Privacy Policy
Last updated: March 16, 2026
1. Overview
rounds.("we", "us") is committed to protecting your privacy. This policy explains what data we collect, why, and how we handle it.
2. Data We Collect
Account information:
- Email address and name (via Clerk authentication)
- Medical specialty and professional context (optional, user-provided)
- Research interests and topic preferences
Usage data:
- Articles viewed and bookmarked
- Reading patterns used to improve personalization
- Feedback survey responses
Technical data:
- IP address and browser type (standard web server logs via Vercel)
- We do not use tracking cookies or third-party analytics
3. How We Use Your Data
- Personalization: Your interests and reading history are used to rank and summarize articles relevant to you
- AI Processing: Your professional context may be sent to OpenAI to generate personalized summaries. OpenAI does not use API data for training.
- Service improvement: Aggregate, anonymized usage patterns help us improve the product
- Billing: Payment processing is handled by Stripe. We do not store credit card numbers.
4. Third-Party Services (Subprocessors)
We use the following third-party services to operate rounds.. Each acts as a data processor under GDPR Art. 28 and maintains its own data processing agreement:
| Service | Purpose | Data Shared | Region |
|---|---|---|---|
| Clerk | Authentication | Email, name | US |
| OpenAI | AI summaries & embeddings | Article text, professional context | US |
| Stripe | Payments | Email, subscription status | US/EU |
| Vercel | Hosting & edge network | Server logs, IP address | Global |
| Neon | PostgreSQL database | All app data (encrypted at rest) | US |
| Resend | Email delivery | Email address, digest content | US |
| Sentry | Error monitoring | Error traces (no PII) | US |
| Upstash | Rate limiting | Anonymized request counters | US |
OpenAI does not use data submitted via the API to train its models. All transfers to US-based processors rely on Standard Contractual Clauses (SCCs) or equivalent safeguards under GDPR Chapter V.
5. Data Retention
- Account data is retained while your account is active
- Article data is retained for up to 90 days after publication
- Feedback responses are retained indefinitely for product improvement
- Upon account deletion, personal data is removed within 30 days
6. Your Rights (GDPR / CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Update or correct your data via Settings
- Deletion: Delete your account and all associated data
- Portability: Export your data in a machine-readable format
- Objection: Opt out of AI-powered personalization
To exercise any of these rights, contact us through our Contact page or email us directly. We will respond within 30 days.
7. Security
We use industry-standard security measures including encrypted connections (TLS), secure authentication (Clerk), and access-controlled database infrastructure. However, no system is 100% secure, and we cannot guarantee absolute security of your data.
8. Children
The Service is not intended for users under 18 years of age. We do not knowingly collect data from minors.
9. Changes
We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification.
10. Contact
Questions about your data? Reach us through our Contact page.