Privacy Policy

Your privacy and data security are our top priorities

Secure Data Handling

Uploaded PDFs are stored only in our Supabase Storage bucket during processing and removed automatically.

Limited Data Retention

PDF files are deleted within 2 hours by scheduled cleanup; Q&A results are kept for 30 days.

No Third-Party Access

Your research data is never shared with or sold to third parties.

Data Storage

Results are stored in our Supabase/Postgres database for your account history with a 30-day retention window.

Transparent Processing

We log processing events (not PDF contents) for reliability and support.

Right to be Forgotten

You can delete all stored data from your profile at any time; we honor GDPR erasure requests.

Data Collection and Use

We collect and process only what is needed to deliver the service. This includes:

  • PDF files uploaded for analysis (stored in Supabase Storage only during processing and deleted within 2 hours)
  • Extracted answers and questions (stored in your account history for 30 days to support quality and customer support)
  • User account information (email and authentication data)
  • Billing/subscription metadata needed to operate your plan
  • Basic product analytics and logs that exclude PDF contents

Provenance and Source Traceability

Evidence Table Builder may extract verbatim text excerpts from uploaded PDFs to support transparency, verification, and auditability of extracted data. These excerpts are used solely to show where information was identified in the source document and are subject to the same strict retention and deletion policies as extracted answers.

Data Protection

We implement various security measures to maintain the safety of your personal information:

  • TLS encryption for file transfers; provider-managed encryption at rest for storage and databases
  • Scoped access controls and service-role isolation for background jobs
  • Automated cleanup of uploaded PDFs (within 2 hours) and time-bounded retention of results (30 days)
  • Regular updates and monitoring of our cloud infrastructure
  • We do not use uploaded PDFs or extracted data for training AI models or any other purposes beyond your specific analysis requests

AI-Derived Research Outputs

Extracted answers, confidence scores, verbatim quotations, and processing metadata constitute derived research outputs. These outputs remain under the user's control, are exportable, and can be deleted at any time in accordance with applicable data protection laws.

Evaluation and Benchmarking

We do not use user-uploaded PDFs or extracted outputs for internal benchmarking, performance evaluation, or validation studies without explicit user consent.

Your Rights

Under GDPR and other data protection laws, you have the right to:

  • Access your personal data
  • Correct inaccurate personal data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability

Contact Us

If you have any questions about our privacy practices or would like to exercise your data rights, please contact us at george@systematicreviewtools.app

GDPR Alignment

We follow GDPR principles of data minimization and storage limitation: uploaded PDFs are deleted automatically within 2 hours, results are retained for 30 days for support and quality, and you can delete all stored data from your profile at any time. We will honor access, correction, and erasure requests submitted through our support channel.

Responsible AI Use

For more information about our commitment to responsible AI use in evidence synthesis, please see our Responsible Use of AI in Evidence Synthesis page.