// Trust & Security Report
Explain Paper (founded by Aman Jha and Jade Asmus)
AI-powered research paper reader that highlights confusing text and provides instant LLM-generated explanations. Free tier with unlimited highlighting + follow-up questions; paid Pro tier ($16/month) with advanced AI models and paper summaries. No subproducts identified.
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
No public evidence on vendor domain. Nudge Security third-party profile claims SOC 2 compliance, but vendor's website contains no dedicated security/trust center pages with verification.
No public evidence on vendor domain. Nudge Security third-party profile claims ISO 27001 compliance, but vendor's website contains no dedicated security/trust center pages with verification.
No public evidence on vendor domain. While GDPR is a legal obligation rather than a certification, no vendor-domain privacy policy or data processing agreement found despite multiple URL pattern attempts (https://explainpaper.com/privacy, /trust, /security, /terms all returned 404).
No public evidence on vendor domain. Nudge Security third-party profile claims HIPAA compliance, but product is research paper tool with no healthcare/PHI handling documented.
No public evidence on vendor domain. While product accepts payment ($16/month Pro plan), no vendor-domain evidence of PCI DSS certification found.
No public evidence on vendor domain. FedRAMP is for US government use; no evidence Explain Paper is a federal contractor or has pursued authorization.
No public evidence on vendor domain. Nudge Security third-party profile claims CSA STAR Level 1, but no verification found.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Unknown. Infrastructure uses Vercel (US-based), Supabase, Google Workspace, Google Analytics per Nudge Security profile, but no explicit data residency commitment found.
Product uses LLMs to explain papers. No documentation found regarding whether uploaded research papers or user queries are used for model training, whether there is an opt-out, or data retention practices. Critical gap: no privacy policy accessible on vendor domain.
// Security controls
Authentication
SSO via Okta, Google, Microsoft; two-factor authentication (SMS, email) available per Nudge Security profile
security-profiles.nudgesecurity.comEncryption in transit
Not documented on vendor domain
Encryption at rest
Not documented on vendor domain
Cookies & tracking
Site uses cookies to enhance user experience and track visits; users can disable but may impact functionality
security-profiles.nudgesecurity.comThird-party data sharing
Does not sell or trade personally identifiable information to outside parties, except trusted third parties operating the website/business who agree to confidentiality
security-profiles.nudgesecurity.com// Products & data scope
data: User-uploaded PDF research papers, highlights, follow-up questions. No retention period documented.
Free tier with unlimited highlight explanations, ask questions, basic AI models. No login required initially (free explore); account creation needed for saved work.
data: User-uploaded PDF research papers, highlights, follow-up questions, saved highlights/explanations, full paper summaries. No retention period documented.
$16/month subscription. Powered by advanced AI models. Ability to save work. 7-day free trial with card on file.
// What to watch
- VENDOR DOMAIN EVIDENCE GAP: No trust center, security, privacy, or terms pages found on explainpaper.com. All standard pages (/privacy, /trust, /security, /terms) return 404. Only fulfillment policy is accessible.
- UNVERIFIED THIRD-PARTY CLAIMS: Nudge Security claims SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, FedRAMP, and CSA STAR Level 1 compliance, but these are NOT verified on vendor domain. Third-party aggregator may have outdated or inaccurate data for a small startup.
- NO PRIVACY POLICY: Product handles user-uploaded research papers and uses LLMs for explanations, but no privacy policy document found. GDPR Article 13/14 compliance cannot be assessed.
- AI TRAINING OPAQUENESS: No documentation of whether uploaded papers or queries are used for LLM training, whether customer opt-out exists, or data retention timelines. Critical for users uploading proprietary/sensitive research.
- HIPAA CLAIM MISMATCH: Nudge Security claims HIPAA compliance, but no healthcare-related features or PHI handling documented. Likely over-claim or misclassification.
- FEDRAMP CLAIM MISMATCH: FedRAMP is a US federal government authorization. No evidence Explain Paper is a federal contractor or has pursued this. Likely incorrect attribution from Nudge profile.
- STARTUP MATURITY INDICATORS: Founded by Aman Jha and Jade Asmus with 400K+ registered users (homepage claims) but no disclosed funding, no formal organizational structure publicly documented, no security team highlighted.
- PAYMENT PROCESSING: Accepts credit card payments for Pro tier ($16/month) but PCI DSS certification status unverified. Card collection for 7-day Pro trial suggests active payment infrastructure.
// At a glance
Pricing model
Freemium. Free tier unlimited, Pro $16/month.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Explain Paper (founded by Aman Jha and Jade Asmus)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
security-profiles.nudgesecurity.com