Trust Center
How Explore Science protects your research data. For enterprise procurement, IT, and security review.
◆ No AI training
Your documents are never used to train or fine-tune AI models. Contractual guarantee, ToS §6.3.
◆ Full IP ownership
You retain all rights to uploads and generated reviews. Content is private by default. Sharing is opt-in and requires your explicit consent.
◆ Real deletion
Documents are removed from your workspace immediately on delete. Account deletion is self-service from settings; remaining workspace data is purged within 90 days of closure.
Security posture
All stored data encrypted at rest using AES-256 (Google Cloud default), with soft-delete protection on user data.
HTTPS-only with HSTS. All connections enforce TLS 1.2 minimum.
Token verification with revocation checking on every request. Role-based access control with enterprise isolation.
Files upload directly to encrypted storage via time-limited signed URLs. Never touch application servers.
Processing runs on isolated, short-lived compute instances. Temporary files purged automatically after analysis.
Commercial / enterprise API tiers under contractual no-training terms. Brief automated safety retention (≤30 days) under standard provider terms, segregated from training systems, discarded at end of window.
Every request logged with user context, request ID, and duration. Admin operations carry SOC 2-aligned audit fields.
Private network access with DDoS protection and WAF at the edge. Explicit origin whitelisting.
Vendor compliance
Our infrastructure and processing partners maintain independent security certifications.
GDPR alignment
- Lawful bases
- Contract, Legitimate Interest, Consent
- Subject rights
- Access, rectification, erasure, portability, restriction, objection
- Account deletion
- Self-service from account settings
- Breach notification
- 72 hours to supervisory authority
- International transfers
- SCCs (2021) with supplementary encryption
- Data portability
- JSON / CSV export on request
- DPO contact
- [email protected]
Data we store
- Account
- Email, display name, professional profile
- Auth
- Hashed credentials via Firebase
- Documents
- Uploaded PDFs, extracted text
- Reviews
- Generated analysis & chat
- Payments
- Stripe customer ID (payment details held by Stripe)
- Analytics
- Usage events (18-month retention)
- Cookies
- Functional and analytics
We don't sell data to third parties.
Subprocessors (11 vendors)
| Service | Purpose | Data | Region | Link |
|---|---|---|---|---|
| Google Cloud Platform | Infrastructure | All application data | AU / US | ↗ |
| Firebase | Authentication | Auth credentials | US | ↗ |
| Anthropic | Review analysis | Document text (commercial API; no training) | US | ↗ |
| OpenAI | Review analysis | Document text (commercial API; no training) | US | ↗ |
| Google AI | Review analysis | Document text (commercial API; no training) | US | ↗ |
| Mistral AI | Review analysis | Document text (commercial API; no training) | EU | ↗ |
| xAI | Review analysis | Document text (commercial API; no training) | US | ↗ |
| Stripe | Payments | Payment details (not stored by us) | US | ↗ |
| Cloudflare | Network security | Network metadata | Global | ↗ |
| PostHog | Product analytics | Usage events | US | ↗ |
| Customer.io | Email & marketing | User profile data | EU | ↗ |
AI providers operate under commercial / enterprise API contracts: no training on customer content under any circumstance, with brief automated safety retention (up to 30 days) under standard provider terms, segregated from training systems. All vendors are bound by data processing agreements.
Documentation
- Privacy PolicyMay 2026
- Terms of ServiceMay 2026
- Data Handling PolicyMay 2026
Explore Science is a product of Explore Science Pty Ltd, governed by the laws of Queensland, Australia. Reflects current practices as of July 2026.