Privacy Policy

Effective date: August 11, 2025

Who we are. Beaver is a Zotero plugin and backend that lets you sync your Zotero data to our servers so you can run keyword/semantic search and AI‑assisted features. We are not affiliated with Zotero.

By using Beaver, you agree to this Privacy Policy.

1) What data we collect

Account & contact data. Name (if provided), email, settings, plan/tier, and communications with us (e.g., support, Slack).

Zotero Library data. We access all Zotero metadata and files (such as PDFs and other attachments) for the libraries you choose to sync with Beaver. Zotero metadata includes bibliographic information for each item and attachment, collections, tags and other Zotero data. We process and derive embeddings/indexes from your files to power search and AI features.

Prompts, outputs, and usage (Chat Data). Your queries/prompts, model responses, usage metrics (including model configurations, token counts, cost calculations, and billing information), and technical telemetry (timestamps, request metadata, error logs). See Section 4 for how this is used.

System logs. We collect and store logs of service activity that may include:

Your user identifier (e.g., user ID, account ID)
Limited application data particularly for errors
Timestamps, request paths/URLs, HTTP status codes
Performance metrics (latency, throughput)
Error and debug messages
IP addresses and device/browser metadata

System logs are processed and stored by our subprocessors (Logfire and Google Cloud Platform) in the United States and are retained for up to 90 days, after which they are automatically deleted.We use system logs to monitor and improve service performance, diagnose and fix operational issues, respond to customer support requests, and detect and prevent abuse or fraud.

Sync logs. We maintain operational records of synchronization activities between your Zotero library and our service, including sync status, timestamps, item counts, and error details. These records are essential for maintaining data consistency and troubleshooting sync issues and are stored in our primary database.

Chat usage logs. We maintain operational records of your chat interactions for billing verification, usage tracking, and dispute resolution, stored in our primary database. These chat usage logs are used for billing and usage tracking, operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

File processing logs. We maintain operational records related to file processing for billing verification, usage tracking, and dispute resolution, stored in our primary database. These file processing logs are used for billing and usage tracking, operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

Payments. If paid plans are offered, payments are handled by our payment processor. We don't store full payment card numbers.

BYOK (Bring‑Your‑Own‑Key). If you supply your own AI provider API key, we do not store it server‑side and do not log it; it is transmitted with each request to your chosen provider.

2) How we use your data (purposes)

Provide the service. Sync, store, and process your Zotero data; create embeddings/indexes; route your prompts to selected AI models; maintain your account and settings.

Security & abuse prevention. Detect/prevent misuse, fraud, and service disruption.

Analytics & reliability. Measure performance and fix bugs.

Billing & operational integrity. Track usage metrics, calculate costs and credits, verify billing accuracy, and resolve usage disputes.

Quality improvement (with your consent only); see Section 4.

Legal. Comply with law, enforce terms, respond to lawful requests.

3) Where we process data; subprocessors

We primarily process and store data in the United States (Google Cloud us‑central). We use reputable subprocessors to host and operate Beaver. Subprocessors include:

Google Cloud Platform (Cloud Run/Functions/Storage, including infrastructure logs)
Supabase (database/storage/auth)
Voyage AI (embedding)
turbopuffer (vector database)
Logfire (application logging and monitoring)
Generative AI APIs (e.g., OpenAI, Anthropic, Google Gemini) for chat, summarization, and document processing

This list may be updated from time to time. We will make reasonable efforts to notify users of material changes.

4) Prompts/outputs ("Chat Data") & training

Our commitment. We never use your files and attachments ("Files") for model training, quality improvement, or evaluations. For Chat Data (prompts, queries, AI-generated outputs, and associated metadata such as timestamps or feature usage logs), we only use this data for improvement purposes if you explicitly consent through your account settings.

What may be used (with your consent only). If you enable data sharing in your account settings, we may use your Chat Data for purposes such as model training, feature evaluation, quality measurement, research, and the overall improvement of Beaver. This may include metadata associated with Zotero items—such as authors, titles, abstracts, and other bibliographic information. However, this does not include your PDFs or other attached library files, which are always excluded from training and improvement efforts. You can change your data sharing preference at any time in your account settings.

30‑day window & de‑identification. Chat Data used for product improvement remains linked to your account for up to 30 days to support operations, safety reviews, and user deletion requests. After that, we store the data separately and remove direct identifiers (e.g., account ID/email) and use automated systems to identify and remove or replace personal information within the prompt content itself before using it for product improvement. We do not consider references to published research, academic authors, or scholarly works to be personal information requiring removal. However, we cannot guarantee that all personal information will be detected and removed through this automated process.
Deletion during the window. You can request deletion during the 30‑day window; we will delete linked Chat Data and the data will not be used for product improvement even if you previously consented. After de‑identification, we generally cannot re‑associate or delete specific records.

Providers & BYOK reminder. When using Beaver-funded credits, we configure supported providers not to train on your data where such settings are available. When using your own API key (BYOK), your provider’s terms and data practices apply and are outside our control. We do not store your API key; it is transmitted securely with each request.

Support access to specific files (only if you ask). If you request support (e.g., "this file doesn't work"), you authorize limited access to that file solely to diagnose and fix the issue. Access is limited to authorized personnel. Any copies or derived troubleshooting artifacts are deleted within 30 days after the ticket is closed (unless you ask us to keep them longer). You are responsible for having the right to share the file.

5) Lawful bases (EU/UK/EEA)

We process personal data on these bases:

Contract (Art. 6(1)(b)): to provide the service you request.

Legitimate interests (Art. 6(1)(f)): service reliability, security/anti‑abuse, analytics, and system monitoring.

Consent (Art. 6(1)(a)): for using Chat Data for improvement purposes; you can withdraw consent at any time in Settings.

Legal obligation (Art. 6(1)(c)): compliance with law.

Controller/processor roles. For library data you upload/sync, you are typically the controller and we act as your processor; for account/operations data, we may act as independent controller. A Data Processing Addendum (DPA) is available on request.

6) International transfers

Your data may be transferred to the U.S. and other countries with different data‑protection laws. These transfers are primarily carried out by our trusted infrastructure providers (e.g., Google Cloud, Supabase).

For EU/UK/Swiss personal data, we rely on appropriate safeguards—such as Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA/Addendum—to ensure an adequate level of protection. These vendors conduct transfer assessments and implement additional technical, contractual, and organizational measures as required under applicable laws.

7) How we share data

Service providers/subprocessors. Hosting, storage, analytics, email, support tools, vector DB, and AI providers for inference/embeddings.

BYOK providers. When you use your own API key, your prompts and necessary context go directly to your chosen provider under their terms.

Legal and safety. To comply with law, protect rights/safety, prevent fraud/abuse, or respond to lawful requests.

Business changes. In a merger, acquisition, or asset transfer, your data may be transferred subject to this Policy.

Data sharing. We do not sell personal information as defined by the California CPRA, nor do we share it for cross‑context behavioral advertising.

8) Retention

Account data: kept while your account is active. Upon deletion request, account deletion is scheduled and completed within 10 days, with email notification sent when deletion is finished. You can continue using the service during this period until your authentication token expires. Some minimal records may be retained for up to 90 days for backup, dispute resolution, and audit purposes.

Library files & embeddings: retained while needed to provide features you use; deleted upon account deletion subject to backup/log schedules.

Chat Data: retained while needed to provide the service; when used for product improvement (with your consent), linked up to 30 days, then de‑identified (Section 4).

Usage & billing logs: usage metrics, cost calculations, and billing data retained for operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

Support artifacts: deleted within 30 days of ticket closure unless you ask us to keep them longer.

System and sync logs: retained for up to 90 days by our logging providers (Logfire and Google Cloud Platform) and then automatically deleted. Infrastructure logs may be retained by our hosting providers per their operational schedules.

Sync logs: retained in our database while your account is active and for operational integrity. Upon account deletion, these are deleted along with other account data.

Chat usage logs: billing and usage tracking data retained in our database for operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

File processing logs: billing and usage tracking data retained in our database for operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

Backups/logs: retained per operational schedules; some records may persist as anonymized or aggregated data.

Free‑account storage hygiene. For free accounts, we may periodically delete our stored copies of attachments and derived data (e.g., text extracts, OCR, embeddings, thumbnails) when items are inactive, while your originals remain in Zotero. If you access an item again, we may re‑fetch and re‑process it on demand.

Inactive account deletion (free accounts). If a free account shows no account activity for 90 days, we may deactivate it and later delete the account and remaining data after providing at least 7 days' notice to the email on file. We'll keep only the minimal records we need for security, fraud prevention, accounting, or legal compliance (e.g., transaction records), which we delete when no longer needed.

Backups and logs. Backups and system logs are kept for limited periods and are overwritten on a rolling basis. Deleted items may remain in backups until those backups cycle, after which they are permanently removed.

9) Security

We use reasonable administrative, technical, and physical safeguards (e.g., encryption in transit/at rest where applicable, access controls, monitoring). No system is perfectly secure. You're responsible for selecting which library to sync, keeping credentials safe, and using up‑to‑date software.

10) Your rights

EU/UK/EEA. You may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. You can also lodge a complaint with your local supervisory authority.

California (CPRA). California residents may request access, correction, or deletion of personal information, and may opt out of "sale" or "sharing" (we do not sell/share personal information as defined by CPRA). We will not discriminate for exercising your rights.

How to exercise rights. Email contact@beaverapp.ai. We may need to verify your identity and, where we act as a processor, redirect your request to the applicable controller.

Account deletion. You can request account deletion from the account page on our webpage. Deletions are typically completed within 10 days and you'll receive email confirmation when the process is finished.

11) Cookies and similar technologies

Our main product—a Zotero plugin—does not use browser cookies.

Our website may use essential cookies (e.g., for authentication or remembering settings) to support account management and basic functionality. We may also use analytics or performance technologies to understand usage and improve reliability. You can manage cookies in your browser; blocking some cookies may affect functionality.

If we expand the site into a full web app, we will update this section accordingly.

12) Children

Beaver is not for children under 13, or under the age of digital consent where applicable. We do not knowingly collect data from children in those categories.

13) Non‑affiliation

Beaver is not an official service of Zotero or any university.

14) Changes to this Policy

We may update this Policy. If changes are material, we will provide notice (e.g., in‑app or by email) and update the effective date. Your continued use after the new effective date means you accept the changes.

15) Contact

Email: contact@beaverapp.ai