Trust & transparency

Commonscience asks scientists to keep some of their most sensitive work here — and to publish the rest into a shared record the whole field can build on. Both only work if the rules are legible. This page states the guarantees in plain language. Each one is enforced by a mechanism, not a promise on a poster.

This is our plain-language summary. The binding legal document is the Privacy statement. Both are interim while counsel completes review; the guarantees below are design commitments we are building the product to keep.

In-progress and private work exposes nothing — not to other users, not to public discovery, not in aggregate statistics. Publishing is the only act that makes anything visible, and even then only what you chose to publish. A lab’s public standing reflects what it decided to share, never what it kept in the drafts.

Confidential and contract (CRO) work contributes nothing to the public discovery graph by default. Feeding the commons is always an explicit choice, never a side effect of using the tool. We would rather have a sparser public graph than one built at the expense of anyone’s confidentiality.

When you're deriving, authoring, or challenging a record — doing the work yourself — conversations with the assistant become part of that work's permanent provenance, so a result can always be traced to how it was reached. When law or contract requires deletion, we destroy the encryption key so the content is unrecoverable — while the fact that something existed and was redacted, when, and by whom, survives. Deletion never silently rewrites history.

If you're just reading and asking questions about a published record — anyone's, including your own — those conversations stay in your own account history, kept for your convenience and under your control, not treated as scientific evidence.

In public discovery the assistant helps you find and navigate; it will not suggest what you should work on unless you ask. That line protects the commons from being quietly herded toward whatever a model finds probable. It is designed to refuse requests that cross the dual-use line — work that could help build weapons — and applies added safeguards when we detect the user is a minor.

Connect your own model provider and your prompts are sent to your provider, under your agreement — not to a model we pay for. Our safety checks still run before a request leaves Commonscience. And we do not use the research content you create to train third-party AI models. Your work is yours.

What we collect depends only on how you sign in. A classroom tinkerer is not asked for what an enterprise SSO account provides, and vice-versa. Sign-in runs through Cloudflare Access (Google, Microsoft, GitHub, or a one-time PIN); the details are in the Privacy statement.

What this looks like for you

Open by default. Publish into the shared record; keep drafts private until they’re ready. Students work under the lab’s node with scoped access.

Confidential by default, walls that stay walled sideways between engagements. The sellable deliverable is a Verification Certificate, not your raw record. Regulated work is being built to log to an audit ledger designed around ALCOA+/GxP principles. We do not claim GxP, HIPAA, or SOC 2 compliance except where separately agreed in writing.

The same rigor, aimed at learning. Classroom accounts are for students 16 and up; those who are minors get added safeguards and are reachable by a link they share, not indexed by name. The one place the assistant is a teacher, not just a finder.

Start free, keep it private or join the commons a record at a time. Bring your own model key when you want. No org required.

Privacy and data questions: privacy@commonscience.co. Security disclosures: security@commonscience.co. We read every message ourselves.

Read the full Privacy statement