Your first month is 50% off - use code RESEARCH50 at checkout. Upgrade now →
Site Logo
Research Verifier

Privacy Policy

Your privacy and data protection are important to us

Last updated: May 2026

1. Data Controller

Florian Himmelbauer (Himmelbauer Digital Innovations e.U.)

Hannovergasse 27/1 1200 Vienna, Austria

Email: support@researchverifier.com

2. Scope of Application

This privacy policy applies to all processing of personal data in connection with the use of the Research Verifier platform (the "Service"). We process your data exclusively on the basis of applicable legal provisions, in particular the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act 2021 (TKG 2021).

3. Purposes and Legal Basis for Data Processing

a) Provision of the Service

Purpose: Operating the website, user authentication, storing your uploaded papers, and providing text analysis features.
Legal Basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interests in IT security and service provision), § 1 DSG

b) User Account Management

Purpose: Creating and managing your user account, storing your research papers, maintaining search history.
Legal Basis: Art. 6(1)(b) GDPR (contract performance), § 1 DSG

c) Payment Processing

Purpose: Processing payments for premium features via third-party payment processors.
Legal Basis: Art. 6(1)(b) GDPR (contract performance)

d) Communication and Support

Purpose: Responding to inquiries, providing customer support, sending service notifications.
Legal Basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interest in customer service)

e) Analytics

Purpose: Understanding usage patterns to improve the Service.
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in improving the Service), § 165 TKG 2021

f) Conversion Tracking

Purpose: Measuring the effectiveness of advertising campaigns by sending hashed conversion events server-side to Meta and Google.
Legal Basis: Art. 6(1)(f) GDPR (legitimate interest in evaluating and optimising advertising spend)

4. Categories of Personal Data

Account Data

  • • Email address
  • • Password (encrypted)
  • • Account creation date

Usage Data

  • • Search queries and claims
  • • Search history
  • • IP address (server logs)

Content Data

  • • Uploaded PDF papers
  • • Extracted metadata
  • • Text analysis results

Payment Data

  • • Transaction records
  • • Billing information (via processor)
  • • No card details stored by us

5. Recipients and Data Processors

We work with carefully selected service providers who process data on our behalf:

Hosting & Infrastructure

Provider: Vercel Inc. (USA)
Purpose: Website hosting and operation
Safeguards: EU Standard Contractual Clauses (SCCs)

Database & Storage

Provider: Supabase Inc. (USA)
Purpose: User data and file storage
Safeguards: EU Standard Contractual Clauses (SCCs)

AI Processing

Provider: OpenAI (USA)
Purpose: Text analysis and claim extraction
Safeguards: Data Processing Agreement, limited retention

Payment Processing

Provider: Stripe Inc. (USA)
Purpose: Processing payments
Note: Payment card data is processed directly by Stripe; we do not store it

Email Services

Provider: Resend (USA)
Purpose: Sending transactional emails and notifications
Safeguards: EU Standard Contractual Clauses (SCCs)

Conversion Tracking — Meta

Provider: Meta Platforms Ireland Ltd. (Ireland / USA)
Purpose: Measuring advertising campaign effectiveness via server-side conversion events
Data sent: Hashed (SHA-256) email address and hashed user ID only — no raw personal data is transmitted
Safeguards: EU Standard Contractual Clauses (SCCs)

Conversion Tracking — Google

Provider: Google Ireland Ltd. (Ireland / USA)
Purpose: Measuring advertising campaign effectiveness via server-side analytics events (GA4 Measurement Protocol)
Data sent: Hashed user ID only — no cookies or browser identifiers are used
Safeguards: EU-U.S. Data Privacy Framework, EU Standard Contractual Clauses (SCCs)

6. Data Transfers to Third Countries

Some of our service providers are located outside the European Union/European Economic Area. Data transfers to these third countries are based on appropriate safeguards:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR)
  • Adequacy decisions where applicable (Art. 45 GDPR)
  • Additional technical and organizational measures to ensure data protection

7. Data Retention Period

We retain personal data only as long as necessary for the purposes outlined above or as required by law:

  • Account Data:Until account deletion or 3 years after last login
  • Uploaded Papers:Until you delete them or close your account
  • Search History:Until you delete it or close your account
  • Payment Records:7 years (Austrian tax and commercial law requirements)
  • Server Logs:Maximum 90 days

8. Your Rights (GDPR & DSG)

Under GDPR and Austrian data protection law, you have the following rights:

Right to Access

Request a copy of your personal data we hold (Art. 15 GDPR)

Right to Rectification

Correct inaccurate personal data (Art. 16 GDPR)

Right to Erasure

Request deletion of your data under certain conditions (Art. 17 GDPR)

Right to Restriction

Restrict processing of your data in certain circumstances (Art. 18 GDPR)

Right to Data Portability

Receive your data in a structured format (Art. 20 GDPR)

Right to Object

Object to processing based on legitimate interests (Art. 21 GDPR)

Withdrawal of Consent

Where processing is based on your consent, you may withdraw it at any time (Art. 7(3) GDPR). This does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Austrian Data Protection Authority:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien, Austria
Website: www.dsb.gv.at

9. Cookies and Tracking (TKG 2021)

Essential Cookies Only

Our website uses only essential cookies required for authentication and session management. These are necessary for the Service to function and do not require consent under § 165 TKG 2021.

We do not use:

  • • Marketing or advertising cookies
  • • Social media tracking pixels in your browser
  • • Third-party analytics cookies
  • • Cross-site tracking technologies

Server-Side Conversion Tracking

We use server-side conversion tracking via the Meta Conversions API and the Google Analytics 4 Measurement Protocol. Unlike traditional pixel or cookie-based tracking, these work entirely on our server - no tracking code runs in your browser and no tracking cookies are placed on your device.

When you complete a registration or purchase, a hashed (SHA-256, one-way encrypted) version of your email address and/or user ID is sent to Meta and Google solely to measure whether our advertising is effective. This data cannot be reversed to identify you and is not used for cross-site tracking.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in measuring advertising effectiveness). You may object to this processing at any time by contacting us at support@researchverifier.com.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration:

Technical Measures

  • • SSL/TLS encryption for data in transit
  • • Encrypted database storage
  • • Regular security updates
  • • Access controls and authentication

Organizational Measures

  • • Limited employee access
  • • Confidentiality agreements
  • • Regular security training
  • • Incident response procedures

11. Children's Privacy

Our Service is not directed to persons under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information.

12. AI Processing Notice

Important Information About AI Analysis

When you use our text analysis features, your submitted text is processed by OpenAI's API to extract claims and generate search queries. Please note:

  • Do not submit confidential, sensitive, or unpublished research that you wish to keep private
  • OpenAI processes data according to their Data Processing Agreement
  • We configure OpenAI to not use your data for model training
  • Your uploaded PDF papers are stored in our database and are NOT sent to OpenAI

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide a more prominent notice (including, for certain services, email notification).

14. Contact for Data Protection Matters

For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us:

Email: support@researchverifier.com

Subject line: "Data Protection Request"

We will respond to your request within 30 days as required by GDPR.

This Privacy Policy is governed by Austrian law and complies with GDPR, DSG, and TKG 2021