Legal
Privacy Policy
Last updated: 12 June 2026
1. Who is responsible for your data
The data controller is AI Literacy Lab, the research group that develops and operates SaiLR.
For any privacy questions or requests, contact us at info@ai-literacy-lab.com.
2. What data we collect and why
- Access requests (name and email address)
- When you submit the “Request Beta Access” form, we store your name and email so we can review your request and reply to you. Legal basis: legitimate interest (Article 6(1)(f) GDPR). Retention: 6 months after we process the request.
- Account information (email address and name)
- When we create an account for you, we store your email and name to identify you and provide access to the service. Legal basis: performance of a contract (Article 6(1)(b) GDPR). Retention: for the duration of your account plus 12 months after your last activity.
- Research data (research questions, search queries, screening results)
- SaiLR processes the literature review content you create — your research question, search strings, inclusion and exclusion criteria, and the screening decisions applied to papers. This data is stored in your account and used solely to provide the service. Legal basis: performance of a contract. Retention: 12 months after your last activity, or until you delete your data.
- Usage and error logs
- We log failed login attempts, search errors, and database failures to maintain the security and reliability of the service. Logs contain your email address, timestamps, and error details. Legal basis: legitimate interest. Retention: 90 days.
3. AI processing of your research content
SaiLR sends paper titles and abstracts to OpenAIto perform AI screening. This means bibliographic metadata from your search results (author names, titles, abstracts) is transmitted to OpenAI's API for processing.
OpenAI acts as a data processor on our behalf under a Data Processing Agreement. OpenAI's API terms state that data submitted via the API is not used to train their models. You can review OpenAI's privacy practices at openai.com/policies/privacy-policy.
We do not send your name, email address, or account details to OpenAI — only the bibliographic content of papers retrieved from academic databases.
5. Third-party data processors
All your account and research data is stored on servers located within the European Union. We share data with one external processor for AI functionality:
| Processor | Purpose | Data transferred | Location |
|---|---|---|---|
| OpenAI | AI screening of papers | Paper titles and abstracts only | USA (Standard Contractual Clauses) |
We do not sell your data. We do not share your data with any other third parties except where required by law.
6. Your rights under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Access (Art. 15): Request a copy of the personal data we hold about you.
- Rectification (Art. 16): Ask us to correct inaccurate data.
- Erasure (Art. 17): Ask us to delete your data ("right to be forgotten").
- Portability (Art. 20): Receive your research data in a machine-readable format (CSV or RIS export).
- Restriction (Art. 18): Ask us to restrict processing while a dispute is resolved.
- Objection (Art. 21): Object to processing based on legitimate interest.
To exercise any of these rights, email info@ai-literacy-lab.com with the subject line “Privacy Request”. We will respond within 30 days.
You also have the right to lodge a complaint with your national data protection supervisory authority. In Germany, this is the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).
7. Security
We protect your data using industry-standard measures: HTTPS for all data in transit, bcrypt password hashing, HttpOnly session cookies that cannot be read by browser scripts, and encrypted storage for any API credentials you provide.
If you discover a security vulnerability, please report it to info@ai-literacy-lab.com before disclosing publicly.
8. Changes to this policy
We may update this policy when the service changes. The “Last updated” date at the top of this page reflects the most recent revision. We will notify registered users by email of any material changes.
© 2026 AI Literacy Lab · SaiLR · info@ai-literacy-lab.com