Your research completely belongs to you – at Paperpal, we ensure this! By adopting industry best practices for data security and the most rigorous safeguards, we keep your data and your research safe, always.
Paperpal is designed with the security of the researcher’s work in mind. Therefore, we’ve prioritized data protection and set up a robust security system to ensure that you’re always in control and that only you have access to your content.
How we keep your manuscript safe
We host your personal details and uploaded manuscripts in secure SSAE 16/SOC1-certified data centers
Our servers have rigorous access restrictions to better protect your information
Firewalls are implemented to prevent unauthorized access and maintain a private network
We use the world’s most trusted cloud computing platform - Amazon Web Services (RDS & S3) to manage your data
Our commitment to your data security
Securing your research and all the data around it is our top priority. We believe in putting the researcher and their needs at the center of the products we build under Paperpal. We understand that the privacy of your data and manuscript is very important to you, and have, therefore, employed the most robust physical, procedural, and technical safeguards to preserve your data.
Paperpal is ISO/IEC 27001:2013 certified, which guarantees both the infrastructure and secure processing of your personal data and manuscript. Data is processed, protected, accessible, and stored securely.
We host data in secure SSAE 16/SOC1-certified data centers, build network firewalls, and access restrictions on our servers to fully protect your data.
All servers that run the Paperpal software are recent and continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon Cloud Storage, are comprehensively hardened infrastructure-as-a-service (IaaS) platforms.
Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
We place strict controls over our employees’ access to your data and are committed to ensure that any customer data is not seen by anyone who should not have access to it. All our experts and employees honor a strict NDA.
We set the highest standards for data privacy
All servers that run the Paperpal software are recent and continuously patched Linux systems.
Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from intermediate attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256
We do not run our own routers, load balancers, DNS servers, or any physical servers. All our services run in the cloud.
The vast majority of our services and data are hosted on Amazon Web Services (AWS) facilities in US East (N. Virginia).
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that block unauthorized requests.
Additionally, we have multiple VPCs for different environments to ensure data integrity.
We also have an automatic backup system to ensure that no data is lost.
All about your data
All our customer data is stored in US East (N. Virginia).
Data is stored in an encrypted form using KMS key.
We conduct mandatory application security testing regularly. All these tests are run every time new changes are made on the platform.
Additionally, we have auto-scanners that run after set routines to assess application vulnerability.
Our data security system undergoes VAPT assessment by a third-party agency, which also gives us a “Safe-to-host” certification over our systems.
Your files are also secured through our latest ISO standard systems (ISO/IEC 27001:2013 certified).
Our staff is continuously trained on best security practices and sign a privacy agreement that outlines their responsibility in protecting our customers’ data. Moreover, there are rigid controls on our employees’ access to your data.
Paperpal is served 100% over https.
Security event response plan
We have a clear action plan for security events that might occur and have educated all our staff on our policies. Our staff is also trained to identify or even anticipate such security events.
Whenever a security event is detected, it is immediately shared with our emergency engineering team, which addresses the event straightaway.
After a security event is sufficiently addressed and resolved, we do a retrospective analysis of the problem.
Security event analysis is reviewed by the Information Security Manager, and action items are identified, after which the learnings are shared with a larger group to avoid similar instances from happening in the future.
We have set various auto-alert notifications that monitor and alert personnel in case of any inefficiencies detected.
All access to Paperpal applications is logged and audited.
Build process automation
New features and general changes are launched onto the platform using in-built automation.
We can get any security fix on the platform quickly with new upgrades and code deployments happening consecutively throughout the day.
Secure data transfer
All data sent to or from Paperpal is encrypted in transit using 256-bit encryption.
Our application endpoints are TLS/SSL only.
Paperpal is not subject to PCI obligations. All payment instrument processing is outsourced to secured third-party tool Stripe.
Data from our products are processed, encrypted, and stored within the AWS Data Centers, which use robust security measures, including:
Custom-designed electronic access cards
Vehicle access barriers
Laser beam intrusion detection
Continuous external and internal security camera surveillance