Security & Data Protection

Your research data is yours alone

Systematicly is built on the principle that your research data should never be used to train AI models, never be accessible to other users, and always be under your control.

Powered by Anthropic Commercial API: data is never used for AI training

How we protect your data

Every layer of Systematicly is designed with data security as a first principle, not an afterthought.

Your data never trains AI models

Systematicly uses the Anthropic commercial API, which is contractually prohibited from using your inputs or outputs to train generative models. Your research questions, uploaded PDFs, extracted data, and generated reports are never fed into any training pipeline. This is not an opt-out. It is the default and only behaviour for commercial API access.

Encryption at rest and in transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Your files, session data, and credentials are protected by industry-standard encryption at every stage. Data flows from your browser to our servers to the database.

Minimal data retention

Under Anthropic's commercial API terms, inputs and outputs are retained for a maximum of 30 days solely for trust and safety monitoring, not for training or product improvement. After processing, your research data exists only in your own account storage. You can delete your data at any time.

Isolated user environments

Each user's data is logically isolated. Your projects, uploads, and analysis results are never accessible to other users. Authentication is handled with row-level security policies that enforce strict data boundaries at the database level.

Two-factor authentication required

Every Systematicly account requires two-factor authentication (2FA) at sign-up. This adds a second layer of verification beyond your password, ensuring that even if credentials are compromised, your research data remains protected. We support authenticator apps and email-based verification codes.

GDPR-ready data controls

You can export all your data at any time as a JSON archive (projects, settings, and analysis history). You can also request complete deletion of your account and associated data. We collect only the minimum data necessary to operate the platform.

Where your data goes, and where it doesn't

A transparent look at how data flows through Systematicly.

1

You upload or enter data

PDFs, research questions, and search terms are encrypted with TLS 1.3 during transit.

2

Stored in your isolated account

Data is encrypted at rest (AES-256) with row-level security. Only your authenticated session can access it.

3

Sent to Anthropic API when you take an action

Only when you click "Analyse", "Extract", "Generate", etc. The minimum necessary data is sent via encrypted connection to Anthropic's commercial API.

4

AI processes and responds. That's it

Anthropic processes your request and returns results. Under commercial API terms, your data is not used for training, retained for max 30 days for safety monitoring only, then permanently deleted.

What never happens

Your data is never used to train or improve AI models. It's never shared with third parties. It's never accessible to other users. It's never sold or monetised.

Commercial API vs. Consumer AI

Systematicly (Commercial API)

  • Data never used for AI training
  • Max 30-day retention for safety only
  • Zero data retention option available
  • Contractual privacy guarantees
  • Isolated per-user data storage
  • Full data export & deletion

Typical Free AI Tools

  • Data may be used for model training
  • Retention up to 5 years for training
  • No zero retention option
  • Terms can change with limited notice
  • Shared infrastructure
  • Limited or no export tools

Frequently asked questions

Can Anthropic (Claude's maker) see my research data?

Anthropic processes your prompts and data through their API to generate responses, but under their commercial terms, this data is not used for model training, product improvement, or any purpose beyond delivering the service and basic trust & safety monitoring. Anthropic retains API inputs/outputs for a maximum of 30 days for safety purposes, after which they are deleted.

Is my data used to improve Claude or any other AI model?

No. Systematicly operates exclusively on Anthropic's commercial API, which contractually prohibits the use of customer data for training generative models. This is fundamentally different from free consumer AI tools, where data may be used for training by default.

What happens to my uploaded PDFs and research documents?

Your uploaded files are stored securely in your account's isolated storage. They are sent to the AI only when you initiate a specific action (like data extraction or screening). The AI processes them in real-time and does not retain copies beyond the API's standard 30-day safety window.

Can other users or Systematicly staff access my projects?

No. All data is isolated at the database level using row-level security. Your projects are accessible only through your authenticated account. Systematicly staff do not have access to your research content.

Can I get zero data retention for my organisation?

Yes. For enterprise customers handling highly sensitive data (e.g., clinical trial data, commercially privileged research), we can arrange Zero Data Retention (ZDR) through Anthropic, where API inputs and outputs are not stored at all beyond real-time safety screening. Contact us at hello@systematicly.com to discuss enterprise security options.

Is Systematicly suitable for health data or clinical research?

Systematicly uses encryption at rest and in transit, isolated user environments, and a commercial AI provider that does not train on your data. For organisations with specific compliance requirements (HIPAA, 21 CFR Part 11, etc.), we recommend contacting us to discuss enterprise arrangements including zero data retention and dedicated infrastructure options.

How does this compare to other research tools?

Many research tools use cloud-based AI services but don't disclose their data handling terms. Systematicly is transparent: we use Anthropic's commercial API (not consumer), your data is never used for training, and we provide full data export and deletion capabilities. We don't monetise your data in any way.

Have specific security requirements?

For organisations handling clinical data, commercially sensitive research, or requiring compliance with specific regulatory frameworks, we offer enterprise security arrangements including zero data retention.

Contact Enterprise SalesBack to Platform