Privacy Policy

Last updated: May 12, 2026

Referee3 (referee3.app) is an AI-powered academic paper review service operated by DCG LLC from the United States. This policy explains what data we collect, why we collect it, and how we protect it. We have tried to write it in plain English rather than dense legalese.

1. Information We Collect

Account information

Your email address, which is required for all users. We use it to create your account (if you choose to register), deliver completed review reports, and send error notifications if processing fails. A guest flow is also available — no account is required, but we still need an email address for report delivery.

Paper files and metadata

When you upload a paper (PDF or .docx), the file is stored on our server. We also store metadata you provide during upload: the original filename, selected academic field, target journals, and paper type classification.

Review content

The referee reports generated by AI models are stored alongside your paper so you can access them at any time.

Payment information

Payments are processed entirely by Stripe. We never see or store your credit card number or full payment details. Stripe may share with us a transaction identifier and confirmation of payment.

Usage data

We track token usage and estimated cost per review for internal operational purposes.

2. How We Use Your Information

  • To process your paper through our AI review pipeline and generate referee reports.
  • To deliver completed reports to your email address.
  • To notify you by email if an error occurs during processing.
  • To process your payment via Stripe.
  • To monitor token usage and costs so we can keep the service running.

We do not use your uploaded papers to train any AI models.

3. AI Processing & Third-Party Services

To generate your referee report, your paper text is transmitted to servers operated by Anthropic, OpenAI, and Google. We want to be explicit about this so you can make an informed decision before uploading.

We do not call these providers' raw APIs directly. Instead, we invoke each provider's official command-line tool (CLI) — Anthropic's Claude Code, OpenAI's Codex, and Google's Gemini CLI — under our flat-rate subscriptions. Each CLI ships the input you submit to the corresponding provider's servers using that provider's own transport, authentication, and data-handling stack. Our service relies on the privacy and security guarantees published by each provider; we do not modify or attempt to bypass their CLI's built-in data handling.

  • Anthropic — Claude (via Claude Code CLI): Your paper text is sent to Anthropic's servers for one of the three referee reports. Data handling is governed by Anthropic's privacy policy and the Claude Code / Anthropic Consumer Terms. Under Anthropic's commercial terms, inputs submitted via Claude Code are not used to train Claude models.
  • OpenAI — GPT (via Codex CLI): Your paper text is sent to OpenAI's servers for a second independent referee report. Data handling is governed by OpenAI's privacy policy and business / API terms applicable to Codex. Under OpenAI's standard API/business terms, inputs are not used to train OpenAI models.
  • Google — Gemini (via Gemini CLI): Your paper text is sent to Google's servers for a third independent referee report. Data handling is governed by Google's privacy policy and the applicable Gemini / Google AI terms of service.

We commit to operating within the privacy policies and terms of service published by Anthropic (Claude Code), OpenAI (Codex), and Google (Gemini), and to passing your paper to these services only for the purpose of generating your referee report. We do not share your paper with any other AI provider, and we do not use your paper to train any model ourselves.

We cannot guarantee the internal practices of third-party providers beyond what their public policies state. If you are uploading sensitive, unpublished, or embargoed work and are not comfortable with the above, please do not submit your paper.

Additionally, the following third-party services may receive limited data:

  • Stripe — processes your payment. We never see or store your card details.
  • Gmail SMTP— we send report delivery and error notification emails through Gmail SMTP. Your email address and report content pass through Google's mail servers.

4. Private Mode

When you enable “private mode,” your paper is processed entirely by a local AI model (Ollama/Gemma4) running on our server. In private mode:

  • Your paper text is never sent to any external AI service.
  • The only external services that receive any data are Stripe (for payment processing) and Gmail SMTP (to deliver your report).
  • All AI processing stays on our server and never leaves the machine.

Note: Private mode uses a smaller local model, so review quality will be noticeably lower than standard (cloud) mode.

5. Data Storage and Retention

All data — uploaded papers, generated reviews, account information, and metadata — is stored in a SQLite database and file system on our server, which is a local machine located in the United States and accessible via a Cloudflare tunnel at referee3.app.

Uploaded papers and reviews are stored indefinitely unless you request deletion. If you would like your data deleted, contact us (see below) and we will remove your papers, reviews, and account information.

6. Authentication and Sessions

We use NextAuth for authentication, supporting password login and magic link email. Sessions are managed with JSON Web Tokens (JWT) that expire after 30 days. A guest flow is also available — you can submit a paper with just an email address, without creating an account.

7. Cookies and Local Storage

  • NextAuth session cookie — a functional cookie used to maintain your login session.
  • Theme preference— stored in your browser's localStorage (not a cookie). This remembers your light/dark mode preference.
  • Stripe cookies — Stripe may set its own cookies during the checkout process.

We do not use any analytics or advertising cookies.

8. Your Rights

Regardless of where you are located, you can:

  • Request a copy of all data we hold about you.
  • Request deletion of your papers, reviews, and account.
  • Ask us to correct inaccurate personal information.

For users in the European Union (GDPR)

If you are located in the EU or EEA, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal basis for processing: We process your data based on your consent (uploading a paper and providing your email) and our legitimate interest in providing the service you requested.
  • Right to data portability: You can request your data in a machine-readable format.
  • Right to restrict processing: You can ask us to limit how we use your data.
  • Right to object: You can object to processing based on legitimate interests.
  • Right to lodge a complaint: You have the right to file a complaint with your local data protection authority.

Note that your data is stored on a server in the United States. By using Referee3, you consent to the transfer of your data to the United States.

9. Children's Privacy

Referee3 is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For significant changes, we will make reasonable efforts to notify users by email.

11. Contact

If you have questions about this privacy policy, want to request your data, or want to request deletion, you can use our contact form or reach us directly:

DCG LLC

Email: [email protected]

Service: referee3.app

← Back to Referee3