Plain-English summary. A formal privacy policy will accompany general availability.
Your account details (name and email, held by our authentication provider), the manuscript package you upload, payment records, and the operational logs needed to run and audit the service — submission status, report access, and error diagnostics. We do not collect more than the service needs.
The processors actually in the stack. No others receive manuscript content.
| Processor | Role |
|---|---|
| Clerk | Authentication and organization accounts |
| Stripe | Payment processing — card details never touch our systems |
| Anthropic & OpenAI | The two appraisal engines, via their commercial APIs |
| Crossref, NCBI & the DOI Foundation | Reference verification — cited DOIs and PMIDs are looked up in the public registries by bare identifier only; manuscript text is never sent |
| Cloudflare R2 | Manuscript and report file storage (S3-compatible object store) |
| Resend | Transactional email (report-ready notices) |
| Vercel | Web hosting |
| Northflank | Application workers and database hosting |
| Sentry | Error monitoring |
Manuscript content reaches the model providers through their commercial APIs only, and we do not train models on your files. How uploads are screened and isolated is described on the security page.
Manuscript content is retained for 90 days by default, then expired and purged — files, artifacts, reports, and findings — after a short grace period, with an audit record of the purge. Billing and audit records are preserved as required. You can request deletion of a submission at any time by emailing support@abigailmd.com from your account email — it follows the same purge path. An in-product delete control is on the roadmap.
RigorMD is operated by Abigail MD (United States), and processing happens in the United States on the processors listed above. We process your data to deliver the service you purchase (your account, manuscript processing, report delivery), to keep the service secure (screening, audit logs, error monitoring), and to meet legal obligations (billing records).
You can request a copy of your data, correction, or deletion at support@abigailmd.comfrom your account email. If you are in the EU or UK, we honor these requests in line with the GDPR's access, rectification, erasure, and objection rights, and you may lodge a complaint with your supervisory authority. A formal privacy policy with full legal detail will accompany general availability.
Cookies: only the ones required for sign-in and payment. No advertising or analytics trackers — the pages you are reading load none.