Privacy & data

Meta-analysis360 is operated by an independent freelancer based in Greece. For account and workflow data described here, we act as the data controller (the legal entity that decides why and how your data is processed). Questions about privacy or GDPR compliance can be directed to: [email protected]. See also our Terms of Service.

Meta-analysis360 helps you run systematic-review workflows (planning, search, screening, and related steps). This page explains—in plain language—what data touches the service, why, and what you can expect. It is not legal advice; ask your institution or counsel if you need binding compliance text.

• Running your review — account, projects, studies, and decisions are processed so the product can save and sync your work (contract performance for paid plans; legitimate interest in providing the free trial fairly).
• Sign-in — we store session records so only you (and invited collaborators) can access your projects.
• Billing — payment status is processed through Stripe when you subscribe.
• Security & abuse prevention — rate limits and logs help keep the service stable (legitimate interest; no advertising profiles).

When you use the workspace, you may enter research questions, protocol text, search strings, reference lists, screening notes, and similar content. That content is stored so your projects work across sessions and devices (where cloud saving is enabled).

Treat anything you paste as sensitive research material: only share what you are allowed to process under your ethics, contract, or grant rules.

AI features send study and planning fields needed for the task—never your email or name. Typical payloads include: research question and PICO-style planning fields, search strategy strings, study titles, truncated abstracts (word-capped before the model), reviewer notes you enter, calibration examples, and (on later screening passes) prior AI rationales. Full-text PDF bytes may be sent to Gemini only when you run PDF-based extraction or usefulness screening.

Processing uses Google Gemini. Google may process data on servers outside your country; their terms and data processing terms apply to that leg. See Google’s data processing addendum.

AI output is assistive only—you remain responsible for scientific decisions, registration, and publication choices.

We use trusted providers to host and operate Meta-analysis360:

• Hetzner — application hosting and PostgreSQL database (Germany).
• Cloudflare — DNS, TLS, and edge security (global network).
• Google — Gemini AI and optional Google sign-in.
• GitHub — optional GitHub sign-in.
• Stripe — subscription billing (card data stays with Stripe).
• Upstash — optional distributed rate limiting (when configured).
• Sentry — application error monitoring and diagnostics.
• NCBI / Unpaywall / Europe PMC — public metadata and open-access PDF lookup (study identifiers only; no account email sent).

Each provider has its own privacy terms. We choose processors that offer appropriate safeguards for research workflow data.

• Account & projects — kept while your account is active and you use the service.
• Sessions — expire after at most 30 days; inactive sessions may expire sooner.
• Billing records — kept as long as needed for tax and Stripe reconciliation.
• Screening telemetry — aggregate counts only (no full abstracts); rotated on the server.
• After account deletion — owned projects and personal identifiers are removed; anonymised audit rows may remain where legally required.

We use trusted providers (for example Google or GitHub) so you do not send a separate password to Meta-analysis360. We store account identifiers and session records needed to keep your data separated from other users’ projects.

We use essential cookies and similar technologies to keep you signed in, protect routes from abuse, and monitor application errors (via Sentry). These are strictly necessary for the service to function and are not used for advertising or cross-site tracking.

If we introduce non-essential analytics cookies in the future, we will request your explicit consent before placing them on your device, as required by law.

• Access & export — download a copy of your projects from Account (JSON export).
• Erasure — delete your account from Account settings; this removes projects you own and personal identifiers.
• Correction — edit your workflow data in the product or contact us to fix account details.
• Object / restrict — email [email protected] for privacy requests (EU/UK/Swiss users may also lodge a complaint with their supervisory authority).
• Sign out on shared computers; clear browser data if you used local-only screening storage.

We may update this page as features or providers change. The “Last updated” date at the top reflects the latest revision.