SciNote AI Trust

Effective date: October 1^st, 2025

Privacy, Security, and Model Governance for AI Features 

SciNote integrates third-party party language model–driven features to assist with protocol structuring and other documentation workflows. These AI features are developed with a strict focus on security, data minimization, and compliance with international standards. This page outlines the data handling, model interaction policies, and governance measures that apply to all AI functionality within SciNote. 

Summary of Security and Compliance Principles 

• SciNote does not store user data or prompts on our third-party AI providers systems.  
• SciNote configures third-party LLMs to exclude customer data from model training.  
• All data traffic, including that used for AI features, is transmitted over TLS-encrypted channels.  
• SciNote is ISO/IEC 27001:2022 and SOC 2 Type I certified.  
• AI features are optional and can be enabled at the organization level.  
• An internal audit trail records all AI-related interactions. 

Additional documentation and control descriptions are available in the SciNote Trust Center and Import with AI Knowledgebase article. 

AI Data Flow and Handling 

SciNote’s AI functionality (e.g. AI Protocol Parser) follows the principles of data minimization and model decoupling: 

Minimal Input Scope 

Only the user-submitted prompt and the necessary file (e.g., a protocol in PDF format) are sent to the AI model endpoint. No unrelated data is transmitted. 

Ephemeral Requests 

Data submitted to the model is not persistently stored at our third-party AI providers. It is used once to generate a response and is not retained. 

No Training Use 

Third-party AI providers are instructed via API configuration and terms, to exclude SciNote-routed requests from model training or logging mechanisms. 

No Personal Data Filtering 

SciNote does not automatically detect or redact personal data (e.g., names, institutions) from AI prompts. Users are advised to avoid including personally identifiable information in AI interactions. 

Internal Storage and Logging 

Prompt metadata, including the submitted input and resulting output, may be stored within SciNote infrastructure for product improvement and support troubleshooting. Access to this data is: 

• Limited to authorized personnel
• Logged and monitored through internal audit mechanisms  
• Scoped under SciNote-controlled, EU-region infrastructure or SOC 2–compliant hosting

Access Control and Encryption 

• All AI-related activity is governed by SciNote’s role-based access model. 
• TLS encryption is enforced for all data transfers between SciNote and external AI models.  
• Audit logs distinguish between user-initiated actions and automated processes. 

Certifications and Controls 

SciNote maintains compliance with: 

• ISO/IEC 27001:2022 — Information Security Management System (ISMS)  
• SOC 2 Type I — Security, availability, and processing integrity principles 

Details on certification scope, audit coverage, vulnerability management, and risk mitigation are available in the Trust Center. 

AI Feature Configuration 

• Enable/Disable: AI features are by default disabled and can be turned on at the organization level by an administrator.  
• Transparency: Users are informed that AI-generated content is produced via integration with third-party models.  
• Control: No customer data is shared beyond what is deliberately submitted by the customer for processing. 

Technical FAQ 

Q: What models does SciNote use for AI features? 

A: Third-party hosted large language models (LLMs) provided by our third-party AI providers, accessed via their enterprise API. 

Q: Is customer data used for training? 

A: No. SciNote does not permit AI provider training on customer-submitted content. 

Q: Can users opt out of AI features? 

A: Yes. All AI features are optional and can be enabled or disabled at the organizational level. 

Q: Is personal data transferred to the model? 

A: SciNote does not pre-process or remove personal identifiers. It is the customer’s responsibility to review their input before submission. 

Q: How is data stored internally post-AI usage? 

A: SciNote stores AI prompt and result metadata in a controlled environment for operational and support purposes. This data is not shared with third parties. 

Q: Where is the data provided for AI processing processed?

A: Data provided by the customer for AI processing is processed in the United States. If you do not wish the data to be processed in the United States, please do not use the AI processing feature.

Additional Resources 

• SciNote Trust Center – Security practices, policies, and certifications  

• Import with AI Knowledgebase – Implementation and usage  

Disclaimers

The AI features are intended to assist customers and their users with protocol structuring and documentation workflows. AI-generated content is produced via integration with third-party AI models and is provided for informational purposes only. SciNote does not guarantee the accuracy, completeness, reliability, or suitability of any AI-generated output for any specific purpose. Users are solely responsible for reviewing, validating, and determining the appropriateness of all AI-generated content prior to reliance or use in any scientific, regulatory, operational, or other context.

By enabling or using the AI features, customers acknowledge and accept that: (i) AI-generated content is machine-produced and may contain inaccuracies, omissions, or biases; (ii) SciNote provides no warranty, representation, or guarantee regarding the AI features or their outputs, whether express, implied, or statutory; (iii) customers remain responsible for ensuring that no personally identifiable, confidential, or otherwise sensitive information is included in prompts or data submitted for AI processing; and (iv) if the customer does not wish its data to be processed in the United States, it must not use the AI features.

Use of the AI features is optional and subject to the customer’s configuration settings. To the maximum extent permitted by law, SciNote disclaims all liability arising from or related to the use of the AI features or AI-generated content, including but not limited to any liability for errors, omissions, unlawful or infringing content, or reliance on outputs.

SciNote reserves the right, at its sole discretion, to modify, suspend, or discontinue any AI functionality at any time, including where third-party AI services or terms change, become unavailable, or are commercially impracticable to maintain. Customers acknowledge that such modification, suspension, or discontinuation shall not give rise to any liability of SciNote.