CrucibleIQCrucibleIQ

Privacy Policy

Last updated: February 2, 2026

This Privacy Policy describes how Refracted Aspect Collective Inc. ("we," "us," or "our"), operating as CrucibleIQ, collects, uses, and shares your personal information when you use our website at crucibleiq.com and our application at app.crucibleiq.com (collectively, the "Service").

1. Information We Collect

Information you provide directly

  • Account information: Name, email address, and password when you create an account.
  • Profile and preferences: Institution type, institution name, research field, citation style preferences, and other settings you configure.
  • Research content: PDFs, documents, citations, notes, and other files you upload or create within the Service. This is your content and you retain full ownership of it.
  • Communications: Messages you send to us via email or support channels.

Information collected automatically

  • Usage data: Features used, pages visited, actions taken within the Service (e.g., searches performed, documents created, exports completed).
  • Device and browser information: Browser type, operating system, screen resolution, and device type.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Cookies: We use essential cookies for authentication and session management. See Section 7 for details.

Information from third parties

  • Authentication providers: If you sign in with Google or another third-party provider, we receive your name and email address from that provider.
  • Academic databases: When you use research discovery features, we query third-party academic databases (e.g., CrossRef, Semantic Scholar, OpenAlex) on your behalf. These queries include search terms you enter but not your personal information.

2. How We Use Your Information

We use your information to:

  • Provide the Service: Process your uploads, manage your citations, run searches, and deliver the features you use.
  • Maintain your account: Authenticate you, store your preferences, and manage your subscription.
  • Improve the Service: Analyze aggregate usage patterns to identify bugs, improve performance, and prioritize features. We do not read your research content for this purpose.
  • Communicate with you: Send account-related emails (password resets, trial reminders, subscription confirmations). We do not send marketing emails unless you opt in.
  • Prevent abuse: Detect and prevent unauthorized access, fraud, and violations of our Terms of Service.

3. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

Service providers

We use third-party services to operate CrucibleIQ:

Provider Purpose Data shared
Supabase Authentication, database, file storage Account data, preferences, uploaded files
Railway API server hosting IP address, API request logs
Vercel Web application hosting IP address, request logs
OpenAI Semantic search embeddings Text excerpts from your uploaded documents
Anthropic Metadata extraction, research query processing PDF page images, document text, research queries
Paddle Payment processing (Merchant of Record) Name, email, billing address, payment method
OpenAlex, CrossRef Academic paper discovery and metadata Search queries and paper identifiers (DOI, PMID)
Unpaywall Open access detection Paper DOIs only
LibKey (Third Iron) Institutional library access links Paper DOIs, your institution affiliation

AI processing of your content: CrucibleIQ uses OpenAI and Anthropic to power features such as semantic search, metadata extraction, and research query processing. When you upload a document or perform a search, excerpts of your content may be sent to these services for processing. We do not use your content to train AI models — both OpenAI and Anthropic's API terms prohibit using API inputs for model training. Your content is processed and discarded by these services; it is not retained by them.

Paddle as Merchant of Record: When you subscribe to CrucibleIQ, Paddle.com Market Limited acts as the Merchant of Record for your purchase. Paddle collects and processes your payment information directly. We do not receive or store your credit card number. Paddle has its own privacy policy governing how it handles your payment data: https://www.paddle.com/legal/privacy.

Paddle shares certain buyer data with us (name, email, country) under GDPR legitimate interests for the purposes of order fulfillment, product support, and fraud prevention. We only use buyer data received from Paddle for these purposes. We do not use Paddle buyer data for marketing unless you have separately opted in to marketing communications during the checkout process or via your account settings.

Legal requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

If Refracted Aspect Collective Inc. is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4. Data Retention

  • Account data: Retained for as long as your account is active. If you delete your account, we delete your personal information within 30 days, except where we are required to retain it for legal or accounting purposes.
  • Research content: Your uploaded PDFs, documents, highlights, and notes are deleted when you delete them, or within 30 days of account deletion.
  • Source records: When you delete a source from your project or delete your account, your personal association with the source is removed. The source record itself (title, authors, publication metadata) may be retained in our system if it is independently referenced by other users, or for deduplication purposes. In such cases, your identity is disassociated from the record. No other user can access your personal data, annotations, highlights, or notes associated with the source.
  • Usage analytics: Aggregate, anonymized usage data may be retained indefinitely. This data cannot be used to identify you.
  • Backups: Backup copies may persist for up to 90 days after deletion from the live system.

5. Your Rights

All users

You have the right to:

  • Access your personal data by viewing your account settings and exporting your content.
  • Correct inaccurate information by updating your profile and preferences.
  • Delete your account and associated data by contacting us at hello@crucibleiq.com.
  • Export your research content at any time using the built-in export features.

European Economic Area, UK, and Swiss residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you also have the right to:

  • Object to processing of your personal data.
  • Restrict processing of your personal data.
  • Data portability: Receive your personal data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

Our legal basis for processing your data is:

  • Contract performance: Processing necessary to provide the Service you signed up for.
  • Legitimate interests: Usage analytics to improve the Service, security monitoring.
  • Consent: Marketing communications (if you opt in).

California residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Delete your personal information.
  • Opt out of the sale of personal information. We do not sell personal information.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

6. Data Security

We implement reasonable security measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • Authentication via secure token-based sessions.
  • Row-level security policies on database tables ensuring users can only access their own data.
  • Regular security reviews of our codebase and infrastructure.

No method of transmission or storage is completely secure. If you discover a security vulnerability, please report it to hello@crucibleiq.com.

7. Cookies

We use cookies and similar technologies for:

  • Essential cookies: Authentication session tokens. Required for the Service to function. Cannot be disabled.
  • Preference cookies: Storing your settings (theme, font size). Functional but not strictly required.

We do not use advertising cookies or third-party tracking cookies. We do not participate in ad networks or cross-site tracking.

8. International Data Transfers

CrucibleIQ is operated by Refracted Aspect Collective Inc., a Canadian company. Your data may be processed in Canada, the United States, or other countries where our service providers operate. When data is transferred outside your country of residence, we rely on:

  • Standard contractual clauses (for transfers from the EEA/UK).
  • Service provider compliance with applicable data protection frameworks.

9. Children's Privacy

CrucibleIQ is designed for undergraduate students and researchers. We do not knowingly collect information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us at hello@crucibleiq.com and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights:

Refracted Aspect Collective Inc. Operating as CrucibleIQ

Email: hello@crucibleiq.com