Skip to content

Legal

Privacy Policy

Last updated: 12 June 2026

SaiLR is a research tool for systematic literature reviews, operated by AI Literacy Lab. This policy explains what personal data we collect, why we collect it, and your rights under the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive. We keep this short and honest — we are researchers ourselves.

1. Who is responsible for your data

The data controller is AI Literacy Lab, the research group that develops and operates SaiLR.

For any privacy questions or requests, contact us at info@ai-literacy-lab.com.

2. What data we collect and why

Access requests (name and email address)
When you submit the “Request Beta Access” form, we store your name and email so we can review your request and reply to you. Legal basis: legitimate interest (Article 6(1)(f) GDPR). Retention: 6 months after we process the request.
Account information (email address and name)
When we create an account for you, we store your email and name to identify you and provide access to the service. Legal basis: performance of a contract (Article 6(1)(b) GDPR). Retention: for the duration of your account plus 12 months after your last activity.
Research data (research questions, search queries, screening results)
SaiLR processes the literature review content you create — your research question, search strings, inclusion and exclusion criteria, and the screening decisions applied to papers. This data is stored in your account and used solely to provide the service. Legal basis: performance of a contract. Retention: 12 months after your last activity, or until you delete your data.
Usage and error logs
We log failed login attempts, search errors, and database failures to maintain the security and reliability of the service. Logs contain your email address, timestamps, and error details. Legal basis: legitimate interest. Retention: 90 days.

3. AI processing of your research content

SaiLR sends paper titles and abstracts to OpenAIto perform AI screening. This means bibliographic metadata from your search results (author names, titles, abstracts) is transmitted to OpenAI's API for processing.

OpenAI acts as a data processor on our behalf under a Data Processing Agreement. OpenAI's API terms state that data submitted via the API is not used to train their models. You can review OpenAI's privacy practices at openai.com/policies/privacy-policy.

We do not send your name, email address, or account details to OpenAI — only the bibliographic content of papers retrieved from academic databases.

4. Cookies and browser storage

SaiLR uses one cookie:

NamePurposeDurationType
sailr_tokenAuthenticates your session after login. Without it, you would need to log in on every page.8 hoursStrictly necessary

This cookie is strictly necessary for the service to function. Under the ePrivacy Directive, strictly necessary cookies are exempt from the requirement to obtain consent. We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.

We also store your display name and session preferences in your browser's localStorage and sessionStorage. This data never leaves your browser except as part of normal API calls to the SaiLR service.

5. Third-party data processors

All your account and research data is stored on servers located within the European Union. We share data with one external processor for AI functionality:

ProcessorPurposeData transferredLocation
OpenAIAI screening of papersPaper titles and abstracts onlyUSA (Standard Contractual Clauses)

We do not sell your data. We do not share your data with any other third parties except where required by law.

6. Your rights under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Ask us to correct inaccurate data.
  • Erasure (Art. 17): Ask us to delete your data ("right to be forgotten").
  • Portability (Art. 20): Receive your research data in a machine-readable format (CSV or RIS export).
  • Restriction (Art. 18): Ask us to restrict processing while a dispute is resolved.
  • Objection (Art. 21): Object to processing based on legitimate interest.

To exercise any of these rights, email info@ai-literacy-lab.com with the subject line “Privacy Request”. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection supervisory authority. In Germany, this is the Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI).

7. Security

We protect your data using industry-standard measures: HTTPS for all data in transit, bcrypt password hashing, HttpOnly session cookies that cannot be read by browser scripts, and encrypted storage for any API credentials you provide.

If you discover a security vulnerability, please report it to info@ai-literacy-lab.com before disclosing publicly.

8. Changes to this policy

We may update this policy when the service changes. The “Last updated” date at the top of this page reflects the most recent revision. We will notify registered users by email of any material changes.

© 2026 AI Literacy Lab · SaiLR · info@ai-literacy-lab.com