At Fynman, your privacy is our top priority. This Privacy Policy explains how we collect, use, protect, and share information when you use our AI-powered literature review software. We are committed to transparency and protecting your academic research data.
🔒 Our Core Privacy Principle
Your research data stays on your computer. We never see, access, or store your research papers, notes, or academic work. All document processing happens locally on your device.
1. Information We Collect
1.1 Information We DO NOT Collect
- Research Documents: We never access, upload, or store your PDF files, research papers, or academic documents
- Research Content: Your notes, annotations, highlights, and insights remain entirely on your device
- Academic Work: Unpublished research, manuscripts, or proprietary academic content
- Personal Research Data: Citation libraries, reading history, or research patterns
1.2 Information We DO Collect
- Account Information: Email address, name, institutional affiliation (if provided)
- Subscription Data: Payment information, subscription status, license type
- Technical Information: Software version, operating system, error logs (anonymized)
- Usage Analytics: Anonymous feature usage statistics to improve software performance
- Support Communications: Messages you send to our support team
2. How We Use Your Information
We use the limited information we collect for the following purposes:
- Service Delivery: Providing and maintaining your Fynman account and software license
- Customer Support: Responding to your inquiries and providing technical assistance
- Software Improvement: Analyzing anonymous usage patterns to enhance features and performance
- Security: Protecting against fraud, abuse, and unauthorized access
- Legal Compliance: Meeting legal obligations and enforcing our Terms of Service
- Communication: Sending software updates, security notices, and important service announcements
3. Local Data Processing
Fynman is designed as a privacy-first desktop application:
- Local Processing: All document analysis, indexing, and organization happens on your computer
- Offline Functionality: Core features work without internet connection
- No Cloud Storage: Your research library never leaves your device
- Encrypted Storage: Local data is encrypted using industry-standard AES-256 encryption
- User Control: You decide what data (if any) to sync across your devices
4. Third-Party AI Services
When you choose to use AI features, limited data may be sent to third-party AI providers:
4.1 What Gets Sent
- Only specific text excerpts you choose to analyze
- Anonymized paper summaries (when you opt for privacy mode)
- Your specific questions or prompts to the AI
- No identifying information about you or your institution
4.2 AI Provider Privacy
- Your Choice: You select which AI provider to use (OpenAI, Anthropic, etc.)
- Your API Key: You provide your own API credentials, maintaining direct control
- Provider Policies: Data handling governed by your chosen AI provider's privacy policy
- No Fynman Access: We cannot see what you send to AI providers
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share limited information only in these circumstances:
- With Your Consent: When you explicitly authorize data sharing
- Service Providers: With trusted partners who help us operate our service (payment processors, email services)
- Legal Requirements: When required by law, court order, or government regulation
- Business Transfers: In the event of a merger or acquisition (with privacy protections maintained)
- Safety and Security: To protect rights, property, or safety of Fynman, users, or the public
6. Academic and Institutional Privacy
We recognize the special privacy needs of academic users:
- Institutional Compliance: Our software helps meet FERPA, HIPAA, and other regulatory requirements
- Student Privacy: Special protections for educational records and student research
- Research Ethics: Support for IRB requirements and research confidentiality
- International Standards: Compliance with GDPR, CCPA, and other privacy regulations
- Audit Support: Documentation available for institutional privacy audits
7. Data Security
We implement robust security measures to protect your information:
- Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Strict employee access controls and authentication requirements
- Security Monitoring: Continuous monitoring for unauthorized access or breaches
- Regular Audits: Independent security assessments and penetration testing
- Incident Response: Established procedures for security incident management
- Secure Development: Security-by-design principles in all software development
8. Your Privacy Rights
You have several rights regarding your personal information:
- Access: Request a copy of personal information we have about you
- Correction: Update or correct inaccurate personal information
- Deletion: Request deletion of your personal information (subject to legal requirements)
- Portability: Export your account data in standard formats
- Restriction: Limit how we process your personal information
- Objection: Object to certain types of data processing
- Withdrawal: Withdraw consent for optional data processing
9. Data Retention
We retain personal information only as long as necessary:
- Active Accounts: Information retained while your account is active
- After Cancellation: Account data deleted within 30 days of cancellation
- Support Records: Support communications retained for 2 years
- Legal Requirements: Some data retained longer when required by law
- Anonymous Analytics: Anonymized usage data may be retained indefinitely
- Your Control: You can request immediate deletion of personal data
10. Cookies and Tracking
Our website and software use limited tracking technologies:
- Essential Cookies: Required for basic website functionality and user authentication
- Analytics Cookies: Anonymous website usage statistics (you can opt out)
- No Advertising: We do not use cookies for advertising or marketing tracking
- Third-Party Services: Limited use of analytics services with privacy protections
- Software Telemetry: Optional anonymous usage statistics to improve software (can be disabled)
11. International Data Transfers
Information about international data handling:
- Data Location: Your research data stays on your local device regardless of location
- Account Data: Account information stored in secure data centers with appropriate protections
- Transfer Safeguards: Standard contractual clauses and adequacy decisions for international transfers
- Regional Compliance: Compliance with local privacy laws in your jurisdiction
12. Children's Privacy
Fynman is not intended for children under 13 years of age:
- Age Restriction: Users must be 18+ or have parental consent
- No Knowing Collection: We do not knowingly collect information from children under 13
- Educational Use: Academic institutions may purchase licenses for student researchers with appropriate oversight
- Parental Rights: Parents can request deletion of their child's information
13. Privacy Policy Updates
We may update this Privacy Policy periodically:
- Notification: Users notified of material changes via email and software updates
- Effective Date: Changes effective 30 days after notification
- Continued Use: Continued use of software constitutes acceptance of updated policy
- Version History: Previous versions of this policy available upon request
14. Contact Information
For privacy-related questions or to exercise your privacy rights, contact us:
Response time: We aim to respond to privacy requests within 30 days.
Your trust is essential to us. By using Fynman, you acknowledge that you have read and understood this Privacy Policy and agree to our privacy practices.
