Legal

Privacy Policy

Effective date: April 21, 2026  ·  Last updated: April 21, 2026

Overview

Plain-language summary: Bioscript stores only what is necessary to provide the service — your account credentials via Google OAuth, your OpenAI API key, paper data you interact with, and subscription information. We do not sell your data. We do not use it for advertising.

Bioscript ("we," "us," or "our") operates the Bioscript Chrome extension and associated website (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By installing the Bioscript extension or using the Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you sign in with Google, we receive the following information from Google's OAuth service:

  • Your name and email address
  • Your Google account profile picture
  • A unique user identifier associated with your Google account

We do not receive or store your Google account password.

Extension Data

To provide the Service, we store data you create or interact with:

  • OpenAI API Key: If you provide an API key, it is stored encrypted in our database and used solely to make AI requests on your behalf.
  • Paper metadata: Titles, authors, abstracts, DOIs, journal names, URLs, and publication years of papers you view or save through the extension. This data is extracted from publicly accessible academic paper pages.
  • AI-generated content: Summaries, question-and-answer chat history, and data extractions generated in response to your requests.
  • Vault folders and collections: Project folders you create and papers you save to them, including any research profiles you configure per folder.
  • Recently viewed papers: A list of up to 15 papers you have recently opened through the extension, stored to populate the History tab in the Vault.
  • Preferences: Your chosen UI theme (light or dark) and deep research toggle setting.

Subscription & Billing Information

When you subscribe to Bioscript Pro, payment is processed by Stripe. We do not collect or store your credit card number or other sensitive payment details. We store:

  • Your Stripe customer ID and subscription ID
  • Subscription status (active, canceled, trialing, none)
  • Subscription period end date
  • Trial start timestamp

Usage Data

We do not collect telemetry, crash reports, or behavioral analytics data beyond what is stored as part of the Service itself (e.g., saved papers, chat messages). We do not track your browsing history outside of the paper metadata explicitly extracted when you visit a supported academic paper page.

How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and maintain your session
  • Provide, operate, and improve the Service
  • Sync your data (papers, folders, chat history, settings) across devices via our cloud database
  • Send AI requests to OpenAI on your behalf using your provided API key
  • Manage your subscription and trial status
  • Respond to support requests or inquiries you initiate

We do not use your data to train AI models, serve advertisements, or share with data brokers.

Third-Party Services

Bioscript relies on the following third-party services to operate. Each has its own privacy policy:

Supabase

We use Supabase as our backend database and authentication provider. Your account data, paper data, chat history, and settings are stored in a Supabase database. Supabase is hosted on AWS infrastructure. Data is encrypted at rest and in transit.

Google OAuth

Sign-in is handled via Google's OAuth 2.0 service. We only request the minimum scopes required: your basic profile (name, email, picture) and, if you use the Google Docs citation export feature, access to create and edit Google Docs files you explicitly authorize. We do not access your Gmail, Google Drive files outside of those you explicitly export to, or any other Google service.

OpenAI

AI-powered features (summaries, chat, data extraction, term definitions) are powered by the OpenAI API. When you use an AI feature, relevant paper text and your message are sent to OpenAI's API using your provided API key. OpenAI's data handling is governed by their API data usage policies. We recommend reviewing OpenAI's privacy policy for details on how they process API inputs.

Stripe

Subscription billing is handled by Stripe. Stripe collects and processes your payment card information directly. We never see or store your full card number.

Data Storage & Security

All user data is stored in a Supabase PostgreSQL database protected by Row Level Security (RLS). RLS policies ensure that each user can only access their own data — no user can read or modify another user's records.

Data is transmitted over HTTPS/TLS. Your OpenAI API key is stored in our database and is never exposed in client-side code beyond what is required to make API calls on your behalf.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your data for as long as your account remains active or as needed to provide the Service. Specifically:

  • Account data: Retained until you request deletion.
  • Paper data, chat history, folders, and settings: Retained until you delete them within the app or request account deletion.
  • Subscription data: Retained for a reasonable period after subscription end for accounting and legal compliance purposes.

To request deletion of all your data, contact us at the email address below. We will permanently delete your account and associated data within 30 days.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data ("right to be forgotten").
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain processing activities.
  • Restriction: Request that we restrict processing of your data in certain circumstances.

To exercise any of these rights, contact us at bioscriptapp@gmail.com. We will respond within 30 days. If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will promptly delete it. If you believe a child under 13 has provided us with their information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you (for example, by displaying a notice in the extension or by email). We encourage you to review this policy periodically.

Your continued use of the Service after any changes constitutes your acceptance of the new policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: