AutoLit® User Guide
Examining Results in Synthesis
Administrative Tools
Support and FAQs
Best Nest Building Practices
SLR Basics: How to Perform Systematic Review
NMA Basics: How to Perform a Meta-Analysis
Best Practices for Writing a Publishable Manuscript
This is an old revision of the document!
Nested Knowledge's products offers a web-based software-as-a-service application and customer support services, including notices of new releases. This policy ensures that third party services used by Nested Knowledge undergo appropriate risk and data protection assessment.
A list of sub-processsors and third-party service providers is maintained below. The list is updated at least annually.
Developers monitory third party providers for breaches and vulnerabilities, and notify the Technical Lead by email or slack when a breach is detected.
If a security breach is detected, we:
Third party processors are similarly monitored for policy changes, specifically with regard to changes impacting regulatory requirements.
Subprocessors handle user data processing tasks on behalf of the software application.
| Name (Manufacturer) | Data Processing Agreement | Critical to application? | Purpose | Data Processed |
|---|---|---|---|---|
| Airplane.dev | Signed, available upon request https://airplane.dev | No | Internal customer support applications | User emails and billing data |
| Auth0 | Auth0 DPA | Yes | Authentication of user accounts | User emails & credentials |
| HubSpot | https://legal.hubspot.com/dpa | No | Send release and marketing emails to users | User emails |
| Metabase | https://www.metabase.com/license/hosting | No | User analytics | User accounts & activity |
| OpenAI | Signed, available upon request | No | Screening model features | Record abstracts |
| Scite | https://scite.ai/policy | No | Screening model features, record display badge | Record DOIs |
| Stripe | https://stripe.com/legal/dpa | No | Payment services | User email, location, subscription, and payment details |
Infrastructure Providers house the physical hardware used to run the application. These providers do not process user data, although they contain it.
| Name (Manufacturer) | Data Processing Agreement | Purpose |
|---|---|---|
| AWS (Amazon) | https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html | Production Infrastructure (servers, services, databases) |
| GCP (Alphabet) | https://cloud.google.com/terms/data-processing-addendum | Storage of production database backups |
Third-party provider offers services that are integrated into the application in an opt-in manner or without processing user data, and are not necessary for core functionality.
| Name (Manufacturer) | Data Processing Agreement | Critical to application? | Purpose | Data Processed |
|---|---|---|---|---|
| EuropePMC | No | Run searches against EuropePMC | Literature Searches | |
| DOAJ | No | Run searches against DOAJ | Literature Searches | |
| Plausible | No | Web and Mobile analytics | Page visit URL | |
| Pubmed Entrez API | No | Run searches against PubMed | Literature Searches | |
| Unpaywall | No | Full text retrieval | Record DOI | |
| ClinicalTrials.gov | No | Run searches against ClinicalTrials.gov | Literature Searches |
The Policy Privacy describes the data Nested Knowledge shares with third party service providers.
Contracts with third party service providers must incorporate information security requirements, including data protection and notices of security incidents.
We will document roles. responsibilities, and controls between Nested Knowledge and third parties, where applicable. Documentation and risk assessment should be stored in our filesystem drive in the respective directory for the third party provider.
At least annually, we will review third parties vendors to assess compliance with contracts and security standards, and we update the privacy policy accordingly.
When new third party subprocessors are to be added, data supplied to vendors is to change, or the vendor's processing agreement are to change, all affected users will be notified via email with at least 7 days notice.
| Author | Date of Revision/Review | Comments/Description |
|---|---|---|
| K. Kallmes | 1/26/2023 | Reviewed |
| K. Cowie | 1/26/2023 | Drafted |
| K. Holub | 9/28/2023 | Monitoring updates |
