PaperFeed Privacy Policy

Welcome to PaperFeed. We value your privacy and explain in this policy how we collect, use, and protect your personal information.

1. Information We Collect

1.1 Information We Collect

Account Information

When you sign in with Apple, we may collect:

• Apple user identifier (anonymous ID)
• Email address (if you choose to share it)
• Name (if you choose to share it)

Usage Data

• Your saved paper list
• Your search history
• Your subscribed research topics
• Your reading history
• Your in-app preference settings

AI Feature Data (only after your consent)

• AI chat messages you enter
• Paper title, abstract, and paper ID
• Paper full-text excerpts when needed for summary or Q&A
• Selected model identifier and language preference

Automatically Collected Data

• Device information (iOS version, device model)
• App crash logs (if any)
• Network request logs (for troubleshooting)

1.2 Information We Do Not Collect

2. How We Use Information

We use collected information to:

Provide Core Features

• Deliver personalized paper recommendations
• Sync saved papers and reading history
• Improve AI summary quality
• Manage subscriptions and notification preferences

Improve Services

• Analyze product usage to improve user experience
• Diagnose and fix technical issues
• Develop new features

Compliance and Security

• Prevent fraud and abuse
• Comply with legal requirements
• Protect user account security

3. Information Sharing

3.1 Third-Party Services

We rely on the following services:

Apple Sign In

• Purpose: user authentication
• Data shared: Apple user ID, email (optional)
• Policy: Apple Privacy Policy

arXiv API

• Purpose: retrieving paper metadata
• Data shared: search keywords, paper IDs
• Provider: Cornell University
• Website: https://arxiv.org

AI Service Providers

• Purpose: AI paper summaries and replies
• Data shared: AI chat text you enter, paper title, abstract, paper ID, and full-text excerpts only when needed
• Recipients: ZenMux gateway (zenmux.ai) and routed model providers (DeepSeek, OpenAI, Moonshot AI, Qwen, Zhipu AI, MiniMax)
• Consent: this data is sent only after you explicitly allow AI data sharing in-app
• Retention: providers may temporarily cache requests according to their own policies

DeepL Translation Service

• Purpose: paper title/abstract translation and inline text translation
• Data shared: source text, source/target language, and paper ID (when provided)
• Recipient: DeepL (deepl.com)
• Consent: enabled only after you allow AI data sharing in-app

Semantic Scholar API

• Purpose: citation data and recommendations
• Data shared: paper IDs
• Provider: Allen Institute for AI
• Website: https://www.semanticscholar.org

3.2 We Do Not Sell Your Data

3.3 Consent and Withdrawal

• Before first use of AI summary, AI chat, or AI translation, the app presents what data is sent and who receives it.
• If you do not allow, the app does not transmit these AI feature inputs to third-party AI services.
• You can withdraw consent anytime from Profile > Settings > AI Data Sharing.

3.4 Legal Requirements

We may disclose your information when required to:

• Comply with legal obligations
• Protect our rights and safety
• Prevent fraud or abuse

4. Data Storage and Security

4.1 Storage Location

• Server region: Mainland China (Alibaba Cloud)
• Backup: periodic encrypted backups
• Transport encryption: HTTPS/TLS for all traffic

4.2 Security Measures

We apply the following safeguards:

• Industry-standard encryption
• Access control and authentication
• Regular security reviews
• Timely security patching

4.3 Data Retention

• Account data: retained until account deletion
• Usage data: retained for 12 months for service improvement
• Log data: retained for 30 days for troubleshooting

5. Your Rights

Subject to applicable law, you may have rights to:

Access

• Request a copy of your personal data

Correction

• Request correction of inaccurate or incomplete information

Deletion

• Request deletion of your account and related data
• In-app path: Me -> Account -> Delete Account

Portability

• Request export of your data in a common format
• Contact: support@tanbox.site

Withdraw Consent

• You may withdraw consent at any time where processing is based on consent
• Withdrawal does not affect prior lawful processing

Object

• Object to certain processing under applicable law

6. Children's Privacy

PaperFeed is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete it promptly.

7. International Data Transfers

If you are located outside Mainland China:

• Your data may be transferred to servers in Mainland China
• We implement safeguards as required by applicable law
• We may use standard contractual protections where applicable

8. Cookies and Tracking Technologies

Technologies We Use:

• UserDefaults: local preference storage
• Session cookies: maintaining sign-in state

9. Changes to This Policy

We may update this policy from time to time. We may notify you by:

• Posting a prominent in-app notice
• Emailing registered users for material changes
• Updating the "Last Updated" date on this page

Your continued use of the app after updates means you accept the revised policy.

10. Contact Us

If you have questions about this policy, contact us:

• Email: support@tanbox.site
• Website: https://paper.tanbox.site

11. Additional Rights for California Residents (CCPA)

If you are a California resident, you may have rights to:

• Know the categories and specific pieces of personal information collected
• Know whether personal information is disclosed
• Opt out of sale of personal information (we do not sell data)
• Non-discrimination when exercising your rights

To exercise these rights, contact privacy@tanbox.site.

12. Additional Rights for EU/UK Residents (GDPR)

If you are in the EU or UK, you may have rights under GDPR, including:

• Lawful basis for processing (contract performance, legitimate interests, etc.)
• The right to lodge a complaint with your supervisory authority
• The right to obtain further details about processing activities

For GDPR-related requests, contact our DPO: dpo@tanbox.site.

We require third-party service providers to apply data protection measures that are at least equivalent under their privacy terms and applicable laws.