Dissertatiodissertatio

Security

Your research stays yours.

Built for researchers handling unpublished, competitive, and sensitive work — and for the institutions that procure on their behalf. Every control below is in place today unless explicitly marked as roadmap.

Encryption everywhere

All traffic is encrypted in transit with TLS 1.2+, and all customer data is encrypted at rest with AES-256. There is no unencrypted path to a manuscript.

Strict workspace isolation

Every workspace is a hard tenancy boundary enforced at the application and data layers. Queries are scoped to the workspace on every request — cross-tenant access is a structural impossibility, not a policy.

Role-based access control

Owner, editor, reviewer, and reader roles with explicit, per-project grants. Access follows invitations, never defaults — nobody sees a draft you have not shared.

Immutable audit logs

Collaboration, permission changes, exports, AI actions, and version restores are recorded in an append-only audit log. What happened, who did it, and when — reviewable, not editable.

Authenticated email

All email from dissertatio.com is authenticated with SPF, DKIM, and an enforcing DMARC policy — so mail claiming to be us either is us, or is rejected.

EU data residency

All customer data is stored and processed in AWS eu-west-1 (Ireland). Manuscripts, references, versions, and backups stay in the region.

AI data handling

AI features, without AI exposure.

The research copilot operates under the same rules as everything else on this page — plus three of its own.

Never trained on your research

Your manuscripts, references, and comments are never used to train models — ours or anyone's. Content sent for a check is processed for that check and not retained by the model provider.

Workspace-level controls

Admins decide whether AI features are available in a workspace at all, and can disable them entirely. When AI is off, no content leaves the editor for AI processing.

Every AI action logged

Each AI interaction — what was read, what was suggested, what was accepted — lands in the audit log and in the manuscript's exportable AI usage report.

No lock-in, by design

Export everything, any time, on any plan.

A research platform you cannot leave is a platform you should not trust. Every manuscript exports to DOCX, PDF, and LaTeX; every reference library exports to BibTeX; version history goes with it. That includes free plans, downgraded plans, and cancelled accounts.

  • Manuscripts — DOCX, PDF, LaTeX source
  • References — BibTeX, with resolved DOI metadata
  • Versions — full named-version history
  • Audit & AI reports — complete activity record

Compliance

Procurement-ready posture.

Clear answers for review boards, DPOs, and institutional IT — with documentation available on request.

GDPR

EU data residency, a Data Processing Agreement for paid plans, documented sub-processors, and support for access, export, and deletion requests. Data-subject rights are handled as product features, not ticket queues.

SOC 2

Our controls are designed against the SOC 2 Trust Services Criteria from day one, and a Type II audit is on our compliance roadmap. Institutional customers can request our current security documentation.

Sub-processors

Who touches your data — the complete list.

We keep the list short on purpose. Changes are announced in advance to workspace admins.

Sub-processorPurposeLocationStatus
Amazon Web ServicesCloud infrastructure, storage, and backupseu-west-1 (Ireland)Active
AnthropicAI model provider for validation checks and the research copilot — no training on customer dataUnited StatesActive
PayFastPayment processing for paid plansSouth AfricaPlanned

Security questions or reports: security@hashtagai.io. We respond to responsible disclosure within two business days.

Security answers your review board will accept.

Start free today, or request our security documentation for institutional procurement.