// Trust & Security Report
Scite, LLC (a subsidiary of Research Solutions, Inc.)
AI research assistant for scientific literature (Smart Citations, full-text search across 280M+ articles, Scite Assistant Q&A, Reference Check, Collections); available as web app, API, and MCP server for Claude/ChatGPT/other MCP-compatible tools
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on scite.ai“Scite will comply with its privacy policy and applicable privacy laws and regulations including the European Union's General Data Protection Regulation (GDPR) with respect to personal data within Scite's possession and control ... we implement the standard contractual clauses approved by the European Commission for cross-border data transfers.”
> Show 7 unconfirmed / not-held certifications
source: scite.aiNo public evidence on scite.ai, scite.ai/policy, or scite.ai/terms. No trust center exists at trust.scite.ai (page does not resolve) or on parent company researchsolutions.com. A third-party aggregator (search result summarizing a Nudge Security auto-generated profile) claims scite.ai is 'SOC 2 Compliant, PCI Compliant, HIPAA Compliant, GDPR Compliant, ISO 27001 Compliant, FedRamp Compliant, and CSA Star Level 1 Compliant' but this is an unverifiable third-party inference with no vendor-domain source and is not corroborated anywhere on scite.ai or researchsolutions.com. Treated as an over-claim, not evidence.
source: scite.aiNo public evidence on any scite.ai page. Not mentioned in Privacy Policy or Terms of Service. See SOC 2 note above regarding the unverifiable third-party aggregator claim.
source: scite.aiNo public evidence on any scite.ai page. Scite is a scholarly-literature research tool, not a covered entity or business-associate product; no BAA or HIPAA language found anywhere on the site.
source: scite.aiNo public evidence on any scite.ai page. Payment processing is not described in detail in the Privacy Policy beyond 'we collect payment details to provide services'; no PCI DSS attestation referenced.
source: scite.aiNo public evidence on any scite.ai page. Scite is a consumer/academic/enterprise research tool with no government-authorization marketing; FedRAMP is implausible for a company of this profile and unsupported by any vendor-domain source.
source: scite.aiNo public evidence on any scite.ai page. No AI-governance certification referenced.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
US-based; Privacy Policy states 'most of our operations are conducted in the United States' and that personal information will be processed there, with standard contractual clauses used for transfers of EU/UK data outside the EU.
Terms of Service state explicitly: 'the Company does not use Customer Data ... to train, fine-tune, or improve such AI systems' and 'this license does not include any right to use Customer Data (including Media) for the training, fine-tuning, retraining, or improvement of large language models.' No separate stand-alone DPA document was found on the vendor domain; cross-border transfer language in the Privacy Policy references standard contractual clauses rather than a downloadable DPA, so dpa is graded false pending confirmation that a signable DPA exists for paid/enterprise customers.
// Security controls
AI training on customer data
Explicitly disclaimed in Terms of Service: customer data and user-uploaded media are not used to train, fine-tune, or improve LLMs/AI systems.
scite.aiCross-border data transfer mechanism
Standard contractual clauses (SCCs) approved by the European Commission, per Privacy Policy Section on EU/UK residents.
scite.aiData retention
Account data retained for as long as the account exists plus up to 10 years after; marketing data retained up to 10 years; other data retained only as long as necessary for its purpose.
scite.aiBot/abuse protection
Site protected by reCAPTCHA (Google Privacy Policy and Terms of Service apply), per homepage footer.
scite.aiDedicated security page / trust center
None found. No trust.scite.ai, no /security page discoverable via site search, and no trust center on parent company researchsolutions.com.
scite.ai// Products & data scope
data: Search and limited Smart Citations access; account data per standard Privacy Policy.
Entry-level tier for individual researchers/students.
data: Full Smart Citations, Scite Assistant Q&A, unlimited search; same privacy/AI-training terms apply.
$20-29/user/month range per third-party pricing summaries (not independently confirmed on vendor pricing page in this pass).
data: Institution-wide access with SSO, analytics, dedicated support; sold via sales@scite.ai.
No enterprise-specific security addendum, DPA, or trust center was located publicly; institutional buyers should request one directly from sales.
data: Programmatic access to Smart Citations and literature data for integration into third-party tools.
Custom pricing via sales@scite.ai.
data: Exposes Scite's search/citation data to MCP-compatible AI assistants (Claude, ChatGPT, Copilot, Cursor, Claude Code); requires an underlying Scite subscription.
Query data flows through the same backend and Privacy Policy/Terms as the web product; no separate MCP-specific privacy terms found.
// What to watch
- No trust center found on scite.ai or parent company researchsolutions.com; security posture is inferred only from the Privacy Policy and Terms of Service, not a dedicated security disclosure.
- A third-party aggregator (via search result summarizing a Nudge Security-style profile) claims scite.ai holds SOC 2, PCI, HIPAA, GDPR, ISO 27001, FedRAMP, and CSA STAR certifications. None of these are corroborated on any scite.ai or researchsolutions.com page. This looks like an automated/unverified vendor-database claim and should NOT be surfaced on AIFOXX as a confirmed cert; flagging as a probable over-claim risk.
- No stand-alone Data Processing Agreement (DPA) document was locatable on the vendor domain; enterprise/institutional customers should confirm DPA availability directly with Scite sales before assuming GDPR Art. 28 coverage.
- Identity note: Scite, LLC is a subsidiary of Research Solutions, Inc. (public company, ticker RSSS/OTCQB per search results); no evidence that Research Solutions' own compliance posture (if any exists) extends to Scite as a distinct product, so certs were graded on Scite's own domain only.
- Recommend a follow-up live check before publishing if higher certainty is required.
// At a glance
Pricing model
Freemium: free tier, paid individual tier (~$20-29/user/month per third-party pricing pages), custom-quoted Organization/Enterprise and Developer/API tiers via sales@scite.ai
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Scite, LLC (a subsidiary of Research Solutions, Inc.)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
scite.ai