Privacy Policy

1. Information We Collect

1.1 Account Information You Provide

When you create an account, we collect:

• Name and email address provided during registration
• Authentication credentials — If you sign in with Apple, Google, or email, we receive the name and email address associated with your account. If you use Sign in with Apple and choose to hide your email, we receive only Apple's private relay email address. We do not receive or store your Apple ID password or Google password.
• Profile preferences — Your selected orthopedic subspecialty interests, notification preferences, and content personalization choices
• Research profile — If you connect your research profile (e.g., ORCID or author search), we collect your ORCID identifier or author identifier and use it to build your co-author network and to surface papers from your network
• Subscription information — Your subscription tier and status. Payment processing is handled by third-party providers: Apple (for in-app purchases via the App Store) and Stripe (for web-based subscriptions). We do not directly collect, process, or store your credit card number, bank account details, or other financial payment information. These payment processors may share limited transaction data with us (such as subscription status, transaction ID, and billing country) to manage your account.

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage data — Features accessed, papers viewed, papers saved to your library, search queries, and time spent in the app
• Device information — Device model, operating system version, app version, and a unique device identifier for delivering push notifications
• Push notification tokens — If you grant permission, we collect your device's push notification token to send you research digests and alerts. You can disable notifications at any time through your device settings.
• Log data — IP address, access times, and app crash or error reports for debugging and service improvement

1.3 Research Assistant Interactions

If you use the Research Assistant feature, we collect:

• Your questions and prompts submitted to the Research Assistant
• AI-generated responses and related metadata (such as timestamps and the papers referenced)

This data is used solely to provide the Research Assistant feature and to improve its accuracy. Queries are processed by our AI service providers (named in Section 3.1) under our instructions. Your individual interactions are never shared publicly or with other users.

AI-powered features such as paper evaluation ("In Context"), newsletter generation, and audio briefings process published article data and may use your first name and subspecialty preferences to personalize content. This processing is performed by third-party AI service providers under our instructions.

1.4 Information We Do NOT Collect

• We do not collect health or medical data about you personally
• We do not use the Advertising Identifier (IDFA) or engage in ad tracking
• We do not use cookies or web-based tracking technologies within the mobile app. Our website (eaglescope.ai) may use essential cookies for authentication and session management.
• We do not collect biometric data, precise location data, or contacts

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Create and manage your account
• Deliver personalized research digests based on your subspecialty preferences
• Send push notifications for new papers, conference deadlines, and weekly digests (with your permission)
• Process and manage your subscription through the Apple App Store
• Provide the Research Assistant feature
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve the Service
• Detect, prevent, and address technical issues, bugs, and security threats
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We do not share your personal information with advertisers.

We may share your information only in the following limited circumstances:

3.1 Service Providers

We use trusted third-party service providers to operate the Service, including:

• Supabase — Database hosting and authentication
• Apple App Store — Subscription payment processing and receipt validation (iOS)
• Stripe — Subscription payment processing (web). Stripe's privacy policy is available at https://stripe.com/privacy
• Third-party AI and machine learning service providers — To power features including the Research Assistant, paper evaluation and contextual analysis, newsletter generation, and audio briefings. Data sent to these providers may include: your query text and conversation history (Research Assistant), your first name and subspecialty preferences (for personalized audio briefings), and published article metadata such as titles, abstracts, and identifiers (for summarization and evaluation). No email address, full name, or other account identifiers are sent to AI providers except as noted above.

These providers are contractually obligated to protect your information and may only use it to perform services on our behalf.

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental request, or if we believe disclosure is necessary to:

• Comply with applicable laws or legal processes
• Enforce our Terms of Service
• Protect the rights, property, or safety of EagleScope, our users, or the public
• Prevent fraud or illegal activity

3.3 Business Transfers

If EagleScope is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information with your explicit consent for purposes not described in this policy.

3.5 Anonymized and Aggregated Data

We may share anonymized, aggregated data that cannot reasonably be used to identify you (for example, "3,000 orthopedic professionals use EagleScope" or general usage statistics).

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service.

When you delete your account:

• Your personal information (name, email, preferences) will be deleted within 30 days
• Your saved library and interaction history will be permanently removed
• Anonymized, aggregated usage data that cannot be linked back to you may be retained for analytics purposes

Research Assistant interaction data may be retained in anonymized form (disconnected from your account) to improve the quality and accuracy of the Service.

5. Your Rights and Choices

5.1 Access and Update

You can access, review, and update your account information at any time through your account settings within the app.

5.2 Delete Your Account

You may delete your account at any time through the account settings within the app or on the website, or by contacting us at legal@eaglescope.ai. We will process your request within 30 days.

5.3 Push Notifications

You can enable or disable push notifications at any time through your device's Settings app or through the notification preferences within EagleScope.

5.4 Email Communications

You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in our emails or updating your preferences in your account settings. You will continue to receive essential service-related communications (such as account security alerts).

5.5 Data Portability

You may request a copy of your personal information in a portable, machine-readable format by contacting us at legal@eaglescope.ai.

6. Subscriptions and Payments

EagleScope offers subscription plans through multiple platforms:

6.1 iOS App (Apple App Store)

In-app purchases on iOS are processed entirely by Apple. Please note:

• Payment is charged to your Apple ID account at confirmation of purchase
• Subscriptions automatically renew unless auto-renew is turned off at least 24 hours before the end of the current period
• You may manage your subscriptions and turn off auto-renewal at any time in your Apple ID Account Settings; you will retain access until the end of the current billing period. Refunds for the unused portion of the current period are subject to Apple's refund policy.
• Any unused portion of a free trial period, if offered, will be forfeited when you purchase a subscription

Your use of in-app purchases is also subject to Apple's Terms and Conditions (https://www.apple.com/legal/internet-services/itunes/dev/stdevstandard/).

6.2 Web

Subscriptions purchased through our website are processed by Stripe. Stripe collects and processes your payment information directly; we never see or store your full card number. You can manage or cancel your web subscription through your account settings at eaglescope.ai. Stripe's privacy policy is available at https://stripe.com/privacy.

For details on subscription tiers and pricing, please see the subscription page within the app or on our website.

7. Children's Privacy

EagleScope is designed for medical professionals, researchers, and students. We do not knowingly collect personal information from children under 13 (or under 16 in the European Economic Area). If we learn that we have collected personal information from a child under the applicable age, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@eaglescope.ai.

8. Data Security

We implement reasonable and appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, alteration, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication protocols
• Regular security reviews
• Access controls limiting employee access to personal data

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

9. International Data Transfers

Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions. Where required by applicable law, we will ensure appropriate safeguards are in place to protect your information.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know — You may request the categories and specific pieces of personal information we have collected about you
• Right to Delete — You may request deletion of your personal information
• Right to Correct — You may request correction of inaccurate personal information
• Right to Opt Out of Sale — We do not sell personal information
• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at legal@eaglescope.ai. We will verify your identity before processing your request and respond within 45 days.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Access, correction, and deletion of your personal data
• Data portability
• Restriction of or objection to processing
• Withdrawal of consent at any time

Legal Bases for Processing:

• Consent — When you create an account and agree to this policy
• Contract performance — To provide the Service you have subscribed to
• Legitimate interests — To improve our Service, ensure security, and communicate with you
• Legal obligations — To comply with applicable laws

To exercise your rights, contact us at legal@eaglescope.ai. You also have the right to lodge a complaint with your local supervisory authority.

12. Third-Party Links

The Service may contain links to third-party websites, including PubMed and academic journal sites. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting a notice within the app
• Sending an email to the address associated with your account

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: legal@eaglescope.ai

For data protection inquiries from the EEA, UK, or Switzerland, you may also contact our data protection point of contact at the same email address.