Privacy Policy

Last updated: 2026-05-21

Who we are

PharmaCliff is operated by Lukas Jankauskas, an independent founder registered as individuali veikla in Lithuania, EU. Contact: hello@pharmacliff.eu.

What we collect

When you sign up or subscribe, we collect:

  • Your email address (required for login + digest delivery)
  • Your tracked therapeutic areas and jurisdictions (to personalize digests)
  • Your subscription status and Stripe customer ID (for billing)
  • Your feedback signals (👍/👎 on patents in digests) — to improve AI scoring
  • IP address and user agent (for security audit log + rate limiting)
  • Webhook URLs you configure (Slack, Teams) — stored encrypted at rest
  • API keys you generate — stored as SHA-256 hashes, never plaintext

We do not collect: payment card data (Stripe handles this directly), web tracking pixels, third-party analytics cookies, or location beyond IP.

How we use it

Strictly for delivering the PharmaCliff service:

  • Send weekly patent digests to your email
  • Personalize digest content to your tracked areas
  • Improve our AI relevance scoring with your feedback signals
  • Process subscription payments (via Stripe)
  • Detect and prevent abuse (rate limits, audit logs)

We do not sell your data, share it with advertisers, or use it for any purpose outside the service.

Legal basis (GDPR)

We process your data under:
  • Contract performance (Art. 6(1)(b)) — for delivering the service you subscribed to
  • Legitimate interests (Art. 6(1)(f)) — for security audit logs and rate limiting
  • Consent (Art. 6(1)(a)) — for any future marketing emails (currently none)

Your rights

Under GDPR, you can:
  • Access all data we hold about you — download via /dashboard/account
  • Correct inaccurate data — change your preferences anytime in the dashboard
  • Delete your account and all associated data — via dashboard, 7-day grace period then hard delete
  • Portability — your data export is JSON, ready to import elsewhere
  • Object — email hello@pharmacliff.eu to object to specific processing
  • Lodge a complaint with your national data protection authority (Lithuania: VDAI)

Third parties (data processors)

  • Stripe Inc. — payment processing. Stripe's privacy policy.
  • Resend — transactional email delivery. Resend's privacy policy.
  • Vercel Inc. — hosting and CDN. Vercel's privacy policy.
  • Neon (or equivalent) — PostgreSQL database hosting in EU region.
  • Anthropic / OpenRouter — LLM API for patent relevance scoring. Patent metadata (public data) is sent for scoring; no personal data is sent.

Data retention

  • Account data: kept while subscription is active + 30 days after cancellation
  • Subscription invoices: kept 10 years (Lithuanian bookkeeping law)
  • Audit log: kept 12 months
  • Magic link tokens: deleted on use or after 30 minutes
  • Email digest history: kept 12 months for your reference

Cookies

We use exactly one cookie: pr_session — a session cookie that keeps you signed in. It's httpOnly, sameSite=Lax, secure in production. We do not use analytics, ad, or social-media cookies.

Children

PharmaCliff is a B2B service for pharma R&D professionals. Not intended for users under 18. We do not knowingly collect data from minors.

Changes

We'll email you about material changes to this policy at least 30 days before they take effect.

Contact

Questions, requests, or concerns: hello@pharmacliff.eu.