Last updated: 2026-07-16
1. Data controller
The controller of the personal data collected through SysRevAI (https://sysrevai.soportic.es) is Octavi Rodriguez. For any question regarding your personal data, please write to octavirodriguez@gencat.cat.
2. What we process
- Account data: name, email address, hashed password and preferred language.
- Usage data: systematic reviews you create, references you import, screening decisions, comments and PDF files you upload.
- Technical data: IP address, browser, login timestamps and cookies strictly necessary to keep your session.
3. Purposes
We process your data to:
- Provide you with the systematic review management service.
- Identify you securely and protect the integrity of the reviews (authorship of decisions, traceability).
- Handle support requests and notify you of relevant changes to the service.
- Comply with the legal obligations applicable to us.
4. Legal basis
The legal basis is the performance of the contract that governs your use of SysRevAI (registration and provision of the service), your consent where explicitly requested, and compliance with applicable legal obligations.
5. Retention
We keep your data while your account remains active. If you ask us to delete it, your personal data is removed, except where retention is required by law or necessary for scientific traceability (for example, the screening decisions of a published review).
6. Recipients
We do not share your data with third parties except where the law requires it. Some optional AI-based features send fragments of references or full texts to Anthropic's API (Claude) for processing; you can disable these features at any time from your account.
7. Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability at any time by writing to octavirodriguez@gencat.cat. You also have the right to lodge a complaint with the competent supervisory authority.
8. Security
We apply reasonable technical and organisational measures (Argon2id-hashed passwords, HTTPS encryption in transit, backups and access logging) to protect your data. No system is absolutely secure; please use a strong password and enable two-step verification when available.
9. Changes
We may update this policy to reflect regulatory or product changes. Material changes will be notified through the service itself. The date of the last update is shown at the top of this document.