Legal

Privacy Policy

We believe your research is yours. Here is exactly how we handle your data.

Last updated: April 26, 2026·arxio.in

This Privacy Policy explains how Arxio collects, uses, and protects your personal data. By using Arxio, you agree to the practices described here.

1. Who We Are

Arxio ("we", "our", "us") is an AI-powered research assistant operated at arxio.in. For any privacy-related questions, contact us at privacy@arxio.in.

2. Data We Collect

We collect only what is necessary to provide the service:

Account Data

  • Name, email address, and hashed password when you sign up
  • Google profile information if you sign in with Google (name, email, profile photo)
  • Subscription tier and billing history (payment card details are handled by Stripe — we never store them)

Usage Data

  • PDFs you upload and the text extracted from them for processing
  • Research topics you submit
  • Chat messages you send within workspaces
  • Documents and presentations generated in your account
  • Feature usage counts (PDFs processed, messages sent) for plan limit enforcement

Technical Data

  • IP address and browser user-agent for security and abuse prevention
  • Server-side logs of API requests (retained for 30 days)
  • Error logs for debugging (stripped of document content)

3. How We Use Your Data

We use the data we collect to:

  • Process your uploaded PDFs and generate all workspace outputs
  • Conduct web research when you use Research Mode
  • Provide the chat assistant with context about your uploaded documents
  • Enforce your plan's usage limits and reset them monthly
  • Send transactional emails — account confirmations, password resets, plan receipts
  • Notify you of material changes to these policies (minimum 14 days notice)
  • Detect and prevent fraud, abuse, and security threats

We do not use your uploaded documents or generated content to train AI models. We do not sell your data to any third party.

4. Third-Party Services

Arxio integrates with the following third-party services to deliver its features. Each has its own privacy policy:

  • Groq API — AI processing for Free and Student plans (document content is sent to Groq for analysis)
  • OpenAI — AI processing for Pro and Scholar plans (document content is sent to OpenAI for analysis)
  • Tavily — Web search for Research Mode (search queries only, no document content)
  • Cloudflare R2 — Encrypted storage for uploaded PDFs and generated files
  • MongoDB Atlas — Database hosting for account and workspace metadata
  • Stripe — Payment processing (Stripe handles all card data; we receive only masked card info and subscription status)
  • Google OAuth — Optional sign-in via Google account
  • Qdrant — Vector database for Scholar plan RAG features (document embeddings stored, not raw text)

5. Data Storage and Security

Your data is stored on servers hosted in the EU and US. We implement the following security measures:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Passwords are hashed using bcrypt — we never store plain-text passwords
  • Uploaded PDFs and generated files are stored in Cloudflare R2 with access controlled by signed URLs
  • Database access is restricted to application servers only — no public access
  • JWT authentication tokens expire after 7 days and are refreshed securely

6. Data Retention

How long we keep your data depends on your plan:

  • Free plan — Workspaces and generated files are retained for 7 days, then permanently deleted
  • Student plan — Workspaces and files retained for 180 days from last activity
  • Pro and Scholar plans — Workspaces and files retained indefinitely while the account is active
  • All plans — Account data (name, email, subscription history) is retained until you delete your account
  • After account deletion, all personal data is permanently removed within 30 days

7. Your Rights

You have the following rights over your data:

  • Access — Request a copy of all personal data we hold about you
  • Correction — Update your name, email, or other account details at any time from Settings
  • Deletion — Delete your account and all associated data from Settings → Delete Account
  • Export — Download all your generated documents and uploaded PDFs at any time
  • Portability — Request a machine-readable export of your account data by emailing privacy@arxio.in
  • Objection — Object to any processing not strictly necessary for service delivery

To exercise any right, email privacy@arxio.in. We will respond within 14 days.

8. Cookies

Arxio uses strictly necessary cookies only:

  • Session cookie — Keeps you logged in between page loads (expires when you close the browser or after 7 days)
  • CSRF token — Protects against cross-site request forgery attacks

We do not use advertising cookies, tracking pixels, or analytics services that track you across other websites.

9. Children's Privacy

Arxio is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us at privacy@arxio.in and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy when our practices change. We will notify registered users by email at least 14 days before material changes take effect. The updated date at the top of this page always reflects the most recent revision.

11. Contact

For any privacy questions or requests, email privacy@arxio.in. We aim to respond within 2 business days.