Privacy Policy

Privacy Policy

Last updated: 17 June 2026

1. Introduction

This Privacy Policy explains how information is handled when you use AIM Review, including the pro web application, the flash web interface, and the AIM Review Android and iOS applications. AIM Review is designed as a local-first research tool: many core screening, labelling, extraction, agreement, and machine-learning functions can run on your own browser or device. Data is sent to cloud services or external providers only when you choose features that require those services, such as signing in, saving to cloud storage, sharing a project, using a third-party API, or downloading remote model assets.

2. Who We Are

AIM Review was developed by Sergio Mena Ortega, Paris Alexandros Lalousis, and Nikolaos Koutsouleris in connection with the Artificial Intelligence in Mental Health lab at King's College London. In this policy, "AIM Review", "we", "us", and "our" refer to the AIM Review application and development team. Questions about privacy or data handling can be sent through the contact details provided in the application.

3. Information We May Process

The information processed by AIM Review depends on the features you use.

  • Account information. If you create an account or sign in, Firebase Authentication processes account identifiers such as your email address, user ID, authentication provider, verification status, and session information. If you use Google or GitHub sign-in, those providers may provide identity information needed to authenticate you. Passwords are handled by Firebase Authentication.
  • Locally remembered credentials. If you enable a "remember me" or credential-prefill option in the web app, your browser may store the entered email address and password locally so that the sign-in form can be pre-filled. Do not use this option on shared, public, or unsecured devices.
  • Project and sharing information. Cloud projects may include project names, project IDs, storage mode, timestamps, owner identifiers, owner email address, project status, collaborator email addresses, invitation records, acceptance or decline status, and shared-project metadata.
  • Review and research content. Depending on your workflow, AIM Review may process imported references, titles, abstracts, author names, journal information, publication years, keywords, identifiers, uploaded spreadsheets, RIS or PubMed files, parsed full-text or PDF content, labels, notes, tags, agreement decisions, extraction questions and answers, active-learning state, model scores, configuration, and exported or saved project snapshots.
  • Device and local storage information. The web app may use browser local storage, session storage, IndexedDB, cache storage, and downloaded files to keep preferences, theme settings, configuration, autosave snapshots, active projects, model assets, and temporary working data. The mobile apps may store project snapshots, labels, notes, and related workflow state on the device.
  • Usage and diagnostic information. The web app initializes Firebase services, including Firebase Analytics. Depending on browser settings and Firebase configuration, this may collect limited app, device, browser, and usage-event information used to understand reliability and usage. We do not use this information for advertising.

4. Local Processing and Local Storage

If you use AIM Review without signing in and without selecting an external API, your review content is intended to remain on your device. Local data may remain in your browser profile, mobile app storage, downloaded files, or browser cache until you delete it, clear site data, uninstall the app, or remove downloaded files. Local storage is controlled by your device and browser. Data stored locally on one browser profile or device is not automatically removed when you delete cloud data from another device.

5. Cloud Projects, Sync, and Sharing

If you sign in and create or activate a cloud project, AIM Review uses Firebase Authentication and Firebase Storage to save, load, back up, and synchronize selected project data. Cloud project data may include project descriptors, imported record metadata, labelling progress, notes, agreement structures, saved configuration, backup files, and sharing records.

When you share a cloud project, AIM Review creates invitation records linked to the recipient email addresses you provide. Accepted collaborators receive an independent project copy containing the shared record metadata needed for screening. Their labels and notes are separate from yours unless the project owner later uses agreement or collection features to combine saved collaborator screenings for comparison and resolution.

6. Artificial Intelligence, Machine Learning, and External APIs

AIM Review includes local machine-learning and artificial-intelligence features for screening, prioritisation, agreement, and data extraction. Local methods, including browser-based models such as Transformers.js and WebLLM, run on your device after any required model assets have been downloaded and cached. Model asset downloads may contact third-party hosting or model-distribution services, but your review content is not intentionally sent to those services merely because a local model is downloaded.

If you choose an external API option, such as Hugging Face Inference API, Google Gemini, or DeepSeek, the selected text, prompts, questions, criteria, document chunks, and related metadata needed for the request are sent directly from your browser to that provider using the API key you enter. Those providers process the data under their own terms, privacy policies, retention settings, and security practices. You should not use external API features with confidential, sensitive, personal, or restricted research data unless you are satisfied that the provider and your API account are appropriate for that use.

API keys entered into AIM Review are used to make requests to the selected provider. They may also be held temporarily in browser form fields and, depending on the configuration features you use, may be captured in local configuration storage or in a configuration file or cloud-saved configuration. Review configuration carefully before saving, exporting, sharing, or using AIM Review on a shared device.

7. How We Use Information

We use information only for purposes connected with operating and improving AIM Review, including:

  • creating accounts, signing users in, maintaining sessions, and verifying identity;
  • creating, loading, saving, backing up, deleting, and synchronizing projects;
  • supporting local and cloud-based screening, labelling, extraction, agreement, active-learning, and reporting workflows;
  • enabling project sharing, invitations, collaborator screening, and agreement collection;
  • providing support, troubleshooting, security, abuse prevention, and reliability improvements;
  • understanding general usage and app stability through analytics or diagnostic information where enabled.

Where data protection law applies, the legal basis for processing may include performance of the service you request, legitimate interests in operating and securing AIM Review, consent for optional features, or compliance with legal obligations.

8. Third-Party Services

AIM Review may rely on third-party services and libraries, including Firebase and Google services for authentication, storage, hosting infrastructure, analytics, and Google sign-in; GitHub for optional GitHub sign-in; external content delivery networks for scripts and libraries; model-distribution services for local model assets; and optional AI providers such as Hugging Face, Google Gemini, and DeepSeek when selected by the user. These services may process technical information such as IP address, browser or device details, account identifiers, access tokens, API requests, and the data you submit to them.

We do not sell personal data and do not use project content for advertising. We may disclose information if required by law, to protect the security or integrity of AIM Review, or to operate the services requested by users.

9. Retention and Deletion

Local data remains on your device or browser profile until you delete it, clear browser site data, remove downloaded files, uninstall the app, or overwrite it. Cloud data remains in Firebase Storage while your account or project remains active, unless you delete the relevant project or account. Backup files may exist to protect against interrupted saves and may be deleted with the related project or account where AIM Review has permission to remove them.

You can delete your account from the profile page or through the mobile app where supported. Account deletion is intended to remove your Firebase Authentication account, owned cloud projects, shared project copies, pending invitations linked to your email address, shared copies created from your owned projects where AIM Review has permission to remove them, and local browser backups associated with your user ID on the device where deletion is performed. Data stored only on other devices, in exported files, in collaborators' downloads, or by third-party API providers may need to be removed separately.

10. Security

We take reasonable steps to protect data handled by AIM Review. Cloud authentication and storage are provided through Firebase, and network requests to supported services are made over secure connections where available. Passwords are processed by Firebase Authentication rather than stored by AIM Review as cloud project files. However, no browser, device, cloud service, or network transmission can be guaranteed to be completely secure. You are responsible for keeping your devices, browser profiles, account credentials, API keys, exported files, and shared-project invitations secure.

11. Your Choices and Rights

You can use many AIM Review features without creating an account. You can choose local storage instead of cloud storage where available, avoid optional external API providers, clear local browser data, remove mobile app data, export or delete project files, decline sharing invitations, and delete your account. Depending on your location and the law that applies, you may also have rights to request access, correction, deletion, restriction, portability, withdrawal of consent, or objection to certain processing. To exercise these rights, contact us using the details provided in AIM Review.

12. Children's Privacy

AIM Review is intended for academic, research, educational, and professional use. It is not directed at children, and users should not submit children's personal data unless they have the authority and lawful basis to do so.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in AIM Review, third-party services, legal requirements, or data practices. Updated versions will be posted on this page with a revised date. Continued use of AIM Review after an update indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or AIM Review data practices, please contact us using the contact information provided within the app.