Data Processing Addendum

Last Modified: 20th March 2026

This Data Processing Addendum (“Addendum”) forms part of the Terms of Service (the “Agreement”) between Litmap Ltd (“Litmaps”, “Processor”) and the customer entity agreeing to the Agreement (“Customer”, “Controller”).

This Addendum applies where Litmaps processes Personal Data on behalf of Customer.

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Data Protection Laws” means applicable privacy laws, including the GDPR, UK GDPR, and other relevant regulations.
  • “Processing” has the meaning given under applicable Data Protection Laws.

2. Roles of the Parties

  • Customer is the Controller of Personal Data.
  • Litmaps is the Processor of Personal Data.

Litmaps will process Personal Data only on documented instructions from Customer unless required by law.

3. Nature and Purpose of Processing

3.1 Nature of Processing

Litmaps provides a literature discovery and research mapping platform.

Processing may include:

  • collection
  • storage
  • retrieval
  • analysis
  • synchronization with third-party integrations (e.g. reference managers)

3.2 Purpose of Processing

To provide and improve the Litmaps platform, including:

  • account management
  • research mapping and visualization
  • citation and paper tracking
  • integration with third-party tools (e.g. Zotero)

3.3 Categories of Data Subjects

  • Researchers
  • Students
  • Academic staff
  • Customer personnel

3.4 Types of Personal Data

  • Name and contact details (e.g. email)
  • Account and authentication data
  • Usage and activity data
  • Content submitted by users (e.g. saved papers, annotations, metadata)

4. Duration of Processing

Litmaps will process Personal Data for the duration of the Agreement and until deletion in accordance with Section 10.

5. Confidentiality

Litmaps ensures that personnel authorized to process Personal Data are bound by confidentiality obligations.

6. Security Measures

Litmaps implements appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS)
  • Encryption of data at rest (where applicable)
  • Access controls based on least privilege
  • Authentication and authorization controls
  • Monitoring and logging of system activity
  • Regular backups and recovery processes

7. Subprocessors

7.1 General Authorization

Customer provides general authorization for Litmaps to engage subprocessors to process Personal Data on its behalf.

7.2 List of Subprocessors

Litmaps maintains an up-to-date list of its subprocessors at:
https://www.litmaps.com/legal/subprocessors

7.3 Obligations

Litmaps will:
(a) enter into a written agreement with each subprocessor imposing data protection obligations no less protective than those set out in this Addendum; and
(b) remain fully liable for the performance of each subprocessor.

7.4 Changes to Subprocessors

Litmaps may update its subprocessors from time to time. Litmaps will provide notice of any material changes by updating the subprocessor list.

7.5 Objections

Customer may reasonably object to a new subprocessor on data protection grounds by notifying Litmaps within 14 days of the update. In such case, the parties will work in good faith to resolve the concern.

8. Data Subject Rights

Litmaps will assist Customer, taking into account the nature of processing, in fulfilling obligations to respond to requests from data subjects, including:

  • access
  • correction
  • deletion
  • restriction of processing

9. Personal Data Breaches

Litmaps will notify Customer without undue delay after becoming aware of a Personal Data Breach and provide reasonable information to assist Customer in meeting its obligations.

10. Deletion or Return of Data

Upon termination of the Agreement, Litmaps will, at Customer’s choice:

  • delete Personal Data, or
  • return Personal Data to Customer

unless retention is required by law.

Backup systems may retain data for a limited period consistent with standard retention practices.

11. International Data Transfers

Where Personal Data is transferred outside of the EEA or UK, Litmaps will ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs), or
  • other lawful transfer mechanisms

12. Audit Rights

Litmaps will make available information reasonably necessary to demonstrate compliance with this Addendum.

Customer may conduct audits (including inspections), subject to:

  • reasonable notice
  • no more than once annually (unless required by law)
  • confidentiality obligations

13. Limitation of Liability

Liability under this Addendum is subject to the limitations set out in the Agreement.

14. Governing Law

This Addendum is governed by the same law as the Agreement unless otherwise required by applicable Data Protection Laws.

15. Order of Precedence

In case of conflict, this Addendum prevails over the Agreement with respect to data protection matters.

Annex 1: Details of Processing

Subject Matter

Provision of Litmaps services

Duration

For the duration of the Agreement

Nature and Purpose

As described in Section 3

Categories of Data Subjects

As described in Section 3

Types of Personal Data

As described in Section 3

Annex 2: Security Measures

Litmaps maintains administrative, technical, and physical safeguards appropriate to the risk, including:

  • Secure infrastructure hosted with reputable cloud providers
  • Network security controls (e.g. firewalls)
  • Role-based access control
  • Employee access restrictions
  • Regular software updates and patching
  • Incident response procedures
AboutFeaturesPricingCompanyBlog
Contact Us
Terms and ConditionsPrivacy PolicyAttributions & Notices
© 2025 Litmaps Ltd. All rights reserved