← Back to Rigorem

Privacy Policy

Last updated: 2026-05-17

Rigorem is a tool that lets researchers upload a medical research paper and receive an AI-generated methodology review. This policy explains what we collect, how we use it, and who else sees it. We've tried to write it in plain English — if anything is unclear, email support@rigorem.com and we'll explain.

What we collect

  • If you sign in with a Magic Link, we collect only your email address. There is no password.
  • If you sign in with Google, Google passes us your email plus standard profile fields (name, profile picture, locale). Our authentication provider stores these fields, but the Rigorem application itself only uses your email — we don't read your name or picture anywhere in the product.
  • We do not store passwords. All authentication is passwordless.

What we do with your uploaded papers

  • The PDF file is deleted from our storage as soon as analysis is complete (usually within a couple of minutes after upload).
  • The extracted text from your PDF, and the AI-generated analysis, are retained for 30 days and then automatically deleted.
  • The Word report we generate is also retained for 30 days. During that window you can log in to your dashboard and re-download it.
  • After 30 days, the report file is permanently removed. Your paper's row stays in our database (so you can still see its filename in your history), but the analysis and report content are gone and cannot be recovered.

Third parties

We use a small number of vendors to run Rigorem. Each one only receives what it needs to do its job.

  • Supabase — hosts our authentication, database, and file storage.
  • A third-party AI provider — receives the text extracted from your PDF in order to produce the methodology analysis. This provider does not receive your email or any other account information.
  • Google — only if you choose to sign in with Google. Google sees that you authenticated to Rigorem.
  • Vercel — hosts the website. Standard HTTP request logs (including IP address and user agent) are recorded for operational and security reasons.
  • Cloudflare — handles DNS resolution for rigorem.com.

Cookies

We use one type of cookie: a session cookie from our authentication provider that keeps you logged in. It's HttpOnly, so JavaScript on the page can't read it. We do not use analytics cookies, tracking pixels, or advertising cookies.

Your rights

You can ask us at any time to show you what data we hold about you, or to delete your account and everything associated with it. Email support@rigorem.com and we aim to respond within 7 business days.

GDPR & CCPA

If you are a resident of the European Union, the United Kingdom, or California, you have additional rights under GDPR or the CCPA — including the right to access, delete, port, or object to the processing of your personal data. To exercise any of these rights, contact support@rigorem.com. We will not discriminate against you for exercising these rights.

Age

Rigorem is not intended for users under the age of 16. If you believe a minor has signed up, please contact us and we will remove the account.

Changes to this policy

If we make material changes to this policy, we'll email every registered user before the changes take effect. Minor wording fixes will be noted by updating the “Last updated” date at the top of this page.

Contact

Questions, concerns, or data requests: support@rigorem.com.