“AI for scientific research.”
Elicit is an AI-powered research assistant designed to search for, review, evaluate, and synthesize scientific literature. The tool supports basic literature searches, automated research reports, and systematic reviews, including screening, data extraction, and citation management. All key AI statements are to be linked to text passages from the underlying publications.
Elicit
AI for scientific research.
Location: USA ⓘ Elicit Research, PBC, 440 N Barranca Avenue, #1595, Covina, CA 91723, USA
Pro For systematic reviews; includes an advanced Research Agent, a dedicated review workflow, higher screening and report quotas, research alerts, custom extraction from uploads, explanations for AI responses, output templates, and API access.
Scale For collaborative research teams; includes Pro features plus full Research Agent access, image interpretation, real-time collaboration, larger reports and tables, and an admin panel with usage and seat management.
Enterprise For corporations, universities, and research institutions; includes SSO/SAML, 2FA, domain verification, user analytics, custom deployments, single-tenancy options, custom data sources and templates, higher review limits, unlimited alerts and API usage, and no training on customer data by default. Other Elicit API API access is available starting with the Pro plan; reports and reviews generated via the API count toward the respective workflow quota. According to the documentation, systematic reviews via the API are reserved for Enterprise plans.
Institutional Agreements Custom contracts for universities, research groups, and companies, including onboarding, training, customer success, and customized data sources.
Elicit is an AI-based research assistant that not only searches for scientific literature but also systematically reviews, evaluates, and synthesizes it. Users can ask research questions in natural language, identify relevant publications, compare papers, define data fields, and extract results with traceable sources. For systematic reviews, Elicit offers a multi-step workflow ranging from protocol and search strategy to screening and data extraction, all the way through to evidence synthesis.
Target audience
Elicit is typically used by researchers, doctoral candidates, students, research consultants, medical writers, pharmaceutical and medical technology companies, policy analysts, and evidence-based organizations. The tool is suitable for both individual research questions and extensive systematic literature reviews. Prior methodological knowledge remains essential, particularly for reviews, meta-analyses, and highly relevant medical or policy decisions.
Outstanding features
Key features include semantic literature search, the Research Agent, automated generation of research reports, and structured screening of large sets of search results. Data can be extracted from text, tables, and figures and compared in customizable columns. Elicit supports PRISMA 2020-compliant documentation and links AI-generated statements to specific source passages. Newer workflows also enable traceable exclusion criteria, review reports, and programmatic evidence synthesis via an API.
Key Areas of Application
Elicit is used for literature reviews, scientific inquiries, evidence maps, clinical research, technology assessments, policy research, and the preparation of scientific texts. Other areas of application include abstract screening, the identification of relevant studies, the extraction of sample sizes or study results, the comparison of methods, and the regular monitoring of new publications.
Usage & Notes
The platform is operated entirely within the browser. Users enter a research question, select relevant studies, and, if necessary, define criteria or data extraction fields. Uploaded publications can also be analyzed. Despite source citations, every result must be verified: A displayed passage may be correctly cited but still misinterpreted. For systematic reviews, search strategies should additionally be documented in recognized specialized databases, and critical decisions should be confirmed by human reviewers.
| Target audience | Assessment |
|---|---|
| Individuals | Yes, to a limited extent—suitable for in-depth research and academic inquiries; less suitable for general web searches. |
| Students | Very well suited – helpful for literature research, summaries, paper chats, source comparison, and preparing academic papers. |
| Scientists / Researchers | Very well suited – core target group for literature reviews, systematic reviews, screening, data extraction, and research reports. |
| Self-employed / Freelancers | Yes, for knowledge-intensive work – useful for academic writing, consulting, market studies, policy research, and medical-technical research. |
| SMEs | Yes – suitable for research, product, innovation, medical affairs, and strategy departments. |
| Large enterprises | Yes, with Enterprise – appealing due to SSO/SAML, 2FA, domain verification, user analytics, single-tenancy options, and custom data sources. |
| Universities / Research Institutions | Very well suited – Elicit offers institutional features, collaboration, systematic reviews, and access to a very large scientific database. |
| Medicine / Pharma / Medtech | Yes, with expert oversight – suitable for evidence-based research and literature review; results must be validated by qualified experts. |
| Data-sensitive organizations | Conditional to good with Enterprise – DPA, SCCs, SOC 2, and no training on Enterprise data are positive factors; US providers and the lack of publicly guaranteed EU data residency remain relevant. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ❓ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
Overall assessment:
Cloud-based SaaS with a web interface, API, external AI models, and optional enterprise deployments. Elicit operates entirely as a web-based research platform. Regular local desktop operation, self-hosting, or traditional on-premise hosting is not publicly advertised. According to the pricing page, enterprise customers can arrange custom deployments such as single-tenancy.
Depending on usage, Elicit processes research questions, search queries, paper lists, uploaded publications, extracted tables, reports, paper chats, research alerts, as well as account, usage, and technical data. The DPA also permits the processing of personal data contained in customer content; which, depending on customer usage, may also include special categories such as health, biometric, or political data.
The platform accesses scientific publications, conference proceedings, and registered clinical trials. Users can upload their own documents and integrate institutional journal access or custom data sources.
Training: According to Elicit, no training is performed by default for Enterprise data. For other plans, there is no equivalent, clearly formulated public commitment. Third-party providers such as OpenAI may be involved in AI processing; for Enterprise, corresponding agreements are intended to exclude the use of training data.
Storage Location and Retention: Elicit uses cloud infrastructure and cites AWS-based security services. A specific default region for customer data is not publicly specified. According to the DPA, customer data is processed during the term of the contract and, if applicable, for a subsequent period in accordance with the contract; a deletion confirmation in accordance with the SCCs can be requested in writing.
Conclusion:
Elicit is particularly strong for cloud-based scientific research and evidence synthesis. For confidential research, the Enterprise plan is preferable, as it includes a DPA, a non-training commitment, subprocessor review, a single-tenancy option, and contractually stipulated deletion.
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ❓ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
Overall assessment:
Cloud-based SaaS with a web interface, API, external AI models, and optional enterprise deployments. Elicit operates entirely as a web-based research platform. Regular local desktop operation, self-hosting, or traditional on-premise hosting is not publicly advertised. According to the pricing page, enterprise customers can arrange custom deployments such as single-tenancy.
Depending on usage, Elicit processes research questions, search queries, paper lists, uploaded publications, extracted tables, reports, paper chats, research alerts, as well as account, usage, and technical data. The DPA also permits the processing of personal data contained in customer content; which, depending on customer usage, may also include special categories such as health, biometric, or political data.
The platform accesses scientific publications, conference proceedings, and registered clinical trials. Users can upload their own documents and integrate institutional journal access or custom data sources.
Training: According to Elicit, no training is performed by default for Enterprise data. For other plans, there is no equivalent, clearly formulated public commitment. Third-party providers such as OpenAI may be involved in AI processing; for Enterprise, corresponding agreements are intended to exclude the use of training data.
Storage Location and Retention: Elicit uses cloud infrastructure and cites AWS-based security services. A specific default region for customer data is not publicly specified. According to the DPA, customer data is processed during the term of the contract and, if applicable, for a subsequent period in accordance with the contract; a deletion confirmation in accordance with the SCCs can be requested in writing.
Conclusion:
Elicit is particularly strong for cloud-based scientific research and evidence synthesis. For confidential research, the Enterprise plan is preferable, as it includes a DPA, a non-training commitment, subprocessor review, a single-tenancy option, and contractually stipulated deletion.
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Highly specialized in scientific literature | • AI-powered searches do not guarantee comprehensive coverage of the relevant literature. |
| • Traceable citations down to the specific source passage | • Extracted information and summaries may contain errors or misinterpretations. |
| • Combination of semantic and traditional keyword search | • Coverage depends on metadata, full-text access, and available databases. |
| • Structured workflows instead of mere chat responses | • Not a substitute for library databases, subject matter experts, or methodological quality assurance. |
| • Support for comprehensive systematic reviews | • Higher rates are required for comprehensive reviews. |
| • Custom screening criteria and extraction columns | • Full team, governance, and no-training commitments are primarily reserved for the Enterprise offering. |
| • Collaborative editing and administration in higher-tier plans | • No generally available local or fully offline-usable product. |
| • SOC 2 Type II and formal DPA available | • The public server location is not clearly identified. |
| • Enterprise options such as SSO, SAML, 2FA, and single tenancy. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
Overall assessment:
Conditionally to well suited for GDPR compliance, particularly in the enterprise contract. A positive aspect is that Elicit provides a public Data Processing Addendum that governs the processing of customers’ personal data as a data processor. The DPA incorporates the EU Standard Contractual Clauses, supports controller-to-processor and processor-to-processor transfers, requires subprocessors to implement comparable safeguards, and mandates notification of data breaches within 72 hours of discovery at the latest. Elicit also publishes a list of subprocessors and enables notifications regarding changes.
Other positive features include SOC 2 controls, encryption in transit and at rest, regular penetration tests and vulnerability scans, as well as security monitoring via AWS GuardDuty and Cloudflare WAF. Elicit explicitly states that it does not use enterprise user data for model training; contracts with external providers such as OpenAI are also intended to preclude the use of this data for training.
A negative aspect is that Elicit is operated by the U.S.-based Elicit Research, PBC, and international data transfers may be required. No binding EU data residency or publicly documented European standard data center location was found: no verified information is available. The DPA uses SCCs for limited third-country transfers and designates Irish law and Irish courts for the EU standard contractual clauses.
For Basic, Plus, Pro, and Scale, the official pricing page does not include a general non-training commitment as clear as that for Enterprise. No reliable information is available as to whether all uploaded content from all standard plans is generally excluded from training. Particularly sensitive, unpublished, or personal research documents should therefore preferably be processed via contractually verified Enterprise access.
Conclusion: Elicit can be used in compliance with the GDPR through a DPA, SCCs, an Enterprise contract, access controls, and vetting of subprocessors. For health data, unpublished research, trade secrets, or special categories of personal data, a data protection impact assessment and documented approval should also be conducted.