Privacy Policy

Last updated: May 11, 2026

1. Who We Are

TriSift ("we", "us", "our") is a research-tools platform that uses multiple independent AI reviewers to help researchers screen citations for systematic reviews. The service is operated from the Kingdom of Saudi Arabia and is accessible worldwide at https://trisift.vercel.app.

2. What We Collect

We collect only what we need to run the screening service:

  • Account data: email, name, and optional institution.
  • Authentication data: hashed passwords, OAuth tokens from Google if you sign in with Google.
  • Project content: the citation metadata (title, abstract, authors, identifiers, etc.) you upload, plus your inclusion/exclusion criteria and notes.
  • Screening results: AI decisions, reasoning, confidence scores, and audit metadata (model version, prompt hash).
  • Billing data: credit-pack purchases, transaction IDs, and the last four digits of cards via our payment processor — we never see or store full card numbers.
  • Operational logs: request timestamps, IP addresses, and error correlation IDs used to debug production issues.

3. How We Use Your Data

  • To run the AI screening pipeline you requested.
  • To deliver results, exports, and reproducibility metadata.
  • To process payments and prevent fraud.
  • To respond to support requests and account issues.
  • To monitor service health and security.

We do not sell your data, use your project content to train AI models, or share your screening results with other users.

4. Third-Party AI Providers

To deliver triple-AI consensus screening, your citation titles, abstracts, and inclusion/exclusion criteria are transmitted to:

  • OpenAI (GPT models) — Reviewer 1.
  • Anthropic (Claude models) — Reviewer 2.
  • Google (Gemini models) — Tiebreaker on disagreements.

Each provider has its own privacy policy and data-handling commitments. We use their enterprise API endpoints, which contractually exclude your inputs from model training. Citation metadata is generally public information already indexed in PubMed, Scopus, or similar databases.

5. Where Your Data Lives

Account data, projects, and results are stored in a managed PostgreSQL database (Supabase). The application is hosted on Vercel. Payments are processed by Moyasar, our Saudi-licensed payment gateway. Data is encrypted at rest (AES-256) and in transit (TLS 1.3).

6. Data Retention

We retain your account and project data for as long as your account is active. If you delete your account, we erase your projects and results within 30 days. Some records (transactions, audit logs) may be retained longer where required by tax, accounting, or legal obligations.

7. Your Rights

You can, at any time:

  • Export your projects and results as CSV from inside the app.
  • Request deletion of your account by emailing us.
  • Request a copy of the personal data we hold about you.
  • Correct inaccurate account information from the settings page.

8. Cookies and Session Storage

We use first-party cookies and local storage strictly to keep you signed in and to remember UI preferences. We do not use third-party advertising trackers.

9. Children

TriSift is intended for academic researchers and students aged 16 or older. We do not knowingly collect data from anyone under 16.

10. Changes to This Policy

We may update this policy as the service evolves. Material changes will be communicated via email or an in-app notice. The "Last updated" date above always reflects the current version.

11. Contact

Questions about privacy? Contact us at support@trisift.com.