Privacy Policy
Effective: April 2026
1. Who we are
Athena is built and operated by Xavier Rojas. For questions about your data,
contact [email protected].
2. What we collect
| Data | Purpose | Storage |
|---|
| Email & password |
Authentication |
Shared auth database. Password is bcrypt-hashed. |
| Uploaded PDFs |
Paper processing & library |
Your isolated user directory on our server. |
| Library metadata |
Search, browse, enrichment |
Your isolated per-user SQLite database. |
| Usage analytics |
Improve the product |
Shared analytics database. Clicks, navigation, scroll. No paper content. |
3. Data isolation
Each user has their own SQLite database and file directory. Your library data
is not shared with, visible to, or accessible by other users. There are no
cross-user queries or shared data stores for library content.
4. AI processing
- Paper text is sent to our local AI pipeline for metadata extraction, tagging, and embedding generation.
- Paper text is not sent to third-party AI providers for training.
- Enrichment queries (DOI, title lookups) are sent to academic APIs: OpenAlex, CrossRef, Semantic Scholar, and arXiv.
5. Analytics & cookies
- Athena uses a first-party analytics tracker (no Google Analytics, no third-party trackers).
- The tracker records page views, clicks, and navigation patterns to improve the product.
- It does not record passwords, paper content, or personal information.
- You can opt out of analytics tracking via the consent banner. Your preference is stored locally in your browser.
- Athena uses a session cookie for authentication. This is essential for the service to work.
6. Third-party services
- Resend — transactional email (verification codes, password resets). Only your email address is shared.
- OpenAlex, CrossRef, Semantic Scholar, arXiv — academic metadata APIs. DOIs and titles are sent for enrichment lookups.
- Cloudflare — network security and tunnel. Cloudflare processes requests but does not access your library data.
7. Data export
You can export your entire library as a BibTeX file at any time from the
Export page. Your uploaded PDFs are available for individual download from
each paper's detail page.
8. Account deletion
You can delete your account from the Settings page. When you delete your account:
- Your account is immediately deactivated (you cannot log in).
- Your data is retained for 90 days in case you change your mind.
- During this period, contact [email protected] to restore your account.
- After 90 days, all data is permanently deleted: user record, library database, uploaded files, and analytics.
Export your data first if you want to keep it.
9. Data retention
Your data is kept as long as your account is active. Expired sessions are
cleaned up automatically. Deleted accounts are retained for 90 days before
permanent removal.
10. Changes
This policy may be updated as features are added. Significant changes will
be communicated to registered users.