Privacy statement

Commonscience · Effective 2026-07-15 · Interim (counsel review pending)

This statement describes how Commonscience (“we”) handles personal information when you use our websites, sign-in flows, and GUIDE (invite-only during preview).

Who we are

Commonscience builds research infrastructure. Product and commercial services are operated by Commonscience (for-profit; incorporation in progress). Public-good programs are planned under Commonscience Foundation.

Privacy contact: privacy@commonscience.co

What we collect

What we do not collect

Why we use it

Processors

We use subprocessors to run the service, including Cloudflare (hosting, Access, D1 database) and email providers for transactional mail. Identity authentication is performed by the identity provider you choose at sign-in.

Retention

Operational logs: approximately 30 days unless required longer for security investigation. Account data: retained while your account is active and deleted or anonymized within 90 days of a verified deletion request, subject to backup cycles.

Your rights

Depending on your location, you may request access, correction, deletion, or export of personal information we hold about you. Email privacy@commonscience.co. We respond within 30 days.

We do not sell personal information. California residents: we honor applicable opt-out rights; we do not sell or share personal information for cross-context behavioral advertising.

Security

Traffic is encrypted in transit. Access to production systems is restricted. We do not claim HIPAA Business Associate status, FedRAMP authorization, or SOC 2 certification unless separately agreed in writing.

Children

Our services are not directed to individuals under 16.

Changes

We may update this statement. Material changes will be posted here with a revised effective date.