PASS
Data security & privacy

How PASS handles your data

This page summarises what PASS stores, who can see it, and what controls you have.

What we store

When you submit a manuscript for analysis we keep:

  • The manuscript file or pasted text you provided (XML, PDF, or manual entry).
  • The structured representation the agent extracts from it (title, abstract, sections, authors, key findings, inferred subject areas).
  • The generated report — recommended journals, scores, strengths/weaknesses, improvement roadmap, and literature positioning.
  • Any survey feedback you submit on the report.
  • Your account info: email, name, OAuth identity if you signed in with Google, and an encrypted copy of any API keys you set under Settings.

We do not store IP addresses, browser fingerprints, or third-party analytics cookies.

Who can see it

Your manuscripts and reports are visible only to you (when signed in) and to the platform administrators. We do not share manuscript content with other users, advertise on it, or expose it on any public index.

Third-party processing

Generating recommendations requires sending manuscript text to a large-language-model provider. By default the system uses OpenAI's API; if you supply your own Anthropic or Google API key under Settings, that provider receives the manuscript text instead.

We do not send manuscript content to any other third party.

Retention & deletion

Uploaded manuscripts and generated reports stay in your account until you delete them. From the dashboard ("My papers"), each row has a delete control which removes the analysis from your view; the underlying row + any feedback you submitted are retained for research purposes unless you ask the team for a hard delete via the contact below.

Email notifications can be turned off under Settings → Notifications without affecting anything else.

Security

The application runs on a dedicated EC2 instance behind HTTPS. API keys and OAuth tokens are encrypted at rest. Database backups are encrypted and not exposed publicly.

Acceptable use

PASS is built for scientific manuscript analysis. By creating an account you agree to upload only content you have the right to submit, and not to upload:

  • Manuscripts you do not own or have not been authorised to share.
  • Content that infringes copyright, intellectual property, or third-party privacy.
  • Illegal material under applicable U.S. law.
  • Personal data about identifiable individuals beyond what a normal scientific manuscript includes (e.g. patient identifiers, private medical records).
  • Content intended to harass, threaten, or harm others.
  • Malware, exploit code, or content designed to compromise systems.
  • Content intended primarily to manipulate the system into producing harmful or deceptive output.

We reserve the right to remove uploaded content and suspend accounts that violate this policy. Reports of abuse can be sent to the contact email below.

Questions or removal requests

Email jiawenc@upenn.edu for any privacy question, hard-delete request, or to opt out of retention of your prior feedback for research.

Last updated 2026-05-25