Legal

Privacy Policy

Last updated: 25 February 2026

1. Introduction

Kinvectum ("we", "us", or "our") operates the Scholarly pre-submission manuscript audit service (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information you provide when using the Service. By submitting a manuscript audit request, you agree to the practices described in this policy.

We take the confidentiality of your research seriously. Our data handling practices are designed to be minimal, purposeful, and time-limited.

2. Information We Collect

We collect only the information necessary to deliver your audit. This includes:

Identity & Contact
Your full name and email address, used to deliver your audit report and communicate with you about your submission.
Institutional Affiliation
Optional. Your university, hospital, or research institution, used solely for contextual understanding of your submission.
Manuscript Content
The abstract, methods summary, and statistical findings you paste into the submission form. This is the primary input for the AI audit engine.
Uploaded Files
Any files you upload (PDF, Word, PNG, etc.) to supplement your submission. These are stored temporarily in encrypted cloud storage.
Study Metadata
Study type, target journal, and desired turnaround time. Used to calibrate the journal-specific reviewer simulation.
Technical Data
Standard server logs including IP address, browser type, and access timestamps. These are retained for security and abuse prevention purposes only.

We do not require, request, or accept raw patient data, clinical trial datasets, identifiable participant information, or any data governed by GDPR Article 9 (special categories of personal data).

3. How We Use Your Information

Your information is used exclusively for the following purposes:

  • To process your manuscript audit request and generate a structured rejection risk report.
  • To communicate with you regarding your submission, including delivery of the completed audit report.
  • To send you an automated submission confirmation and status updates.
  • To improve the quality and accuracy of the audit engine over time, using anonymised and aggregated patterns only — never your identifiable content.
  • To comply with applicable legal obligations.

We do not use your manuscript content to train AI models, sell your data to third parties, or use it for any purpose beyond delivering the Service.

4. Data Retention and Deletion

We operate a strict data minimisation policy. Retention periods are as follows:

Manuscript content (abstract, methods, stats)
Deleted within 48 hours of audit delivery.
Uploaded files (PDF, Word, PNG, etc.)
Deleted within 48 hours of audit delivery.
Audit report output
Retained for 7 days to allow re-download, then permanently deleted.
Contact information (name, email)
Retained for up to 90 days for support and billing purposes, then deleted unless you have an active account.
Technical logs
Retained for up to 30 days for security purposes, then deleted.

You may request immediate deletion of all your data at any time by emailing [email protected] with the subject line "Data Deletion Request" and your submission ID. We will confirm deletion within 72 hours.

5. AI Processing and Confidentiality

Your manuscript content is processed by a large language model (LLM) to generate the audit report. This processing occurs server-side and is subject to the data handling terms of our LLM infrastructure provider. Your content is transmitted over encrypted connections (TLS 1.3) and is not stored by the LLM provider beyond the duration of the API call.

The AI audit engine does not retain memory between sessions. Each submission is processed in isolation. Your manuscript content is never used as training data for any AI model, by us or by our infrastructure providers.

For clients requiring a formal Non-Disclosure Agreement (NDA) prior to submission, NDAs are available upon request for Comprehensive tier clients. Please contact us at [email protected] before submitting.

6. Third-Party Services

We use a limited number of third-party services to operate the Service:

Cloud Storage (S3-compatible)
Encrypted temporary storage for uploaded files. Files are stored in EU-based data centres where possible.
LLM API Provider
Processes manuscript content to generate audit reports. No persistent storage of your content beyond the API call.
Email Delivery
Used to send submission confirmations and audit delivery notifications.

We do not share your personal data with advertising networks, analytics platforms, data brokers, or any third party for commercial purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access — to receive a copy of the personal data we hold about you.
  • Right to rectification — to correct inaccurate personal data.
  • Right to erasure — to request deletion of your personal data (see Section 4).
  • Right to restriction of processing — to limit how we use your data.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, or destruction. These include TLS 1.3 encryption in transit, AES-256 encryption at rest for uploaded files, access controls limiting who can view submission data, and regular security reviews.

No method of transmission over the internet is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. If you believe your data has been compromised, contact us immediately at [email protected].

9. Cookies and Tracking

The Service uses only essential session cookies necessary for the operation of the website (e.g., maintaining your session state). We do not use advertising cookies, third-party tracking pixels, or behavioural analytics tools. No cookie consent banner is required because we do not use non-essential cookies.

10. Children's Privacy

The Service is intended for use by researchers, academics, and healthcare professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data through the Service, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via the email address associated with your submission. The date of the most recent revision is shown at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Kinvectum
We aim to respond to all privacy-related enquiries within 5 business days.