// Trust & Security Report
Litmap Ltd.
Litmaps: A literature review assistant and citation-network visualization tool for academic researchers. Also owns ResearchRabbit (acquired May 2025). Core features: Discover papers, Visualize citation networks, Share research, Monitor new publications.
Certifications held
3
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on litmaps.com“Privacy Policy explicitly references 'Regulation (EU) 2016/679 General Data Protection Regulation' and implements Standard Contractual Clauses (2021/914) for international data transfers. States 'appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorized way.'”
Verify on litmaps.com“Privacy Policy references compliance with 'UK International Data Transfer Addendum' and UK data protection requirements alongside GDPR.”
Verify on litmaps.com“Privacy Policy explicitly states 'committed to protecting personal information while seeking to comply with all applicable data protection and privacy legislation, including the New Zealand Privacy Act 2020.'”
> Show 3 unconfirmed / not-held certifications
source: litmaps.comThird-party review site (TechVernia) claims 'maintains SOC 2 Type II certification' but Litmaps' official Privacy Policy and Terms make no mention of SOC 2. No vendor-domain proof of certification found. Marketing over-claim without substantiation.
source: litmaps.comNo public evidence of ISO 27001 certification in Litmaps' official documentation or dedicate security pages. Vendor does not claim this standard.
source: litmaps.comThird-party review (TechVernia) claims HIPAA compliance, but Litmaps' official Privacy Policy and Terms contain no mention of HIPAA, BAA, or healthcare compliance. No vendor-domain proof found. Likely marketing over-claim.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Offered
Data region
Multi-region: AWS (USA, Standard Contractual Clauses), Microsoft Azure (USA, Standard Contractual Clauses), Brevo SAS (France/EEA), Hotjar (Malta/EEA), Intercom (USA, Standard Contractual Clauses), Stripe (USA, Standard Contractual Clauses), Mixpanel (USA, Standard Contractual Clauses). Registered address: Wellington, New Zealand.
Litmaps uses citation-network analysis by default (no AI). Optional AI-driven search and chatbot available via third-party LLM (vendor not disclosed). No explicit statement about whether customer research data is used for model training. No clear opt-out language found in policies.
// Security controls
Data Protection Measures
Appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. Limits access to employees and contractors under confidentiality obligations.
litmaps.comInternational Data Transfers
Standard Contractual Clauses (2021/914) and UK International Data Transfer Addendum used for non-EEA processing
litmaps.comData Processor Agreements
Enters into data-protection terms with subprocessors that are no less protective than customer agreements; remains accountable for subprocessor activities
litmaps.com// Products & data scope
data: Academic papers metadata, user research notes, citation networks, usage data, email, authentication
Uses citation-network analysis by default. Optional AI-driven discovery and chatbot available. Processes researcher metadata from Semantic Scholar, OpenAlex, ORCID, LibKey. Session analytics via Hotjar (masked text fields). Product analytics via Mixpanel.
data: Academic papers metadata, user research notes, usage data
Acquired by Litmaps in May 2025. Separate product but under same parent entity. Privacy/security posture not independently verified as part of this assessment.
// What to watch
- Over-claim detected: Third-party review site (TechVernia) claims SOC 2 Type II certification and HIPAA compliance without vendor-domain evidence. Litmaps' official Privacy Policy and Terms do not mention these certifications. Marketing materials may be misleading.
- No dedicated Security or Trust Center page: Unlike enterprise-grade vendors, Litmaps has no public security page, only standard privacy/terms pages.
- Limited encryption documentation: Marketing claims 'bank-grade encryption' and 'data encrypted at rest and in transit' appear only in third-party review, not in Litmaps' official policies. Actual encryption implementation not detailed.
- Early-stage company: 7 employees as of late 2025; just raised Series A. Limited compliance infrastructure typical of startup maturity. Exercise caution for highly regulated use cases.
- AI model transparency: Vendor does not disclose which LLM powers optional AI-driven features. No statement on whether customer research data is used for model fine-tuning or training.
- HIPAA unsuitability: Despite third-party claims, Litmaps shows no evidence of HIPAA BAA, HIPAA-Ready infrastructure, or healthcare-specific compliance. Not suitable for HIPAA-regulated environments without explicit vendor confirmation and BAA.
// At a glance
Pricing model
Freemium with paid tiers (Team, Pro). Stripe payment processing.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Litmap Ltd.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
litmaps.com