Security and privacy
AcaTrove is clear about what it tracks, what it keeps out of analytics, how access is controlled, and how users can export core research records.
Hosted product posture
Encryption in transit
Hosted traffic uses TLS, and security claims stay tied to controls that are configured and verified.
Data boundaries
Document text and prompt content stay out of product analytics unless a user explicitly opts in.
Access controls
Feature access, roles, and collaborator permissions are enforced by backend checks.
Privacy-conscious analytics
Track funnel events and plan conversion without collecting sensitive research content.
Analytics boundaries
AcaTrove tracks product events such as page views, signup clicks, project creation, document upload, grant or career activation, AI trial usage, checkout activity, MCP connector interest, and exports. It does not send document text, unpublished research content, or prompt text into product analytics.
Institution-ready path
Institution plans add managed users, SSO, audit logs, retention controls, security documentation, procurement support, and guided rollout for teams that need centralized governance.
Reporting security issues
If you discover a security vulnerability, report it to security@acatrove.com. We will acknowledge receipt and work on a fix before public disclosure.