Legal

Privacy Policy

Last updated: May 21, 2026

1. Who we are

PsychHypo ("we", "us") operates psychhypo.com, a research tool that helps psychology and psychiatry researchers generate, stress-test, and compare hypotheses against published literature. PsychHypo is a vertical of LitHypo. Contact: feedback@psychhypo.com.

2. Data we collect

  • Account data: name, email, role, institution, field of focus.
  • Research content: topics, hypotheses, notes, tags, status updates, outcome notes, uploaded papers (manuscripts, protocols, datasets), lab notebook entries, and any text you submit.
  • Usage data: query counts, timestamps, plan, subscription status, billing history.
  • Technical: IP address, browser, device type, and basic logs for security and abuse prevention.
  • Cookies / local storage: session tokens for keeping you signed in. We do not use third-party advertising cookies.

3. How we use it

  • Provide the service: run hypothesis generation, comparisons, stress tests, and file analyses.
  • Send transactional emails: verification, password reset, status reminders (if enabled), weekly literature digests (if enabled), and account notifications.
  • Bill you and prevent fraud (via Stripe).
  • Internal operations: the founder receives email notifications when new users sign up and when suggestions are submitted, for support and product development purposes.
  • Improve product reliability and security.

We do not sell your personal data. We do not use your private research content to train AI models. We do not share your uploads, queries, or research content with researchers outside your account.

4. AI processing (Anthropic Claude)

When you generate, compare, or stress-test a hypothesis, or analyze an uploaded document, relevant text is sent to Anthropic's Claude API (anthropic.com) for processing. We use Claude Opus 4.7 as our primary model. Anthropic processes the data as our subprocessor under their commercial terms (https://www.anthropic.com/legal/commercial-terms) and does not use API inputs or outputs to train its models. We send only the minimum content needed for the request.

5. Literature data (OpenAlex and Europe PMC)

We query two literature databases in parallel:

  • OpenAlex (openalex.org), operated by OurResearch, a US-based nonprofit. Open-access bibliographic data covering 250+ million scholarly works.
  • Europe PMC (europepmc.org), operated by EMBL-EBI. Biomedical literature including PubMed Central and preprints.

Both are publicly available bibliographic databases. We retrieve paper metadata and abstracts based on your query. We do not transmit your account information or your research content (beyond the search query terms) to either database.

6. Subprocessors

  • Lovable Cloud (Supabase) — database, authentication, file storage, edge runtime, hosting. Hosted in EU/US.
  • Anthropic — Claude AI processing. Hosted in US.
  • Stripe — payment processing, including card data (PCI-compliant). Hosted in US.
  • Cloudflare — DNS management and email routing. Hosted globally.
  • Resend — transactional email delivery. Hosted in US.

7. Sensitive research data handling

PsychHypo is designed for psychology and psychiatry research. We understand that uploaded documents and queries may include sensitive research content, including descriptions of clinical populations or theoretical frameworks tied to mental health conditions.

You should not upload:

  • Personally identifiable patient data
  • Protected Health Information (PHI) governed by HIPAA without appropriate safeguards in place
  • Research subject identifying information from IRB-restricted studies

PsychHypo is not a HIPAA-compliant platform and is not appropriate for storing or processing patient-level identifying data. We do not access user uploads, queries, or notes for any purpose except support requests initiated by the user.

8. Data retention

We retain your account and content for as long as your account is active. If you delete your account, we delete your profile, hypotheses, notes, uploaded files, and lab notebook entries within 30 days, except where we must retain records for legal, tax, or fraud-prevention purposes. Billing records may be retained up to 7 years to comply with US tax law.

9. Your rights (GDPR, UK GDPR, CCPA)

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data (most fields are editable in your profile).
  • Delete your account and associated data.
  • Export your hypotheses and notes.
  • Object to or restrict processing.
  • Withdraw consent for transactional emails (via in-app settings) or unsubscribe via signed links in our emails.
  • Lodge a complaint with your supervisory authority.

To exercise any of these rights, email feedback@psychhypo.com. We respond within 30 days.

10. Security

We use TLS in transit, encryption at rest, row-level security on all user data, scoped service credentials, and modern HTTP security headers. The founder may access user data via the database for legitimate support purposes only (e.g., diagnosing a user-reported bug). We do not browse user content for any other reason. No system is perfectly secure; report issues to feedback@psychhypo.com.

11. International transfers

Your data may be processed in the United States and the European Union. Where required, transfers rely on Standard Contractual Clauses with our subprocessors.

12. Children

PsychHypo is not intended for users under 16. We do not knowingly collect data from children. Research involving child or adolescent populations should be conducted with appropriate IRB oversight and consent, with PsychHypo used only for non-identifying research design support.

13. Changes

We will post material changes here and, when appropriate, notify you by email.