Evidence Watcher Privacy Policy

Draft for legal review. Last updated: June 5, 2026.

This Privacy Policy explains how Evidence Watcher collects, uses, discloses, and protects personal information when you visit our website, create an account, use our research monitoring tools, receive alerts, interact with AI-generated summaries, purchase a subscription, or otherwise use our services (collectively, the "Service").

"Evidence Watcher," "we," "us," and "our" refer to SOUTHBYTE LABS LTD, a private limited company incorporated in England and Wales with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. "You" and "your" refer to the individual using the Service or the organization on whose behalf the Service is used.

This Privacy Policy should be read together with our Terms of Service, available at /legal/terms-of-service.

Important notice: Evidence Watcher is not designed to collect patient records, protected health information, consumer health data, or information about an identifiable individual’s health, treatment, diagnosis, symptoms, medications, care, or clinical history. Do not submit that information to the Service.

1. Scope

This Privacy Policy applies to personal information processed by Evidence Watcher in connection with the Service.

This Privacy Policy does not apply to third-party websites, public data sources, payment processors, identity providers, publishers, registries, or other third-party services that have their own privacy practices. If you follow links to third-party sources such as PubMed, ClinicalTrials.gov, publisher websites, registries, payment providers, or other external services, their policies govern their processing of information.

2. Information We Collect

We collect information you provide directly, information generated through your use of the Service, and information from third-party providers used to operate the Service.

2.1 Account information

We collect account information such as:

  • Name.
  • Email address.
  • Authentication identifiers.
  • Account status.
  • Organization name, if applicable.
  • Organization membership and role, if applicable.
  • Seat and subscription status.
  • Profile settings.

2.2 Profile and personalization information

If you choose to provide it, we collect information used to personalize alerts and summaries, such as:

  • Primary role.
  • Organization type.
  • Organization name.
  • Job title.
  • Use case or monitoring priorities.
  • Alert destination email address.

Do not use these fields to provide confidential information, protected health information, patient-identifiable information, consumer health data, or information about any individual’s health, treatment, diagnosis, symptoms, medications, care, or clinical history.

2.3 Alert and search information

We collect information needed to create, run, and deliver alerts, such as:

  • Alert names and descriptions.
  • Search queries.
  • Monitored trial identifiers.
  • Alert frequency, schedule, timezone, and delivery preferences.
  • Alert status, pause/resume activity, and bulk action settings.
  • Matched source records, run history, and delivery history.
  • Prior summaries or synthesis used to help identify what has changed since a previous alert.

2.4 Communications

We collect information when you contact us, request support, respond to emails, or otherwise communicate with us, including:

  • Contact details.
  • Message contents.
  • Support request metadata.
  • Related account or alert information needed to respond.

2.5 Billing information

If you purchase a subscription, payment information is processed by our payment provider. We receive billing-related information such as:

  • Customer identifiers.
  • Subscription identifiers.
  • Subscription status.
  • Plan and seat information.
  • Payment status.
  • Billing contact information.
  • Tax or invoice metadata.

We do not store full payment card numbers on Evidence Watcher systems. Payment card information is handled by our payment processor, subject to that provider’s own terms and privacy notices.

2.6 Usage, device, and log information

We collect technical and usage information such as:

  • IP address.
  • Device and browser information.
  • Pages viewed.
  • Features used.
  • Referring pages.
  • Session and authentication events.
  • Error logs.
  • Security logs.
  • Approximate location inferred from IP address.
  • Timestamps and request metadata.

We do not intentionally collect precise geolocation information. If that changes, we will update this Privacy Policy and provide any notices or choices required by law.

2.7 Cookies and similar technologies

We use cookies or similar technologies only where they are necessary to operate and protect the Service. Current uses include:

CategoryCurrent useExamples
Essential authentication and securitySigning users in, maintaining sessions, preventing cross-site request forgery, and securing account access.Auth.js/NextAuth session, CSRF, and callback cookies.

We do not currently use non-essential cookies or similar technologies on the public site. If that changes, we will update this Privacy Policy and provide any notices or choices required by law.

3. Information We Do Not Want You to Submit

Evidence Watcher is intended for research monitoring, business intelligence, literature awareness, clinical trial tracking, and evidence tracking workflows. It is not intended to collect or process patient records, protected health information, consumer health data, or information about an identifiable individual’s health.

Do not submit:

  • Protected health information.
  • Patient-identifiable information.
  • Medical records.
  • Information about an individual’s symptoms, diagnosis, treatment, medications, health status, care, or clinical history.
  • Information about a specific person’s interest in, eligibility for, or participation in a clinical trial.
  • Confidential third-party information you are not authorized to share.
  • Information prohibited by law, contract, professional obligation, institutional policy, or confidentiality duty.

If you believe such information has been submitted, contact us promptly at info@evidencewatcher.com.

4. Consumer Health Data Notice

Evidence Watcher is not intended to collect consumer health data. Because the Service includes free-text fields, including search queries, alert names, descriptions, and personalization fields, users must not submit information that identifies or can reasonably be linked to a person’s past, present, or future physical or mental health status.

We use product notices and contractual restrictions to discourage submission of consumer health data. We may also use operational or technical controls designed to reduce the risk that users submit prohibited information.

If Evidence Watcher determines that it collects or processes consumer health data subject to laws such as the Washington My Health My Data Act or similar state consumer health privacy laws, we will publish a supplemental Consumer Health Data Privacy Notice before engaging in that processing, or obtain any consent required by law before collecting, using, or sharing that information.

Before publication, counsel should confirm whether a separate Consumer Health Data Privacy Notice is required for Evidence Watcher’s actual product flow, user base, and data practices.

5. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Service.
  • Authenticate users and manage accounts.
  • Create, run, pause, resume, and deliver alerts.
  • Store alert configurations and user preferences.
  • Personalize alert relevance and AI synthesis.
  • Send transactional emails, including alert emails, account notices, security notices, and billing notices.
  • Provide support and respond to inquiries.
  • Process subscriptions, billing, taxes, and payment status.
  • Monitor performance, reliability, and security.
  • Debug, maintain, and improve the Service.
  • Prevent fraud, abuse, unauthorized access, and policy violations.
  • Comply with legal obligations and enforce our Terms of Service.
  • Develop new features and improve product quality.

6. AI Processing

Evidence Watcher may process alert results, public source data, alert configurations, prior summaries, and user-provided personalization fields through AI systems to generate summaries, synthesis, ranking, relevance signals, or explanations. Evidence Watcher currently uses Anthropic as an AI service provider for AI synthesis and related alert summarization features.

AI processing may use information such as your alert configuration, monitored trial identifiers, search terms, profile fields, prior synthesis, and public source records in order to tailor a summary to your selected monitoring topic.

We do not use Customer Content to train third-party foundation models or Evidence Watcher-owned AI models. Anthropic states that, by default, it does not use inputs or outputs from its commercial products, including the Anthropic API, to train its models, except where customers explicitly provide feedback, report bugs, or otherwise choose to allow such use. Evidence Watcher does not submit Customer Content to Anthropic for feedback, bug-reporting, or model-training purposes.

We may use aggregated, de-identified, or anonymized information, internal logs, and feedback to improve prompts, quality, reliability, safety, and product behavior, provided that this information is not reasonably capable of identifying you.

AI-generated outputs can contain mistakes, omissions, outdated information, or misleading summaries. You should verify important information against source materials before relying on it. Clinical trial and publication summaries may not reflect the current or complete status of a trial, paper, registry entry, or source record.

7. Public Data Sources and Third-Party Content

The Service may retrieve, store, process, and display public or third-party source information, including metadata, titles, links, abstracts, trial identifiers, trial records, update dates, and other source information from resources such as PubMed, ClinicalTrials.gov, PubChem, MONDO, publisher websites, and related services.

These sources are not controlled by Evidence Watcher. Their own terms, privacy notices, copyright rules, attribution requirements, and availability apply. We may process, transform, summarize, link, or enrich source information to provide alerts.

8. How We Share Information

We share personal information only as described below.

8.1 Service providers

We share information with vendors that help operate the Service. Known current or planned providers include:

ProviderServiceInformation involved
VercelApplication hosting, serverless functions, cron jobs, deployment infrastructure, logs, and related platform services.Account, usage, request, device, log, and security information processed through the hosted application.
Neon / managed PostgresDatabase hosting and storage in the UK.Account records, organization records, alert configurations, run history, delivery history, and related Service data.
Google OAuthSign-in and identity provider services.Authentication identifiers, email address, name, profile image if provided by Google, and sign-in metadata.
PostmarkTransactional email delivery.Email address, email content, alert email metadata, delivery metadata, and related message information.
StripeCheckout, subscriptions, payment processing, invoices, billing portal, fraud prevention, and tax-related payment services if billing is enabled.Billing contact information, payment status, customer identifiers, subscription identifiers, plan, invoice, tax, and payment metadata. We do not store full payment card numbers on Evidence Watcher systems.
AnthropicAI synthesis, summarization, ranking, relevance signals, and related AI processing.Alert configurations, search terms, monitored trial identifiers, public source records, prior summaries, personalization fields, and related prompt context needed to provide AI features.

We also use public data and source services to retrieve research and clinical-trial information, including PubMed/NCBI, ClinicalTrials.gov, PubChem, MONDO, EBI OLS, publisher websites, registries, and related services. Search terms, query metadata, source identifiers, or request metadata may be transmitted to them as needed to retrieve public records.

These providers are authorized to process personal information only as needed to provide services to Evidence Watcher, unless they act as independent controllers under their own terms and applicable law.

8.2 Organization accounts

If you use the Service as part of an organization account, your organization’s administrator or other authorized organization members may be able to access information associated with that organization, including:

  • Your account membership and role.
  • Alert configurations.
  • Search queries associated with the organization account.
  • Delivery history.
  • Usage history.
  • Billing status.
  • Account activity.

Please review your organization’s internal policies to understand how your organization may access, use, retain, or monitor information associated with your account.

8.3 Legal, safety, and compliance

We may disclose information if we believe disclosure is necessary to:

  • Comply with law, legal process, or government requests.
  • Enforce our Terms of Service or other agreements.
  • Protect the rights, safety, and security of Evidence Watcher, users, public data sources, third parties, or the public.
  • Detect, prevent, or investigate fraud, abuse, security incidents, or technical issues.

8.4 Business transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.

8.5 With your direction or consent

We may share information when you direct us to do so or when you consent.

9. Selling, Sharing, Targeted Advertising, and Profiling

We do not sell personal information.

We do not share personal information for cross-context behavioral advertising.

We do not use sensitive personal information for purposes that would require a right to limit under California law unless we provide the required notice and choice.

If we introduce advertising, tracking technologies, data sharing, or profiling that creates additional opt-out rights under applicable privacy laws, we will update this Privacy Policy and provide legally required opt-out mechanisms, including a Do Not Sell or Share My Personal Information link or equivalent where required.

10. Legal Bases for Processing

Where GDPR, UK GDPR, or similar laws apply, we process personal information under the following legal bases:

PurposeExamples of informationLegal basis
Provide and operate the ServiceAccount information, alert configurations, search queries, delivery settings, billing statusContract
Send alerts and transactional emailsEmail address, alert settings, delivery historyContract; legitimate interests
Personalize alert relevance and AI synthesisProfile fields, alert settings, prior summaries, monitored recordsContract; legitimate interests; consent where required
Process payments and maintain billing recordsBilling contact information, subscription status, invoice metadataContract; legal obligation
Secure the Service and prevent abuseIP address, security logs, authentication events, device dataLegitimate interests; legal obligation
Provide supportContact details, message contents, account metadataContract; legitimate interests
Product analytics and improvementUsage data, performance logs, aggregated or de-identified informationLegitimate interests; consent where required
Non-essential cookies or marketing communicationsCookie identifiers, email address, marketing preferencesConsent where required
Comply with law and enforce rightsRelevant account, billing, usage, and communications recordsLegal obligation; legitimate interests

Where we rely on legitimate interests, we balance our interests against your rights and interests. You may have the right to object to processing based on legitimate interests.

11. Retention

We retain personal information only for as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

The following table describes our expected retention practices. These periods should be confirmed against Evidence Watcher’s actual systems before publication.

Information categoryTypical retention period
Account informationWhile your account is active, then for up to 6 years after account closure unless longer retention is required for legal, tax, security, or dispute purposes.
Profile and personalization informationWhile your account is active or until you remove or update the information, then for up to 12 months after account closure.
Alert configurationsWhile needed to provide the Service, then for up to 12 months after deletion or account closure.
Alert run history and delivery historyFor up to 12 months to support alert delivery, troubleshooting, deduplication, and account support.
Communications and support requestsFor up to 3 years after the support matter is closed.
Billing and invoice recordsFor the period required by tax, accounting, anti-fraud, and legal obligations, typically 6 years.
Security logs and authentication eventsFor up to 12 months, unless longer retention is needed to investigate abuse, fraud, or security incidents.
Product analyticsFor up to 12 months, or in aggregated or de-identified form where permitted.
BackupsDeleted or overwritten according to our backup rotation schedule, typically within 180 days, unless restoration, security, or legal needs require longer retention.

If you request deletion, we will process the request in accordance with applicable law and may retain information where legally permitted or required, including for security, fraud prevention, legal compliance, accounting, dispute resolution, or backup integrity.

12. Your Choices and Rights

Depending on your location and applicable law, you may have rights to:

  • Access personal information.
  • Correct inaccurate personal information.
  • Delete personal information.
  • Port personal information.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Opt out of certain sales, sharing, targeted advertising, or profiling, where applicable.
  • Limit the use or disclosure of sensitive personal information, where applicable.
  • Appeal a denied privacy request, where required.
  • Lodge a complaint with a data protection supervisory authority, where applicable.

To exercise privacy rights, contact info@evidencewatcher.com.

We may need to verify your identity or authority before fulfilling a request. Verification may require you to confirm control of your account email address, provide account-related information, or submit additional information reasonably necessary to process the request. We will use verification information only to process and document your request.

We will respond to privacy requests within the timeframe required by applicable law. For example, GDPR and UK GDPR requests are generally answered within one month, and California requests are generally answered within 45 days, subject to legally permitted extensions.

If we deny your request and applicable law gives you the right to appeal, you may appeal by contacting info@evidencewatcher.com with the subject line "Privacy Request Appeal." We will respond to appeals within the timeframe required by applicable law.

12.1 EEA and UK users

If you are located in the European Economic Area or the United Kingdom, you may also have the right to lodge a complaint with your local data protection authority. Contact information for EU supervisory authorities is available through the European Data Protection Board. The UK Information Commissioner’s Office can be contacted through its website.

Our EU representative is: Not applicable unless counsel determines the Service triggers an EU representative requirement.

Our UK representative is: Not applicable unless counsel determines the Service triggers a UK representative requirement.

Data Protection Officer information is available on request.

13. U.S. State Privacy Disclosures

This section provides additional information for residents of California and other U.S. states with comprehensive privacy laws, where those laws apply to Evidence Watcher.

13.1 Categories of personal information

The following table describes categories of personal information we collect, examples, purposes, and categories of recipients. Counsel should confirm whether Evidence Watcher is currently subject to CCPA/CPRA or other state laws before publication.

CategoryExamplesPurposesCategories of recipients
IdentifiersName, email address, account IDs, IP addressAccount creation, authentication, support, security, email deliveryHosting providers, authentication providers, email providers, support tools
Commercial informationSubscription status, plan, billing metadata, invoice informationBilling, tax, fraud prevention, subscription managementPayment processors, accounting tools, hosting providers
Internet or electronic network activityPages viewed, features used, session events, logs, device/browser dataSecurity, analytics, performance, product improvementHosting providers, analytics/observability providers, security tools
Geolocation dataApproximate location inferred from IP addressSecurity, fraud prevention, regional compliance, analyticsHosting providers, security tools, analytics providers
Professional or employment-related informationRole, job title, organization name/typePersonalization, organization account management, alert tailoringHosting providers, AI service providers, organization administrators where applicable
InferencesAlert relevance signals, personalization settings, synthesized preferencesPersonalization, alert relevance, product improvementHosting providers, AI service providers
Sensitive personal informationAccount login information; potentially precise categories if users submit prohibited informationAuthentication, security, account accessAuthentication providers, hosting providers, security tools
Communications contentSupport messages and inquiry contentsSupport, troubleshooting, legal complianceSupport tools, hosting providers

We do not intentionally collect protected health information, patient-identifiable information, consumer health data, or information about an identifiable individual’s health. Users are prohibited from submitting that information.

13.2 Sources of personal information

We collect personal information from:

  • You.
  • Your organization, if you use an organization account.
  • Your device and browser.
  • Service providers used to operate the Service.
  • Payment processors.
  • Public or third-party research data sources, where those sources contain information relevant to monitored records.

13.3 Retention

Retention by category is described in Section 11.

13.4 Selling and sharing

We do not sell personal information or share personal information for cross-context behavioral advertising. If this changes, we will update this Privacy Policy and provide legally required opt-out mechanisms.

13.5 California Shine the Light

We do not share personal information with third parties for those third parties’ direct marketing purposes. If this changes, California residents may request information about such sharing as permitted by California law.

14. Email Preferences

Evidence Watcher sends transactional emails, including alert emails, account emails, billing notices, and security notices. You may be able to update alert email settings or pause alerts in the Service.

Marketing emails, if any, will include an unsubscribe method where required by law. Unsubscribing from marketing emails does not stop transactional emails necessary to provide the Service.

15. International Transfers

Our primary application database is hosted in the UK. Some service providers may process information in countries other than where you live or outside the United Kingdom, depending on the provider and service used. These countries may have data protection laws different from your jurisdiction.

Where required, we use appropriate safeguards for international transfers, such as standard contractual clauses, UK transfer mechanisms, adequacy decisions, or other lawful transfer methods.

Before publication, counsel should confirm Evidence Watcher’s actual transfer mechanisms, service providers, hosting locations, and whether transfer impact assessments or supplemental safeguards are required for any non-UK or non-adequate-country processing.

16. Security

We use technical, organizational, and administrative measures designed to protect personal information. These may include, as applicable:

  • Encryption in transit.
  • Access controls.
  • Authentication controls.
  • Logging and monitoring.
  • Vendor review and access limitation.
  • Backups and disaster recovery measures.
  • Internal policies limiting access to personal information.

No system is completely secure, and we cannot guarantee that information will be protected against every risk. You are responsible for maintaining the security of your account credentials and devices.

If we become aware of a security incident involving personal information, we will notify affected users, regulators, or other parties where required by applicable law.

17. Children

The Service is not intended for children under 18. We do not knowingly collect personal information from children under 13, and we do not knowingly allow children under 18 to use the Service.

If you believe a child has provided personal information, contact us at info@evidencewatcher.com. If we learn that we have collected personal information from a child in violation of applicable law, we will take appropriate steps to delete it.

18. Do Not Track and Global Privacy Control

Some browsers transmit "Do Not Track" signals. We do not currently respond to Do Not Track signals.

Where required by applicable law, we will recognize legally required opt-out preference signals, such as Global Privacy Control, for processing activities that require such recognition.

19. Automated Decision-Making and Profiling

Evidence Watcher uses automated processing, including AI systems, to help match alerts, rank relevance, summarize research, and generate synthesis. These outputs are intended to support research monitoring and should be independently verified.

We do not use the Service to make solely automated decisions about you that produce legal or similarly significant effects, such as decisions about employment, credit, healthcare access, insurance, or eligibility for public benefits.

If this changes, we will update this Privacy Policy and provide any notices, rights, or choices required by law.

20. Enterprise Customers and Data Processing Agreements

If you use the Service through an organization, enterprise, or institutional account, Evidence Watcher may process personal information on behalf of that organization under a separate agreement.

DPA available on request for eligible business customers. Organization users should contact their account administrator or Evidence Watcher at info@evidencewatcher.com for more information.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide advance notice where practicable, such as by email to your registered address, in-app notice, or other prominent notice through the Service.

For changes that affect how we process personal information in ways that require consent, we will seek renewed consent before the changes take effect.

If you do not agree with an updated Privacy Policy, you may stop using the Service and request account deletion, subject to Section 11.

22. Contact

Questions, privacy requests, deletion requests, and appeals can be sent to:

info@evidencewatcher.com

Legal notice address:

71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Data Protection Officer information:

Available on request.