Security & Trust

All ResearchArk services run on infrastructure hosted within the European Union. Your data stays in the EU and is never transferred outside it without an appropriate legal safeguard.

In transit: Every connection to ResearchArk is protected with TLS, so data exchanged between your browser and our servers is encrypted end to end.

At rest: Databases, file storage, and backups are encrypted at rest, keeping your information protected even on the underlying storage layer.

Sign-in is handled by ArkID with secure, cookie-based sessions and ORCID single sign-on. Credentials are never stored in plain text, and sessions can be revoked at any time.

We run automated, encrypted backups on a regular schedule and verify that they can be restored, so your data is recoverable in the event of a failure.

ResearchArk is built around the principles of the EU General Data Protection Regulation:

• Privacy-respecting analytics with no invasive tracking or advertising profiles.
• Clear, opt-in consent for any non-essential data processing.
• Data minimisation — we collect only what we need to provide the service.
• Full data subject rights, including access, export, and deletion on request.

Our AI features are designed to keep your content private and under your control:

• Your content is never used to train AI models.
• AI processing is governed by a data processing agreement with each provider.
• Prompts and outputs are not retained for any purpose beyond delivering your result.
• Where possible, processing such as embeddings runs on our own EU infrastructure.

Found a security issue? We appreciate responsible disclosure. Email our team and we will investigate promptly and keep you informed.

We work with a small set of trusted providers, each bound by a data processing agreement:

• Stripe — payment processing for subscriptions.
• Firebase — authentication and notification delivery.
• IONOS — EU-based hosting and infrastructure.
• AI model providers — language and embedding services for AI features.