// Trust & Security Report
Inciteful (Creator: M. Weishuhn)
Inciteful is a multi-product suite for academic research and medical insights. The Academic version (incitefulmed.com/academic/) provides citation-network based paper discovery; the Medical version (incitefulmed.com) delivers AI-powered evidence-based medical insights from 40M+ peer-reviewed studies. Free, open-data academic tool with US-based operations.
Certifications held
0
Maturity
Startup
Trains on your data
Yes
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 12 unconfirmed / not-held certifications
source: incitefulmed.comNo SOC 2 certification found in privacy policy, terms, or public vendor domain documentation.
source: incitefulmed.comNo SOC 2 certification found in privacy policy, terms, or public vendor domain documentation.
source: incitefulmed.comNo ISO 27001 certification found in privacy policy, terms, or public vendor domain documentation.
source: incitefulmed.comNo ISO 27017 certification found. Not mentioned in vendor documentation.
source: incitefulmed.comNo ISO 27018 certification found. Not mentioned in vendor documentation.
source: incitefulmed.comNo ISO 27701 certification found. Not mentioned in vendor documentation.
source: incitefulmed.comPrivacy policy explicitly states: 'data protection laws in the United States may differ from those of the country in which you are located.' No GDPR-specific safeguards, DPA, or privacy shield mentioned.
source: incitefulmed.comNo HIPAA compliance mentioned. Terms explicitly state service is for informational purposes only and does not constitute medical advice.
source: incitefulmed.comNo PCI DSS certification mentioned in vendor documentation.
source: incitefulmed.comNo AI governance certifications found. Not mentioned in vendor documentation.
source: incitefulmed.comNo CSA STAR certification found. Not mentioned in vendor documentation.
source: incitefulmed.comNo FedRAMP certification found. Not applicable to startup vendor.
// Privacy & AI training
Trains on customer data
Yes
Data processing agreement
Not offered
Data region
United States
Terms of Use grant Inciteful 'worldwide, royalty-free, non-exclusive...right to use, reproduce, modify, adapt' user-provided content for service improvement. Third-party LLMs are used for analysis. No explicit data training opt-out provided; users are warned not to input PII. De-identified datasets may be created for 'any lawful purpose.'
// Security controls
Encryption in Transit
Not publicly detailed; likely HTTPS (standard practice) but no specific protocol version or cipher suite documented.
incitefulmed.comSecurity Audit / Penetration Testing
No audit reports, penetration test results, or security certifications published.
incitefulmed.comIncident Response / Breach Notification
No incident response policy or breach notification timeline documented.
incitefulmed.comData Residency / Jurisdiction
Data transferred to, processed, stored, and used in the United States on servers 'potentially located outside your resident jurisdiction.' Governed by Illinois law.
incitefulmed.comSecurity Disclaimer
Vendor explicitly disclaims all security warranties: 'INCITEFUL MAKES NO WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, SECURITY, RELIABILITY...OF THE PLATFORM.'
incitefulmed.com// Products & data scope
data: Academic papers, citations, research metadata. Users should NOT input PII or sensitive data.
Free, citation-network based paper discovery tool. Covers 240M+ academic papers and 2B+ citations. Built on open data. No enterprise security posture.
data: Medical symptoms, health information, research queries. Warns: do NOT input PII, personal identifiers, or medical records.
AI-powered evidence-based insights from 40M+ peer-reviewed studies. Explicitly NOT medical advice. For informational purposes only. Users must verify findings with healthcare providers.
// What to watch
- SECURITY DISCLAIMER: Vendor explicitly disclaims all security, reliability, and accuracy guarantees in terms of service.
- NO GDPR COMPLIANCE: Privacy policy explicitly warns international users that US data protection laws differ from their jurisdiction. No GDPR safeguards, DPA, or privacy shield documented.
- NO ENTERPRISE CERTIFICATIONS: No SOC 2, ISO 27001, ISO 27017/18/701, HIPAA, PCI DSS, ISO 42001, CSA STAR, or FedRAMP certifications.
- DATA TRAINING: Terms grant broad rights to user-provided content for 'service improvement' via third-party LLMs. No explicit training opt-out. Users warned not to input PII.
- NO DPA / VENDOR AGREEMENTS: No Data Processing Agreement or third-party vendor security assessments published.
- LIMITED LIABILITY: Maximum liability capped at $100 USD. Disputes resolved through binding individual arbitration only.
- MEDICAL DISCLAIMER: Inciteful Med explicitly disclaims being medical advice or a substitute for healthcare provider consultation.
- US-ONLY DATA PROCESSING: All data processed in United States; no regional data residency options.
- THIRD-PARTY DEPENDENCY: Uses third-party LLM providers and analytics services; data sharing implications not fully detailed.
// At a glance
Pricing model
Free (Academic). Medical version pricing not disclosed.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Inciteful (Creator: M. Weishuhn)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
incitefulmed.com