Privacy Policy

Effective date: January 14, 2026 For users transitioning from prior terms, these terms are effective January 29, 2026.

Contact: contact@beaverapp.ai

Who we are. Beaver is an AI-assisted research tool that integrates with reference managers and document editors (such as Zotero and Microsoft Word). Features include semantic search, a reading assistant, and chat with your library. Depending on your plan, your data may be processed locally on your device or synced to our servers for enhanced features. We are not affiliated with Zotero, Microsoft, or any other third-party platform.

By using Beaver, you agree to this Privacy Policy.

Important: Which Policy Applies to You

Beaver offers different service tiers with different data practices:

Free Tier: Privacy-focused, minimal data collection. Your library stays on your device. We only access titles and abstracts for search functionality. Full paper content remains on your device unless it is accessed by an AI-powered feature (such as chat or automated processing).

Beta/Pro Tier: Full-featured sync. Your library data (including files and attachments) is synced to our servers for enhanced AI features, cross-device access, advanced search capabilities, and other features.

Which tier am I on? Your current tier is shown in your account settings. This policy describes data practices for each tier below.

This policy describes both tiers. Sections that apply only to one tier are clearly marked. Where no distinction is made, the provision applies to all users.

1) What data we collect

All users (Free and Beta/Pro)

Account & contact data. Name (if provided), email, settings, plan/tier, and communications with us (e.g., support, Slack).

Connected service identifiers. If you connect external accounts (such as Zotero), we store identifiers necessary to link your Beaver account with those services.

Credit balances. We track your available and used credits (AI credits, page processing credits) for billing and service delivery.

Prompts, outputs, and usage (AI Data). Your queries/prompts (whether entered manually or triggered by automated features), model responses, usage metrics (including model configurations, token counts, cost calculations, and billing information), and technical telemetry (timestamps, request metadata, error logs). This includes both interactive chat sessions and any background or automated AI processing. See Section 4 for how this is used.

AI-generated content and history. Your interaction history (including chat conversations and outputs from automated features) is stored on our servers to enable cross-session access. This history includes:

Prompts and AI Agent responses.
Document excerpts: When the AI Agent determines a search is necessary to answer your query, relevant text segments are retrieved and become part of the chat history.
Manual content additions: If you explicitly "attach" a file or annotation, the text is extracted and added to the conversation history.
Document images: If a page contains visual content (like charts or diagrams) or if text extraction fails, the AI Agent may retrieve an image of that specific page. These images are stored as part of the chat history.

How content is retrieved differs by tier:

Free Tier: Document excerpts, attached content, and images are retrieved from your local device via a secure connection. We do not store your original PDF files—only the specific text segments and page images that become part of a conversation.
Beta/Pro Tier: Document content is retrieved from files already synced to our servers or from your local device via a secure connection.

System logs. We collect and store logs of service activity that may include:

Your user identifier (e.g., user ID, account ID)
Limited application data particularly for errors
Timestamps, request paths/URLs, HTTP status codes
Performance metrics (latency, throughput)
Error and debug messages
IP addresses and device/browser metadata

System logs are processed and stored by our subprocessors (Logfire and Google Cloud Platform) in the United States and are retained for up to 90 days, after which they are automatically deleted. We use system logs to monitor and improve service performance, diagnose and fix operational issues, respond to customer support requests, and detect and prevent abuse or fraud.

AI usage logs. We maintain operational records of your AI interactions (including chat and automated features) for billing verification, usage tracking, and dispute resolution, stored in our primary database. These usage logs are used for billing and usage tracking, operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

Payments. If paid plans are offered, payments are handled by our payment processor. We don't store full payment card numbers.

BYOK (Bring‑Your‑Own‑Key). If you supply your own AI provider API key, we do not store it server‑side and do not log it; it is transmitted with each request to your chosen provider.

Free Tier Only

Limited metadata access. We access only the titles and abstracts of items in your library to generate embeddings for search functionality. We do not access or sync your full library metadata, PDFs, or other file attachments unless they are accessed by an AI-powered feature (such as chat or automated processing).

Your library stays local. Your library database and all files remain on your local device. We do not create a server-side copy of your library.

Temporary processing. Titles and abstracts are transmitted temporarily to generate embeddings. Once the embeddings are sent back to your local device, they are not stored on our servers. We do not maintain a server-side vector database for Free Tier users

Beta/Pro Tier Only

Full library sync. We access and sync all metadata and files (such as PDFs and other attachments) for the libraries you choose to sync with Beaver. Library metadata includes bibliographic information for each item and attachment, collections, tags, and other organizational data. We process and derive embeddings/indexes from your files to power search and AI features.

Sync logs. We maintain operational records of synchronization activities between your connected libraries and our service, including sync status, timestamps, item counts, and error details. These records are essential for maintaining data consistency and troubleshooting sync issues and are stored in our primary database.

File processing logs. We maintain operational records related to file processing for billing verification, usage tracking, and dispute resolution, stored in our primary database. These file processing logs are used for billing and usage tracking, operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

2) How we use your data (purposes)

Provide the service.

Free tier: Process titles and abstracts to create embeddings/indexes for search; route your prompts to selected AI models; run automated AI features you enable; maintain your account and settings; store interaction history.
Beta/Pro tier: Sync, store, and process your library data; create embeddings/indexes; route your prompts to selected AI models; run automated AI features you enable; maintain your account and settings; store interaction history.

Security & abuse prevention. Detect/prevent misuse, fraud, and service disruption.

Analytics & reliability. Measure performance and fix bugs.

Billing & operational integrity. Track usage metrics, calculate costs and credits, verify billing accuracy, and resolve usage disputes.

Quality improvement (with your consent only); see Section 4.

Legal. Comply with law, enforce terms, respond to lawful requests.

3) Where we process data; subprocessors

We primarily process and store data in the United States (Google Cloud us‑central). We use reputable subprocessors to host and operate Beaver. Subprocessors include:

Google Cloud Platform (Cloud Run/Functions/Storage, including infrastructure logs)
Supabase (database/storage/auth)
Voyage AI (embedding)
turbopuffer (vector database)
Modal (data processing)
Logfire (application logging and monitoring)
E2B (sandboxed code execution)
Generative AI APIs (including OpenAI, Anthropic, Google Gemini, Fireworks AI, Groq, and other providers) for chat, summarization, and document processing

This list may be updated from time to time. We will make reasonable efforts to notify users of material changes.

4) Prompts/outputs ("AI Data") & training

Our commitment. We never use your library files, attachments, or images of document pages for model training, quality improvement, or evaluations. For AI Data (text prompts and AI-generated outputs from both interactive and automated features), we only use this data for improvement if you explicitly opt-in via your account settings.

What may be used (with your consent only). If you enable data sharing in your account settings, we may use your AI Data for purposes such as model training, feature evaluation, quality measurement, research, and the overall improvement of Beaver. AI Data includes your prompts, AI responses, and any document excerpts or page images that were retrieved during an interaction—whether from a chat conversation or an automated feature. It may also include metadata associated with library items—such as authors, titles, abstracts, and other bibliographic information. However, we do not use your original PDF files or full library attachments for training—only the specific content processed by AI features. You can change your data sharing preference at any time in your account settings.

30‑day window & de‑identification. AI Data used for product improvement remains linked to your account for up to 30 days to support operations, safety reviews, and user deletion requests. After that, we store the data separately and remove direct identifiers (e.g., account ID/email) and use automated systems to identify and remove or replace personal information within the content itself before using it for product improvement. We do not consider references to published research, academic authors, or scholarly works to be personal information requiring removal. However, we cannot guarantee that all personal information will be detected and removed through this automated process.
Deletion during the window. You can request deletion during the 30‑day window; we will delete linked AI Data and the data will not be used for product improvement even if you previously consented. After de‑identification, we generally cannot re‑associate or delete specific records.

Providers & BYOK reminder. When using Beaver-funded credits, we configure supported providers not to train on your data where such settings are available. When using your own API key (BYOK), your provider's terms and data practices apply and are outside our control. We do not store your API key; it is transmitted securely with each request.

Support access to specific files (only if you ask). If you request support (e.g., "this file doesn't work"), you authorize limited access to that file solely to diagnose and fix the issue. Access is limited to authorized personnel. Any copies or derived troubleshooting artifacts are deleted within 30 days after the ticket is closed (unless you ask us to keep them longer). You are responsible for having the right to share the file.

5) Lawful bases (EU/UK/EEA)

We process personal data on these bases:

Contract (Art. 6(1)(b)): to provide the service you request.

Legitimate interests (Art. 6(1)(f)): service reliability, security/anti‑abuse, analytics, and system monitoring.

Consent (Art. 6(1)(a)): for using AI Data for improvement purposes; you can withdraw consent at any time in Settings.

Legal obligation (Art. 6(1)(c)): compliance with law.

Controller/processor roles.

Free tier: We act as an independent controller for your account data, chat data, and the titles/abstracts we process for embeddings.
Beta/Pro tier: For library data you upload/sync, you are typically the controller and we act as your processor; for account/operations data, we may act as independent controller.

A Data Processing Addendum (DPA) is available on request for Beta/Pro tier users.

6) International transfers

Your data may be transferred to the U.S. and other countries with different data‑protection laws. These transfers are primarily carried out by our trusted infrastructure providers (e.g., Google Cloud, Supabase).

For EU/UK/Swiss personal data, we rely on appropriate safeguards—such as Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA/Addendum—to ensure an adequate level of protection. These vendors conduct transfer assessments and implement additional technical, contractual, and organizational measures as required under applicable laws.

7) How we share data

Service providers/subprocessors. Hosting, storage, analytics, email, support tools, vector DB, and AI providers for inference/embeddings.

BYOK providers. When you use your own API key, your prompts and necessary context go directly to your chosen provider under their terms.

Legal and safety. To comply with law, protect rights/safety, prevent fraud/abuse, or respond to lawful requests.

Business changes. In a merger, acquisition, or asset transfer, your data may be transferred subject to this Policy.

Data sharing. We do not sell personal information as defined by the California CPRA, nor do we share it for cross‑context behavioral advertising.

8) Retention

Account data: kept while your account is active. Upon deletion request, account deletion is scheduled and completed within 10 days, with email notification sent when deletion is finished. You can continue using the service during this period until your authentication token expires. Some minimal records may be retained for up to 90 days for backup, dispute resolution, and audit purposes.

Embeddings:

Free tier: Embeddings derived from titles and abstracts are only stored on your local device. Never on our server.
Beta/Pro tier: Library files and embeddings retained while needed to provide features you use; deleted upon account deletion subject to backup/log schedules.

AI Data: retained while needed to provide the service; when used for product improvement (with your consent), linked up to 30 days, then de‑identified (Section 4).

Usage & billing logs: usage metrics, cost calculations, and billing data retained for operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

Support artifacts: deleted within 30 days of ticket closure unless you ask us to keep them longer.

System logs: retained for up to 90 days by our logging providers (Logfire and Google Cloud Platform) and then automatically deleted. Infrastructure logs may be retained by our hosting providers per their operational schedules.

Sync logs (Beta/Pro tier only): retained in our database while your account is active and for operational integrity. Upon account deletion, these are deleted along with other account data.

AI usage logs: billing and usage tracking data retained in our database for operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

File processing logs (Beta/Pro tier only): billing and usage tracking data retained in our database for operational integrity, dispute resolution, and regulatory compliance as required by applicable laws and our billing policies.

Backups/logs: retained per operational schedules; some records may persist as anonymized or aggregated data.

Free‑account storage hygiene (Beta/Pro tier only). For free Beta/Pro accounts, we may periodically delete our stored copies of attachments and derived data (e.g., text extracts, OCR, embeddings, thumbnails) when items are inactive, while your originals remain in connected sources. If you access an item again, we may re‑fetch and re‑process it on demand.

Tier migration for inactive Beta/Pro accounts. If a non-paying Beta/Pro tier account has no service activity (such as chat messages or automated processing) for 90 days, we may migrate it to the Free tier and delete server-side copies of your library files and derived data (embeddings, processed text, thumbnails). We will send notice to the email on file and provide at least 14 days to sign in and use the service to retain your current tier. Your account credentials, settings, and interaction history are preserved. Your original files in connected sources are unaffected. This does not apply to paid subscription accounts in good standing.

Inactive account deletion (free accounts). If a free account has no service activity for 90 days, we may deactivate it and later delete the account and remaining data after providing at least 14 days' notice to the email on file. We'll keep only the minimal records we need for security, fraud prevention, accounting, or legal compliance (e.g., transaction records), which we delete when no longer needed.

Backups and logs. Backups and system logs are kept for limited periods and are overwritten on a rolling basis. Deleted items may remain in backups until those backups cycle, after which they are permanently removed.

9) Security

We use reasonable administrative, technical, and physical safeguards (e.g., encryption in transit/at rest where applicable, access controls, monitoring). No system is perfectly secure. You're responsible for:

Free tier: Keeping credentials safe and using up‑to‑date software. Your library data remains on your device and is subject to your own security practices.
Beta/Pro tier: Selecting which library to sync, keeping credentials safe, and using up‑to‑date software.

10) Your rights

EU/UK/EEA. You may have rights to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. You can also lodge a complaint with your local supervisory authority.

California (CPRA). California residents may request access, correction, or deletion of personal information, and may opt out of "sale" or "sharing" (we do not sell/share personal information as defined by CPRA). We will not discriminate for exercising your rights.

How to exercise rights. Email contact@beaverapp.ai. We may need to verify your identity and, where we act as a processor, redirect your request to the applicable controller.

Account deletion. You can request account deletion from the account page on our webpage. Deletions are typically completed within 10 days and you'll receive email confirmation when the process is finished.

11) Cookies and similar technologies

Our desktop and plugin-based products do not use browser cookies.

Our website may use essential cookies (e.g., for authentication or remembering settings) to support account management and basic functionality. We may also use analytics or performance technologies to understand usage and improve reliability. You can manage cookies in your browser; blocking some cookies may affect functionality.

If we expand the site into a full web app, we will update this section accordingly.

12) Children

Beaver is not for children under 13, or under the age of digital consent where applicable. We do not knowingly collect data from children in those categories.

13) Non‑affiliation

Beaver is not an official service of Zotero, Microsoft, or any other third-party platform or university.

14) Changes to this Policy

We may update this Policy. If changes are material, we will provide notice (e.g., in‑app or by email) and update the effective date. Your continued use after the new effective date means you accept the changes.

15) Contact

Email: contact@beaverapp.ai