“AI for scientific research.”
Elicit is an AI-powered research assistant designed to search for, review, evaluate, and synthesize scientific literature. The tool supports basic literature searches, automated research reports, and systematic reviews, including screening, data extraction, and citation management. All key AI statements are to be linked to text passages from the underlying publications.
Elicit
AI for scientific research.
Location: USA ⓘ Elicit Research, PBC, 440 N Barranca Avenue, #1595, Covina, CA 91723, USA
Pro For systematic reviews; includes an advanced Research Agent, a dedicated review workflow, higher screening and report quotas, research alerts, custom extraction from uploads, explanations for AI responses, output templates, and API access.
Scale For collaborative research teams; includes Pro features plus full Research Agent access, image interpretation, real-time collaboration, larger reports and tables, and an admin panel with usage and seat management.
Enterprise For corporations, universities, and research institutions; includes SSO/SAML, 2FA, domain verification, user analytics, custom deployments, single-tenancy options, custom data sources and templates, higher review limits, unlimited alerts and API usage, and no training on customer data by default. Other Elicit API API access is available starting with the Pro plan; reports and reviews generated via the API count toward the respective workflow quota. According to the documentation, systematic reviews via the API are reserved for Enterprise plans.
Institutional Agreements Custom contracts for universities, research groups, and companies, including onboarding, training, customer success, and customized data sources.
Elicit is an AI-based research assistant that not only searches for scientific literature but also systematically reviews, evaluates, and synthesizes it. Users can ask research questions in natural language, identify relevant publications, compare papers, define data fields, and extract results with traceable sources. For systematic reviews, Elicit offers a multi-step workflow ranging from protocol and search strategy to screening and data extraction, all the way through to evidence synthesis.
Target audience
Elicit is typically used by researchers, doctoral candidates, students, research consultants, medical writers, pharmaceutical and medical technology companies, policy analysts, and evidence-based organizations. The tool is suitable for both individual research questions and extensive systematic literature reviews. Prior methodological knowledge remains essential, particularly for reviews, meta-analyses, and highly relevant medical or policy decisions.
Outstanding features
Key features include semantic literature search, the Research Agent, automated generation of research reports, and structured screening of large sets of search results. Data can be extracted from text, tables, and figures and compared in customizable columns. Elicit supports PRISMA 2020-compliant documentation and links AI-generated statements to specific source passages. Newer workflows also enable traceable exclusion criteria, review reports, and programmatic evidence synthesis via an API.
Key Areas of Application
Elicit is used for literature reviews, scientific inquiries, evidence maps, clinical research, technology assessments, policy research, and the preparation of scientific texts. Other areas of application include abstract screening, the identification of relevant studies, the extraction of sample sizes or study results, the comparison of methods, and the regular monitoring of new publications.
Usage & Notes
The platform is operated entirely within the browser. Users enter a research question, select relevant studies, and, if necessary, define criteria or data extraction fields. Uploaded publications can also be analyzed. Despite source citations, every result must be verified: A displayed passage may be correctly cited but still misinterpreted. For systematic reviews, search strategies should additionally be documented in recognized specialized databases, and critical decisions should be confirmed by human reviewers.
| Target audience | Assessment |
|---|---|
| Individuals | Yes, to a limited extent—suitable for in-depth research and academic inquiries; less suitable for general web searches. |
| Students | Very well suited – helpful for literature research, summaries, paper chats, source comparison, and preparing academic papers. |
| Scientists / Researchers | Very well suited – core target group for literature reviews, systematic reviews, screening, data extraction, and research reports. |
| Self-employed / Freelancers | Yes, for knowledge-intensive work – useful for academic writing, consulting, market studies, policy research, and medical-technical research. |
| SMEs | Yes – suitable for research, product, innovation, medical affairs, and strategy departments. |
| Large enterprises | Yes, with Enterprise – appealing due to SSO/SAML, 2FA, domain verification, user analytics, single-tenancy options, and custom data sources. |
| Universities / Research Institutions | Very well suited – Elicit offers institutional features, collaboration, systematic reviews, and access to a very large scientific database. |
| Medicine / Pharma / Medtech | Yes, with expert oversight – suitable for evidence-based research and literature review; results must be validated by qualified experts. |
| Data-sensitive organizations | Conditional to good with Enterprise – DPA, SCCs, SOC 2, and no training on Enterprise data are positive factors; US providers and the lack of publicly guaranteed EU data residency remain relevant. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ❓ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
On-premise or local hosting is not specified on the website.
Private cloud / data center: partially
For Enterprise, “custom deployments” are referred to as “single-tenancy.” This suggests distinct deployment options, but the website does not specify an EU/EEA data center or a dedicated private cloud in Europe.
EU SaaS / Managed: unclear
A managed SaaS offering is clearly available, but the privacy policy mentions servers in the U.S. EU data residency or EU/EEA hosting is not specified on the website.
Hybrid: unclear
A hybrid operating model involving on-premises or customer-side processing combined with an external service is not specified on the website.
T&Cs / DPA: Covered
A 'Data Processing Addendum' is published on the website. It references the EU GDPR, SCCs, subprocessor obligations, and security incident policies.
No Training: Partially
For the Enterprise plan, the website states “No training on your data by default” and additionally notes that Enterprise data is not used for training and that third-party providers are also contractually prohibited from doing so. This is not explicitly guaranteed on the website for all pricing plans.
Open Source / Transparency Path: Partially
The Terms of Service refer to publicly available open-source licenses. However, the website does not specify a true self-hosting, open-model, or extensive sovereignty path.
Data Processing
The website describes SaaS processing by Elicit. According to the privacy policy, data is processed internationally and the servers are located in the U.S. The DPA contains provisions regarding European data protection law, restricted transfers, and SCCs. For Enterprise, the website lists additional security and deployment options such as “single-tenancy” and, by default, no training on customer data. The website does not specify an EU data residency.
Conclusion
From an EU/EEA perspective, Elicit is documented in terms of data protection law but is not clearly identified as a standard SaaS service with EU data residency. The best-documented approach is contractually supported Enterprise use with a DPA/SCCs, data minimization, and verification of the specific deployment. Because the website mentions servers in the U.S. and does not specify EU data residency or an on-premises option, the overall rating is “conditional.”
Sources
| On-prem / local hosting | ❓ |
| Private cloud / data center | ⚠️ |
| EU SaaS / Managed | ❓ |
| Hybrid | ❓ |
| DPA / AVV | ✅ |
| No training on customer data | ⚠️ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
On-premise or local hosting is not specified on the website.
Private cloud / data center: partially
For Enterprise, “custom deployments” are referred to as “single-tenancy.” This suggests distinct deployment options, but the website does not specify an EU/EEA data center or a dedicated private cloud in Europe.
EU SaaS / Managed: unclear
A managed SaaS offering is clearly available, but the privacy policy mentions servers in the U.S. EU data residency or EU/EEA hosting is not specified on the website.
Hybrid: unclear
A hybrid operating model involving on-premises or customer-side processing combined with an external service is not specified on the website.
T&Cs / DPA: Covered
A 'Data Processing Addendum' is published on the website. It references the EU GDPR, SCCs, subprocessor obligations, and security incident policies.
No Training: Partially
For the Enterprise plan, the website states “No training on your data by default” and additionally notes that Enterprise data is not used for training and that third-party providers are also contractually prohibited from doing so. This is not explicitly guaranteed on the website for all pricing plans.
Open Source / Transparency Path: Partially
The Terms of Service refer to publicly available open-source licenses. However, the website does not specify a true self-hosting, open-model, or extensive sovereignty path.
Data Processing
The website describes SaaS processing by Elicit. According to the privacy policy, data is processed internationally and the servers are located in the U.S. The DPA contains provisions regarding European data protection law, restricted transfers, and SCCs. For Enterprise, the website lists additional security and deployment options such as “single-tenancy” and, by default, no training on customer data. The website does not specify an EU data residency.
Conclusion
From an EU/EEA perspective, Elicit is documented in terms of data protection law but is not clearly identified as a standard SaaS service with EU data residency. The best-documented approach is contractually supported Enterprise use with a DPA/SCCs, data minimization, and verification of the specific deployment. Because the website mentions servers in the U.S. and does not specify EU data residency or an on-premises option, the overall rating is “conditional.”
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Highly specialized in scientific literature | • AI-powered searches do not guarantee comprehensive coverage of the relevant literature. |
| • Traceable citations down to the specific source passage | • Extracted information and summaries may contain errors or misinterpretations. |
| • Combination of semantic and traditional keyword search | • Coverage depends on metadata, full-text access, and available databases. |
| • Structured workflows instead of mere chat responses | • Not a substitute for library databases, subject matter experts, or methodological quality assurance. |
| • Support for comprehensive systematic reviews | • Higher rates are required for comprehensive reviews. |
| • Custom screening criteria and extraction columns | • Full team, governance, and no-training commitments are primarily reserved for the Enterprise offering. |
| • Collaborative editing and administration in higher-tier plans | • No generally available local or fully offline-usable product. |
| • SOC 2 Type II and formal DPA available | • The public server location is not clearly identified. |
| • Enterprise options such as SSO, SAML, 2FA, and single tenancy. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
For users in the EU/EEA, GDPR-compliant use is not clearly documented as standard SaaS in the EU. On the positive side, the service has its own privacy policy, a Data Processing Addendum referencing the EU GDPR, UK GDPR, Swiss data protection law, and SCCs, as well as a published reference to subprocessors. On the negative side, the website explicitly states that the servers are located in the U.S. The website does not specify EU data residency or EU/EEA data centers. Consequently, use appears to be possible only under certain conditions—such as additional contractual review and careful data minimization—but not as a clearly and fully secured standard EU/EEA solution.
Positive
The website includes a privacy policy, a DPA/AVV-like “Data Processing Addendum,” references to SCCs, obligations for subprocessors, and information on the rights of individuals in the European Economic Area. In addition, the website states “No training on your data by default” for Enterprise and refers to SOC 2 Type II.
Negative
The website explicitly states that the servers are located in the U.S. The website does not specify EU data residency, EU/EEA data centers, or a clear EU hosting path. Although a link to the list of subprocessors is provided, the content of that list is not viewable online. On-premises or self-hosting options are not specified on the website.
Server Location
According to the privacy policy: Servers in the United States. No other specific EU/EEA server locations or EU data residency are specified on the website.