Privacy Policy

Autherly (“Autherly”, “we”, “us”) is an independent service operated by an individual. This policy explains what personal data we collect when you use Autherly, why we collect it, who we share it with, and the rights you have over it. By using Autherly you agree to this policy.

Who is responsible for your data

Autherly is operated by a sole individual acting as the data controller. For any privacy request — access, correction, deletion, or a complaint — contact us through the contact page. We aim to respond within 30 days.

What we collect

• Account data — your name, email address, and (optionally) institution and specialty, used to create and operate your account.
• Manuscript content — the intake details you enter and the drafts we generate, stored so you can return to your work.
• Usage data — counts of drafts and conversions, your plan, and subscription status, used to enforce plan limits.
• Payment data — handled entirely by our payment provider (see below). We never see or store your card details.
• Technical logs — basic request and error logs used to keep the service secure and working.

Patient data — your responsibility to de-identify

Autherly is a writing tool, not a system of record for patient information, and we do not sign Business Associate Agreements (BAAs). You must remove all patient identifiers — names, initials, dates of birth, record numbers, addresses, and any other identifying detail — before entering anything. Reporting standards such as CARE already require this. Do not submit protected health information (PHI) or other identifiable personal data about third parties to Autherly.

Why we use your data

• To provide the service — generate, store, and let you edit your manuscripts.
• To verify citations against external databases (PubMed, Crossref, Retraction Watch).
• To manage your subscription, plan limits, and billing.
• To send essential service emails (e.g. account confirmation, upgrade receipts).
• To keep the service secure and to comply with our legal obligations.

Where the GDPR applies, our legal bases are performance of our contract with you (providing the service), our legitimate interests (security and improvement), and your consent where required.

Who we share it with (processors)

We use a small number of trusted providers to run Autherly:

• Supabase — database, authentication, and storage of your account and manuscripts.
• Anthropic (Claude) — generates draft text from the intake details you provide. Inputs are processed to return your draft.
• Lemon Squeezy — our Merchant of Record; handles all payments and card data.
• Resend — sends transactional emails.
• Vercel — hosts and serves the application.

We do not sell your personal data, and we do not share it for advertising. Some providers may process data outside your country; where required we rely on their standard contractual safeguards.

How long we keep it

We keep your account and manuscript data for as long as your account is active. When you delete your account, your profile, manuscripts, and related records are permanently removed (deletion cascades across our database). Some minimal logs may persist for a short period for security and legal reasons.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can edit your profile and delete your account at any time from your settings, or contact us to exercise any of these rights.

Security

We protect your data with row-level database security, encrypted connections, signature-verified webhooks, and access controls that keep service credentials on the server only. No system is perfectly secure, but we take reasonable measures to safeguard your information.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above. Continued use of Autherly after a change means you accept the revised policy.