Privacy Policy

The data controller is José Luis Saorín Ferrer, located in the Canary Islands, Spain. You can contact us at hello@scholaris.app.

Scholaris is designed with privacy as a core principle. All document processing — OCR, embeddings, transcription, and citation analysis — is handled by your Scholaris server. Your documents are never shared with third parties. Cloud AI is used only for vision tasks (image understanding in documents), where only the specific image data needed is sent securely.

We collect the minimum data necessary to provide the Service:

3.1 Account Data

When you register, we collect your email address, display name, and password (managed by Clerk, our authentication provider). This data is necessary to provide account access and is processed under the legal basis of contractual necessity (Art. 6(1)(b) GDPR).

3.2 Subscription and Payment Data

Payment processing is handled by third-party payment providers. We do not store your credit card numbers or banking details. We receive only a transaction identifier, billing status, and the email associated with the payment.

3.3 Usage Metadata

We may collect anonymized, aggregate usage statistics (e.g., number of documents converted, feature usage counts) to improve the Service. This data cannot be linked to individual users or documents.

3.4 Data We Do NOT Collect

• The content of your documents (PDFs, videos, audio, images)
• Your search queries
• Your citations or bibliography
• Embeddings or AI model outputs
• Any data processed by the Scholaris server (except images sent for cloud vision AI)

• Account management: To authenticate you and provide access to the Service.
• Billing: To process subscription payments and manage your plan.
• Communication: To send essential account notifications (billing confirmations, security alerts, Terms updates). We do not send marketing emails without consent.
• Service improvement: To analyze anonymized, aggregate usage patterns and improve the product.

We use the following third-party services:

• Clerk — Authentication and account management. Clerk processes your email and password. See Clerk’s Privacy Policy.
• Payment processor — Subscription billing. Only transaction identifiers are shared with us.

We do not sell, rent, or share your personal data with any other third parties.

Account data is retained for as long as your account is active. Upon account deletion, your personal data is removed within 30 days. Anonymized usage statistics may be retained indefinitely as they cannot be linked to you.

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Correct inaccurate personal data.
• Erasure — Request deletion of your personal data (“right to be forgotten”).
• Restriction — Restrict the processing of your personal data.
• Portability — Receive your data in a structured, machine-readable format.
• Objection — Object to processing based on legitimate interests.

To exercise these rights, contact us at hello@scholaris.app. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your personal data. Authentication is handled by Clerk with industry-standard security practices. All communication with our servers uses TLS encryption.

Your account data may be processed by Clerk in the United States. Clerk participates in standard contractual clauses as approved by the European Commission to ensure adequate data protection for EU residents.

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

If you are an EU resident and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. The “last updated” date at the top reflects the most recent revision.