Privacy Policy

Last updated: May 24, 2026

This Privacy Policy explains how BibGenie collects, uses, stores, and shares information when you use the BibGenie website, account system, payment features, Zotero plugin, managed AI model features, and related services.

BibGenie is built around a local-first product model for Zotero. We do not store your Zotero library, PDFs, notes, chat conversations, or bring-your-own-key API keys on BibGenie servers.

1. Information We Collect

Account information

When you create or use a BibGenie account, we collect information needed to operate the account system, such as:

Name, email address, profile image, user ID, account role, and account status
Authentication provider information if you sign in with Google or GitHub
Email verification, password reset, and session records
Session metadata such as IP address and user agent, used for security and session management

Payment and subscription information

If you buy a subscription, lifetime plan, or credits, we store payment-related records needed to manage access and billing, such as:

Stripe customer ID, checkout session ID, subscription ID, invoice ID, price ID, plan type, payment status, billing interval, and subscription period
Credit balances, credit grants, credit transactions, expiration dates, and related payment references

Payments are processed by Stripe. BibGenie does not store full card numbers or payment card security codes.

Zotero plugin data

The BibGenie Zotero plugin stores core research data locally in your Zotero environment, including:

Chat history and chat messages, stored in the local plugin database
Custom model settings, including BYOK API keys, stored locally in Zotero preferences with local encryption
Authentication tokens and cached profile data, stored locally through Zotero/Firefox Login Manager
Plugin preferences such as model selection, theme, shortcuts, citation style, and add-to-chat settings
Local semantic index data and related local state when local indexing features are used

BibGenie servers do not store your Zotero library, PDFs, notes, local chat history, or BYOK API keys.

AI requests and managed model usage

BibGenie supports both locally configured third-party models and BibGenie-managed model access.

If you use your own API key or a custom model configuration, the plugin sends requests directly from your device to the provider you selected. BibGenie does not receive, upload, log, or store your BYOK API key.

If you use a BibGenie-managed model, the prompt and necessary context are sent through BibGenie's service to the managed model provider only to process your request. BibGenie does not intentionally store your prompts, responses, Zotero library content, PDFs, or conversation history from these requests.

For managed models and some web-tool features, BibGenie records limited metering and billing metadata, such as user ID, session ID, model ID, model name, provider name, token counts, cache token counts, estimated pricing fields, credit amount, timestamp, and processing status. This data is used for credits, billing integrity, usage display, abuse prevention, and operational debugging.

Website, support, and communications

If you contact us or submit a support request, we may collect the information you provide, such as your name, email address, message, and related support metadata.

Cookies and similar technologies

We use cookies and similar technologies for login sessions, preferences, security checks, and payment flows. See our Cookie Policy for details.

2. Information We Do Not Collect or Store

BibGenie does not store the following on BibGenie servers:

Your Zotero library database
Your Zotero PDFs, attachments, notes, annotations, or full local files
Your BibGenie chat conversation history from the Zotero plugin
Your BYOK API keys or custom provider credentials
Your full payment card details

We also do not sell your personal information.

3. How We Use Information

We use information to:

Create, authenticate, secure, and maintain your account
Provide subscription, lifetime plan, credit, and entitlement features
Process payments, invoices, billing disputes, refunds, and subscription changes through Stripe
Provide managed AI access, credit metering, and usage history
Send account, verification, password reset, payment, and service emails
Respond to support requests
Prevent fraud, abuse, unauthorized access, and service misuse
Debug, maintain, and improve reliability of the website, account system, payment system, and managed model proxy
Comply with legal obligations

We do not use your Zotero library, local files, local chat history, or BYOK API keys to train AI models.

We share information only as needed to operate BibGenie, comply with law, or protect the service. This may include:

Stripe for payments, billing, invoices, tax-related payment processing, and customer portal access
Better Auth-related infrastructure and our database provider for authentication and account records
Email providers such as Resend for transactional email
Infrastructure providers for hosting, security, databases, and related operational services
AI providers when you use managed models or when your own configured model provider processes your request
Legal or safety recipients, if required to comply with law, enforce terms, or protect rights and security

When you use BYOK or a custom provider, that provider's terms and privacy practices apply to requests sent from your device.

5. Data Retention

We keep account, payment, subscription, credit, and limited usage-metering records for as long as needed to provide the service, handle billing, comply with legal obligations, resolve disputes, and maintain security.

Local Zotero plugin data remains on your device unless you delete it through the plugin, Zotero profile, browser storage, or operating system tools. Deleting your BibGenie account does not automatically delete data stored locally inside your Zotero profile.

You may delete local chat history from the plugin's chat history controls. You may remove custom model settings and BYOK keys from the plugin's model settings.

6. Security

We use reasonable technical and organizational safeguards, including secure authentication, encrypted transport, access controls, provider-managed infrastructure security, and local secure storage where available.

No system is perfectly secure. You are responsible for protecting your account credentials, your local Zotero profile, and any API keys you choose to add to the plugin.

7. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict processing of your personal information.

You can:

Update account profile information in the web app
Cancel subscriptions through account billing tools or Stripe Customer Portal where available
Revoke sessions or sign out
Delete local plugin chat history and local custom model credentials
Request account deletion or privacy assistance by contacting us

We may need to keep limited records where required for billing, fraud prevention, security, legal compliance, or dispute resolution.