Privacy Policy

Last updated: October 30, 2025

This policy describes how ("Alepou Scientific Editing") collects, uses, and protects your personal data when you use our website and services. We are a sole proprietorship based in [Thessaloniki, Greece] and are fully compliant with the EU General Data Protection Regulation (GDPR).

1. What Data We Collect

We collect the following personal data to provide our services:

• Account Information: When you sign up for our Client Portal, we collect your Full Name, Email Address, University/Institution, and Research Field.
• Manuscript Files: We collect the manuscript files and related documents (e.g., cover letters, reviewer responses) that you upload to our secure portal.
• Communications: Any information you provide when you contact us via email (info@alepou-editing.com) or our contact form.

2. How We Use Your Data

Your data is used exclusively for the following purposes:

• To create and manage your secure client account.
• To provide the editing and formatting services you request.
• To communicate with you about your project, provide quotes, and deliver your edited files.
• To process payments and generate invoices for our services.

2a. Lawful Bases for Processing (GDPR)

We process personal data on the following lawful bases:

• Contract – to provide quotes, perform editing, deliver files, and invoice you.
• Legitimate Interests – account security, fraud prevention, and necessary record-keeping.
• Consent – optional marketing emails (you can withdraw consent at any time).

3. Data Storage, Security & Confidentiality

• Hosting: We use Google Firebase (Firestore/Storage) and Cloud Run. Data is stored in EU data centers we configure (currently an EU region). Note: our contact form is currently processed by a Cloud Run service hosted in the United States; see “International Transfers.”
• Security: TLS for data in transit; encryption at rest; Firebase App Check and reCAPTCHA to prevent abuse.
• Confidentiality: We treat manuscripts as confidential and do not share them with third parties without your consent. NDAs are available on request.

4. International Transfers

If you contact us via the website form, your message may be processed by a Google Cloud Run service hosted in the United States. Transfers are protected by the EU Standard Contractual Clauses. You may also contact us directly by email if you prefer not to use the web form.

5. Retention

• Manuscript files and portal contents: deleted 24 months after last activity, or sooner on request.
• Quotes and invoices: retained for 6–10 years (legal obligations).
• Contact form messages: retained for 12 months.

6. Your Rights

You have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to withdraw consent at any time. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

7. Data Controller

Controller: Dr. Aimilia Meichanetzoglou (Alepou Scientific Editing)
Address: Thessaloniki, Greece
Email: info@alepou-editing.com

8. Processors & Third Parties

• Google Ireland / Google LLC (Firebase, Cloud Run, reCAPTCHA)
• Email & payment providers (e.g., PayPal, bank, Wise) – limited data to process payments/communications

9. Cookies & reCAPTCHA

This website uses only essential cookies required for security and functionality:

• reCAPTCHA v3 (Google) - Prevents automated abuse of contact forms
• Firebase App Check - Validates legitimate requests to our services
• Authentication cookies - Maintains your secure login session in the Client Portal

These cookies are strictly necessary for the website to function and do not require your consent under EU law. We do not use analytics, advertising, or tracking cookies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

10. How to Exercise Your Rights

To access, correct, delete, or port your data—or to object to processing—email info@alepou-editing.com with “Data Request” in the subject line. We will respond within one month as required by GDPR.

11. Complaints

You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA). See www.dpa.gr.