1. Data Controller
The data controller for The Journal Claw ("Service") is:
dezent digital GmbHBaden 5400, Switzerland
UID: CHE-405.267.191
General Manager: Felix Schwenk
Data protection contact: support@thejournalclaw.com
2. Data We Collect
Account data
- Email address — required for account creation and magic link authentication.
- Subscription status — your plan type (Free or Pro), managed via Stripe.
Usage data
- Paper interactions — which papers you view, save, or mark as read.
- Feed subscriptions — your selected research topics and feeds.
- Email preferences — digest frequency and notification settings.
Payment data
Payment card details are collected and processed exclusively by Stripe. We never see or store your full card number. We receive only a Stripe customer ID, subscription status, and billing history.
Technical data
We collect minimal technical data necessary to operate the Service: IP address (for rate limiting and abuse prevention, not stored long-term), browser type, and access timestamps in server logs.
3. Legal Basis for Processing
We process your personal data on the following bases:
- Contract performance (Art. 6(1)(b) GDPR / Art. 31(1) nDSG) — processing necessary to provide the Service you signed up for, including account management, digest delivery, and subscription billing.
- Legitimate interest (Art. 6(1)(f) GDPR / Art. 31(1) nDSG) — service security, fraud prevention, and product improvement based on aggregated, anonymized usage patterns.
4. Data Processors
We use the following third-party processors to operate the Service:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database (PostgreSQL), authentication | EU (eu-central-2) |
| Cloudflare | Website hosting (Pages), compute (Workers), AI processing (Workers AI) | Global CDN (EU primary) |
| Stripe | Payment processing | US |
| Mailgun / Cloudflare Email | Transactional email delivery | EU / Global |
5. International Data Transfers
Your data is primarily stored in the EU (Supabase eu-central-2). Where data is transferred to the US (Stripe), we rely on:
- The EU-US Data Privacy Framework (DPF) for certified processors.
- Standard Contractual Clauses (SCCs) as a supplementary safeguard.
- Switzerland's adequacy decisions and the Swiss-US Data Privacy Framework where applicable.
6. Data Retention
- Account data — retained while your account is active. Deleted within 30 days of account deletion.
- Usage data — retained while your account is active. Anonymized or deleted within 30 days of account deletion.
- Payment records — retained for 10 years as required by Swiss commercial law (Art. 958f OR).
- Server logs — automatically deleted after 30 days.
7. Your Rights
Under the Swiss nDSG and GDPR (where applicable), you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate data.
- Deletion — delete your account and associated data via the Settings page or by contacting us.
- Export — receive your data in a portable, machine-readable format.
- Restriction — request that we limit processing of your data.
- Objection — object to processing based on legitimate interest.
To exercise any of these rights, email support@thejournalclaw.com. We will respond within 30 days. You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority.
8. Cookies
The Service uses only essential cookies required for authentication and session management. We do not use analytics cookies, advertising cookies, or third-party tracking pixels.
Because we only use strictly necessary cookies, no cookie consent banner is required under Swiss or EU law.
9. AI Data Processing
Our AI processes publicly available research paper metadata and abstracts from PubMed, OpenAlex, and medRxiv. This data is already public.
Your personal interactions with the Service (saved papers, read history, feed preferences) are private and are not used to train AI models. AI processing runs on Cloudflare Workers AI infrastructure and does not retain input or output data beyond the request lifecycle.
10. Children
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated at least 30 days in advance via the email address associated with your account. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
For any questions about this Privacy Policy or to exercise your data protection rights, contact us at:
dezent digital GmbHBaden 5400, Switzerland
Email: support@thejournalclaw.com
See also our Terms of Service.