Data Security Page

At Paperpal, your data is secure, always

Your research completely belongs to you – at Paperpal, we ensure this! By adopting industry best practices for data security and the most rigorous safeguards, we keep your data and your research safe, always.

Paperpal is designed with the security of the researcher’s work in mind. Therefore, we’ve prioritized data protection and set up a robust security system to ensure that you’re always in control and that only you have access to your content.

How we keep your manuscript safe

We host your personal details and uploaded manuscripts in secure SSAE 16/SOC1-certified data centers

Our servers have rigorous access restrictions to better protect your information

Firewalls are implemented to prevent unauthorized access and maintain a private network

We use the world’s most trusted cloud computing platform - Amazon Web Services (RDS & S3) to manage your data

Our commitment to your data security

We believe in putting the researcher and their needs at the center of the products we build at Paperpal. We understand that the privacy of your data and manuscript is very important to you, so protecting your invaluable work is our number one priority! Keeping our ecosystem of products secure is fundamental to our overall aim to intercept the Researcher journey, to accelerate Research success and support Researcher well-being. Read more around privacy in our Privacy Policy and Terms of Use pages.

FAQ's

Securing your research and all the data around it is our top priority. We believe in putting the researcher and their needs at the center of the products we build under Paperpal. We understand that the privacy of your data and manuscript is very important to you, and have, therefore, employed the most robust physical, procedural, and technical safeguards to preserve your data.

Paperpal is ISO/IEC 27001:2013 certified, which guarantees both the infrastructure and secure processing of your personal data and manuscript. Data is processed, protected, accessible, and stored securely.
We host data in secure SSAE 16/SOC1-certified data centers, build network firewalls, and access restrictions on our servers to fully protect your data.
All servers that run the Paperpal software are recent and continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon Cloud Storage, are comprehensively hardened infrastructure-as-a-service (IaaS) platforms.
Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
We place strict controls over our employees’ access to your data and are committed to ensure that any customer data is not seen by anyone who should not have access to it. All our experts and employees honor a strict NDA.

We set the highest standards for data privacy

Secure Systems

All servers that run the Paperpal software are recent and continuously patched Linux systems.
Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from intermediate attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256

Our infrastructure

We do not run our own routers, load balancers, DNS servers, or any physical servers. All our services run in the cloud.
The vast majority of our services and data are hosted on Amazon Web Services (AWS) facilities in US East (N. Virginia).
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that block unauthorized requests.
Additionally, we have multiple VPCs for different environments to ensure data integrity.
We also have an automatic backup system to ensure that no data is lost.

All about your data

All our customer data is stored in US East (N. Virginia).
Data is stored in an encrypted form using KMS key.
We conduct mandatory application security testing regularly. All these tests are run every time new changes are made on the platform.
Additionally, we have auto-scanners that run after set routines to assess application vulnerability.
Our data security system undergoes VAPT assessment by a third-party agency, which also gives us a “Safe-to-host” certification over our systems.

Confidentiality, guaranteed

Your files are also secured through our latest ISO standard systems (ISO/IEC 27001:2013 certified).
Our staff is continuously trained on best security practices and sign a privacy agreement that outlines their responsibility in protecting our customers’ data. Moreover, there are rigid controls on our employees’ access to your data.
Paperpal is served 100% over https.

Security event response plan

We have a clear action plan for security events that might occur and have educated all our staff on our policies. Our staff is also trained to identify or even anticipate such security events.
Whenever a security event is detected, it is immediately shared with our emergency engineering team, which addresses the event straightaway.
After a security event is sufficiently addressed and resolved, we do a retrospective analysis of the problem.
Security event analysis is reviewed by the Information Security Manager, and action items are identified, after which the learnings are shared with a larger group to avoid similar instances from happening in the future.

Application monitoring

We have set various auto-alert notifications that monitor and alert personnel in case of any inefficiencies detected.
All access to Paperpal applications is logged and audited.

Build process automation

New features and general changes are launched onto the platform using in-built automation.
We can get any security fix on the platform quickly with new upgrades and code deployments happening consecutively throughout the day.