Privacy Policy (GDPR Compliant)
Effective Date: October 1, 2025
This Privacy Policy describes how Innovimed Sp. z o.o. ("we," "us," or "our") collects, uses, and protects your personal data in connection with your use of the CiteWise.eu (the "Service"). We are committed to a privacy-first model where your data stays yours.
1. Data Controller Information
The data controller responsible for the processing of your personal data is:
- Company Name: Innovimed Sp. z o.o.
- Registered Address: Swieradowska 47, 02-662 Warszawa, Poland
- EU VAT ID: PL5213932457
2. Our Core Privacy Commitment
Our Service operates under strict privacy principles:
No Advertisements: We do not share your data with third parties for marketing or advertising purposes.
No Tracking: We do not use non-essential cookies, tracking pixels, or third-party analytics to build profiles of our users or monitor your activity across other websites.
Data Stays Yours: Any documents, citations, or analysis results you create or upload are your property.
AI Training Exclusion: Content submitted for AI analysis is strictly processed to provide you with the requested output and is NOT used for training, developing, or improving any underlying AI models, whether ours or those of any third-party providers we may use.
3. Data We Collect and Why (Purpose and Legal Basis)
We collect and process personal data only when strictly necessary to provide and maintain the Service.
| Type of Data | Purpose of Processing | Legal Basis (GDPR) |
|---|---|---|
| Account Data (e.g., email address, password hash, user ID) | To create and manage your user account, provide authentication, and communicate service updates. | Contract performance (Art. 6(1)(b) GDPR) |
| User Content (Uploaded papers, citation lists, analysis prompts) | To execute the core function of the service (citation generation and AI analysis). | Contract performance (Art. 6(1)(b) GDPR) |
| Service Usage Data (Non-identifiable activity logs, e.g., features used, errors encountered, timestamps) | To monitor the performance, stability, and security of the Service, and to fix bugs. | Legitimate interest (Art. 6(1)(f) GDPR) |
4. How We Share Your Data
We will not sell or rent your personal data. We may share your data only in the following limited circumstances:
Service Providers (Processors): We may use third-party cloud hosting or essential infrastructure services (e.g., secure data storage, AI model access) to run the Service. These processors are contractually obligated to adhere to the strictest data protection standards and are prohibited from using your data for any other purpose.
Legal Requirement: If required to do so by law or in response to valid requests by public authorities (e.g., a court order).
5. International Data Transfers
As a company in the EU, any transfer of personal data outside the European Economic Area (EEA) will only occur if we ensure appropriate safeguards are in place, typically through the use of Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Your Data Protection Rights (GDPR Rights)
Under the GDPR, you have the following rights regarding your personal data:
- a. Right of Access: The right to request copies of your personal data.
- b. Right to Rectification: The right to request that we correct any information you believe is inaccurate or incomplete.
- c. Right to Erasure ('Right to be Forgotten'): The right to request that we erase your personal data under certain conditions.
- d. Right to Restrict Processing: The right to request that we restrict the processing of your personal data, under certain conditions.
- e. Right to Object to Processing: The right to object to our processing of your personal data, under certain conditions.
- f. Right to Data Portability: The right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- g. Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority (in Poland, the UODO - Urząd Ochrony Danych Osobowych).
7. Data Security
We implement robust technical and organizational measures to protect your personal data, including encryption, access controls, and regular security audits, to ensure confidentiality and integrity.
8. Retention
We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, primarily as long as you maintain an active account with us. If you delete your account, your data (including User Content) will be securely and permanently deleted within a reasonable period, except where retention is legally required.
9. Contact Us
If you have questions or wish to exercise any of your rights, please contact us at: