// Trust & Security Report
Paper Digest
AI-powered academic research platform (literature review, daily/conference paper digests, AI reader, AI writer, claim verification, research library, Q&A, search console) run as a single consumer/researcher web product; no separate enterprise or API tier identified.
Certifications held
0
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 9 unconfirmed / not-held certifications
source: paperdigest.orgNo public evidence. No trust center, security page, or SOC 2 mention found on paperdigest.org (home page, privacy policy, FAQ, about page); /security/ returns 404.
source: paperdigest.orgNo public evidence. Not mentioned anywhere on the vendor's site.
source: paperdigest.orgNo public evidence. No AI governance or AI-specific compliance page found.
source: paperdigest.orgNo public evidence. Product is a general research/literature tool, not marketed for PHI; no HIPAA statement or BAA offering found.
source: paperdigest.orgNo public evidence of an explicit GDPR compliance statement. The Privacy Policy page reviewed is generic default template text (covers comments, cookies, Gravatar, EXIF data) with no mention of GDPR, lawful basis, EU representative, or data subject rights under EU law.
source: paperdigest.orgNo public evidence; not applicable evidence found (no direct card-payment security disclosures on site).
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
not verified; company is US-based (New York, NY) but no data-residency statement found
No statement found anywhere on the vendor's site (home page, privacy policy, FAQ, about page) about whether user-uploaded documents, queries, or account content are used to train AI/ML models. This is an unresolved gap, not a confirmed 'no'.
// Security controls
Third-party data sharing
Privacy policy discloses use of an automated spam-detection service for comments and Gravatar (email hash lookup) for avatars; embedded third-party content may independently collect visitor data. This appears to be unedited default WordPress privacy-policy boilerplate rather than a policy tailored to the actual product (research library, uploaded PDFs, account data).
paperdigest.orgData retention
Comments and their metadata are retained indefinitely per the (boilerplate) privacy policy; login cookies persist 2 days (2 weeks with 'Remember Me'), comment cookies 1 year. No retention statement specific to uploaded documents, research library content, or account research data.
paperdigest.org// Products & data scope
data: User accounts, saved research library items/notes/tags, uploaded or referenced PDF articles, search/query history, comments; no evidence of a separate enterprise, team, or API product tier with distinct data-handling terms.
Single product surface covering literature review, daily/conference paper digests, AI reader, AI writer, claim verification, research library, Q&A, and search console. Founded 2018 by Dr. Chang Wang; New York-based; claims 3M+ users, no evidence found to independently verify that figure.
// What to watch
- No trust center or dedicated security page exists (/security/ returns 404); no cert claims are made anywhere on the site, so there is no over-claim risk, but buyers get zero formal assurance.
- The Privacy Policy at https://paperdigest.org/privacy-policy/ reads as unedited default WordPress privacy-policy template text (comment moderation, Gravatar, EXIF image data) rather than a policy describing the actual product's data handling (accounts, uploaded PDFs, research library, AI processing). This is a credibility/completeness gap worth flagging to buyers, not a fabricated cert.
- No statement anywhere on whether uploaded papers, queries, or account content are used to train the vendor's AI/ML models (trains_on_customer_data = null, unresolved).
- GDPR posture is unconfirmed: no explicit GDPR statement, lawful-basis language, EU representative, or DPA offering found despite the product serving a global user base ('users from thousands of universities... across the world').
- Terms of Use page could not be located at a stable URL during this review (multiple guessed paths 404'd); only referenced via footer link text on the home page.
// At a glance
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Paper Digest's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-08. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
paperdigest.org