as confirmations, invitations, and notifications.
• Stripe for checkout, subscription management, invoices, and payment processing.
• GitHub for the optional repository integration you initiate.
• Google for optional Google Ads conversion measurement, only if you consent.
• AI providers including Anthropic and OpenRouter and, depending on the selected feature or model, additional model providers reachable through OpenRouter.
• Slack and our status provider if you voluntarily use those services.

Additional technical details about AI-related processing are available on our Data Processing & Privacy page.

International Transfers

Some providers process data outside the EU or EEA, especially in the United States. Where required, transfers are based on adequacy decisions such as the EU-U.S. Data Privacy Framework and/or on Standard Contractual Clauses with supplementary measures.

Cookies and Similar Technologies

We use necessary cookies and browser storage so the service works. Depending on the feature you use, this can include for example:

• fa_session for authenticated sessions
• fa_share_session for share-link access
• fa_signup_checkout for the new-user checkout flow
• fa_gh_token and fa_gh_state for the optional GitHub connection
• wl_token for waitlist confirmation flows
• fa_cookie_notice_v2 in local storage to remember your tracking choice

If you accept optional tracking in the cookie banner, we enable Google Ads conversion measurement. We also use Vercel Web Analytics for aggregate website metrics.

Local-First Storage

Parts of First Author work locally in your browser. Depending on the feature, content and settings may be stored in browser technologies such as IndexedDB or local storage to support offline work, draft recovery, editor state, and faster loading. This data remains on your device unless you save, sync, share, collaborate, or explicitly send content to external services.

AI Features

When you use AI features, we send only the content needed for that feature, such as a paragraph under review, extracted reference text, prompts, conversation history, and minimal contextual metadata. The exact data depends on the feature you invoke. We do not need your entire manuscript for every request.

If you disable AI assistance in the product settings, new AI requests are no longer sent from that workspace context. Technical details and current processor information are described on the Data Processing & Privacy page.

Data Retention

• We retain account and workspace data for as long as needed to provide the service.
• We retain waitlist or contact data until the purpose ends or you withdraw consent, unless legal retention applies.
• We retain security and operational logs for as long as reasonably necessary for security and reliability.
• We retain billing and tax-relevant records as long as required by applicable law.
• If you request deletion, we will delete data unless we must retain parts of it for legal reasons or to establish, exercise, or defend legal claims.

Your Rights

You may have the right to:

• access your personal data
• rectify inaccurate data
• request erasure
• request restriction of processing
• receive data portability where applicable
• object to processing based on legitimate interests
• withdraw consent at any time with effect for the future
• lodge a complaint with a supervisory authority

Contact

If you have privacy questions or would like to exercise your rights, contact us at hello@firstauthor.ai or via our contact page.

Kurzfassung (DE)

Verantwortlicher ist Dr. Philipp Münch - AI Software & SaaS, c/o COCENTER, Koppoldstr. 1, 86551 Aichach, Deutschland. Wir verarbeiten Daten für den Betrieb der Website und des Produkts, insbesondere für Accounts, Workspaces, Kollaboration, Uploads, Support, Abrechnung, optionale Integrationen und AI-Funktionen. Je nach Funktion arbeiten wir mit Dienstleistern wie Vercel, Tiptap Cloud, Resend, Stripe, GitHub, Google und AI-Anbietern zusammen. Optionale Werbe- bzw. Conversion-Messung per Google Ads aktivieren wir nur nach Einwilligung. Sie haben insbesondere Rechte auf Auskunft, Berichtigung, Löschung, Einschränkung, Datenübertragbarkeit, Widerspruch und Widerruf erteilter Einwilligungen.