Privacy Policy

Controller
Alice Laquerrière-Hecker
II. Rote-Haag-Weg 12
52076 Aachen, Germany
E-Mail: alice.laquerriere@gmx.de

1. General Information

EvidenceEngine is a scientific literature search platform designed for academic and research use. The application operates entirely within the European Union and complies with the requirements of the General Data Protection Regulation (GDPR). No user accounts, tracking tools, or marketing cookies are used. The integrated AI model (TinyLlama) runs fully locally on the server and does not transmit, store, or analyze any personal data externally.

2. Principle of Personal Data

You can use this website without disclosing your identity. Personal data is collected only if you voluntarily provide it to us (e.g., by contacting us via email) or if it is technically necessary to use this website. The latter particularly includes the IP address transmitted by your device; however, this data is not used in a personally identifiable manner.

• Technically required data: IP address, browser type, operating system, date, and time of access. These are processed under Art. 6(1)(f) GDPR due to our legitimate interest in ensuring functionality and security. These logs are stored only in anonymized form and automatically deleted after a short period (max. 7 days).
• This website uses SSL/TLS encryption for security and to protect the transmission of personal and confidential data. You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser’s address bar.
• Contact data: When you contact us, we process the data you voluntarily provide (such as name, address, e-mail address, and the time and date of contact) solely for the purpose of responding to your inquiry. This processing is based on Art. 6(1)(b) GDPR (contractual necessity) or, if no contractual relationship is intended, on Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).
• We assure you that your personal data will not be passed on to third parties unless you have explicitly consented or there is a legal obligation to do so.
• All personal data received through electronic, written, or telephone communication are stored securely and deleted once the purpose of storage no longer applies. Data without statutory retention requirements are typically deleted after three years; data subject to legal obligations (e.g., accounting) are retained for up to ten years.

3. Processed Data within EvidenceEngine

• Server logs (technical): timestamp, requested resource, HTTP status code. IP addresses are stored only in a shortened, non-identifiable form for a maximum of 7 days.
• Search queries: processed only temporarily to retrieve and display results; they are not stored permanently.
• Content data: all displayed metadata and abstracts originate from open-access scientific databases (OpenAlex, PubMed, Europe PMC, DOAJ, arXiv) and are subject to their respective licenses.

4. Local Language Model (LLM)

The integrated language model TinyLlama runs entirely on the local server. No input data, IP addresses, or other user information are transmitted to third parties or external systems. All processing takes place only in volatile memory (RAM) during runtime and is immediately discarded after the response is generated. The model does not log, store, or analyze any user data, nor does it perform remote or external processing.

5. Legal Basis for Processing

• Art. 6(1)(f) GDPR – legitimate interest in ensuring system operation, security, and technical functionality.
• Art. 6(1)(b) GDPR – processing necessary for providing the search functionality or responding to inquiries.
• No transfer of personal data to countries outside the European Union.

6. Data Processing by Third Parties

If external hosting services are used, data processing occurs exclusively within the EU under a Data Processing Agreement (Art. 28 GDPR).

7. Storage Duration

• Server logs: retained for a maximum of 7 days
• Contact data: up to 3 years (or 10 years where legal retention applies)
• Search queries: not stored
• Indexed open-access metadata: retained long-term for research purposes

8. Rights of Data Subjects

Under Articles 15–21 GDPR, you have the right to access, rectify, delete, restrict, or object to the processing of your personal data, and to request data portability. Requests can be directed to the contact details provided above.

9. Sources and Licenses

EvidenceEngine exclusively uses open-access sources (OpenAlex, Europe PMC, DOAJ, PubMed Central, arXiv). For each record, the DOI, source, and license are displayed where available. No copyrighted full texts or paywalled materials are stored or mirrored.

10. Security

All data transmissions are encrypted via HTTPS/TLS. The system is secured using modern protective measures including firewalls, rate limiting, and up-to-date security patches to prevent unauthorized access.

Back to search