Privacy Policy
Last updated: 2026-05-03
1. Who We Are
AudioScholar is operated by Dr. Nikhil Shah at the University of Alberta. For privacy questions, email nshah1@ualberta.ca.
2. What We Collect
Account information
- Email address (used as identifier)
- Display name (only if you sign in with Google; we receive your Google profile name)
- Login timestamps (last sign-in time, used to compute "X new since" greeting)
- Plan tier (currently
freefor all users)
Content you create
- PDFs you upload via
/add(deleted from our storage 24 hours after upload by an automated cleanup process) - Audio summaries and transcripts generated from your uploads and your Specialty Weekly and Topic Watch subscriptions (kept indefinitely tied to your account, until you delete the account)
- Subscriptions you create (specialty, frequency, voice preference, schedule)
- Episode state (whether you've played, archived, or marked an episode)
- Playback position (for resuming where you left off)
System logs
- Audit log entries when you or an admin perform sensitive actions (e.g., updating system config, sending claim emails)
- Standard server logs for debugging and abuse prevention
What we do NOT collect
- PHI (forbidden by Terms; if accidentally uploaded, deleted with your PDF after 24h)
- Behavioural analytics, pixel-tracking, or third-party advertising identifiers
- Payment data (Stripe is not yet integrated; this section will be updated when it is)
- Geolocation beyond what's incidental to standard web traffic (IP address visible to our hosts during requests, not stored long-term)
- Recordings of your voice or your microphone
3. How We Use Your Data
- Generate audio summaries from your uploaded papers and your subscription queries
- Send you transactional emails (an audio is ready, your account has been migrated, your account has been claimed, etc.)
- Operate, secure, and improve the service
- Communicate with you about your account, important changes, and support requests
- Comply with applicable law
We do not use your content to train AI models. We do not sell your data.
4. Third-Party Processors
To deliver the service, we use the following processors. By using AudioScholar you consent to your data being processed by these parties for the stated purposes:
| Processor | Purpose | Data Processed | Region |
|---|---|---|---|
| Supabase | Database, authentication, file storage | All account + content data | Hosted in our chosen Supabase region (subject to Supabase's infrastructure) |
| Resend | Transactional email delivery | Recipient email + email body | US-based |
| Google Cloud TTS | Audio synthesis (text → speech) | Generated script text (transient; not retained by Google for model training under our API agreement) | Global Google Cloud infrastructure |
| Google Gemini | Text summarization and curation | Source paper text and PubMed abstracts (transient) | Global Google Cloud infrastructure |
| Google OAuth | Optional sign-in via Google account | OAuth identity (email, name, sub identifier) | Global Google infrastructure |
| Cloudflare | DNS for audioscholar.cc | Routine DNS query metadata | Global edge network |
| Lovable | Build and deploy platform | Source code (no end-user data) | Lovable infrastructure |
Each processor has its own privacy policy governing how they handle data we send them. We have selected these providers with attention to industry-standard security practices but cannot assume responsibility for their conduct.
5. Cookies and Local Storage
AudioScholar uses only essential storage in your browser:
- Authentication tokens in localStorage, set by Supabase Auth. Used to keep you signed in.
dashboard.welcomeDismissedin localStorage. A simple1flag indicating you've dismissed the welcome card.
No tracking cookies, no analytics pixels, no advertising tags, no third-party trackers. You can clear these via your browser settings at any time; doing so will sign you out and re-show the welcome card.
6. Data Retention
| Data | Retention |
|---|---|
| Account info (email, login timestamps, plan) | Until you delete your account |
| Subscriptions (Specialty Weekly / Topic Watch config) | Until you delete the subscription or your account |
| Generated audio + transcripts | Until you delete your account, or until we discontinue the service |
| Uploaded source PDFs | 24 hours after upload (auto-deleted by cleanup cron) |
| Audit log entries | 90 days |
| Server / error logs | Approximately 30 days |
| Email metadata (Resend) | According to Resend's retention; typically 30 days |
If you delete your account, we will delete or anonymize your account data within 30 days. Backups may retain residual data for an additional 30–60 days before purge.
7. Your Rights
You have the right to:
- Access your data — visible to you in the app
- Correct your data — update via the app or email us
- Delete your account — email nshah1@ualberta.ca with "Delete my account" in the subject. Processed within 30 days
- Withdraw consent — stop using the service and request deletion as above
- Receive a copy — for tabular data, available on request via email; audio files can be downloaded directly from the app
- Lodge a complaint with a relevant privacy regulator (Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner of Alberta, or your local equivalent if outside Canada)
8. Children
AudioScholar is intended for adults (18+) engaged with the medical literature. We do not knowingly collect data from children under 18. If you become aware that a minor has created an account, please email us so we can delete it.
9. International Transfers
Our database (Supabase) is hosted in our chosen region. Some processing — text summarization, voice synthesis, email delivery, OAuth — necessarily transits Google's, Resend's, and other providers' infrastructure, which may include the United States and the European Union. By using AudioScholar you consent to this cross-border transfer.
For users in jurisdictions with stricter cross-border data rules (e.g., EU/EEA under GDPR), please assess whether AudioScholar's current setup meets your obligations before uploading content.
10. Security
- All traffic between your browser and AudioScholar is encrypted via HTTPS/TLS
- Authentication is handled by Supabase Auth with hashed passwords + optional Google OAuth
- Database row-level security restricts data access to your own account
- Server-side functions run with least-privilege credentials
- No PHI is processed; we do not assume HIPAA-grade controls
We are a small-team early-stage product. We follow industry-standard practices but cannot guarantee absolute security. If you believe you've discovered a security issue, please email nshah1@ualberta.ca with "Security report" in the subject — we appreciate responsible disclosure.
11. Changes to This Policy
Episode feedback. When you submit feedback on an episode (via the Inaccuracy / Audio / Idea buttons at the end of the player), we store the category, your note, and a record of your IP address (auto-deleted after 24 hours, used solely for spam prevention). Your feedback is anonymous by default — we do not store your identity, even if you are signed in. If you check "Include my email so Dr. Shah can follow up," we additionally store your email address solely to respond to your specific submission, and we never use it for marketing or other purposes.
We may update this Privacy Policy as the service evolves. Material changes will be communicated by email. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
Privacy questions, deletion requests, security reports:
Email: nshah1@ualberta.ca
Subject prefix: AudioScholar — [Privacy / Delete my account / Security report / etc.]
© 2026 Dr. Nikhil Shah · University of Alberta directory