Privacy Policy

The data controller is eUvidence Health, based in Paris, France. You can reach us at the support address shown in the application (the "Contact support" link inside your account).

Account data. When you sign in with a magic link, we store your email address and the optional profile fields you fill out on the onboarding screen (full name, specialty, hospital, location). All profile fields are optional.

Queries and responses. When you ask a question, we store your query, the papers retrieved, the prompt sent to the language model, and the model's answer. Storing the full prompt is required for the audit log under Article 12 of the EU AI Act. We also store basic operational data: model identity, latency, thumbs feedback, and the prompt version.

Anonymous preview. The single anonymous preview query shown on the landing page is not persisted with your account and is not used to train any model.

Email delivery telemetry. Outbound transactional emails (magic-link, support acknowledgement) record send status, timestamps, and a click flag. We use this to detect deliverability issues. We do not track open events or use tracking pixels.

Billing. If you subscribe, billing is processed by Stripe. We store your Stripe customer id and subscription status; we never see or store your card details.

To provide the service (authenticate you, return results, maintain your chat history); to meet legal obligations (AI Act Art. 12 audit log; tax / accounting where applicable); to detect abuse and protect the service; to support you.

Data is stored in the European Union. Access is restricted to eUvidence Health team members on a need-to-know basis. We use the following processors:

• Database and hosting: Railway (EU region).
• Email delivery: Brevo (EU).
• Search backend: Retrievall.
• Language model: Anthropic and/or Mistral.
• Payments: Stripe (when you subscribe).

Provider retention follows each provider's published policy. We never share your queries with third parties for advertising or training.

The text of your queries, the retrieved papers, and the model's answer are automatically removed after the privacy window configured on the service. Structured audit fields (timestamp, model identity, latency, thumbs feedback, prompt version) are retained longer because they form the AI Act audit record. Email delivery telemetry is retained for a maximum of 12 months.

Under the GDPR you can: access the data we hold on you; correct it; ask us to delete it; export it; restrict or object to processing; lodge a complaint with your national data protection authority (CNIL in France). To exercise any of these rights, contact us via the "Contact support" link in the application.

We may update this policy as the product evolves. Material changes will be announced inside the application; the date at the top of this page reflects the current version.