Privacy and Security

Your research is valuable, and protecting it is our top priority. ReviewerZero is built with security and privacy at its core, ensuring your unpublished manuscripts remain confidential throughout the analysis process.

Our Commitment

ReviewerZero is designed with the understanding that unpublished research is highly sensitive. We implement industry-leading security practices to protect your data:

• Your data is yours - We never claim ownership of your content
• No model training - Your manuscripts are never used to train AI models
• Secure infrastructure - Enterprise-grade security at every layer
• Transparent practices - Clear policies with no hidden data usage

Data Protection

Manuscript Security

When you upload a manuscript:

No Training on Your Data

We explicitly commit:

• Your manuscripts are never used to train our AI models
• Your data is never sold or shared with third parties
• Analysis results are never used for purposes beyond your request
• Your content remains completely confidential

Automatic Deletion

To minimize data exposure:

• Uploaded files can be set to auto-delete after analysis
• You can manually delete files at any time
• Deletion is permanent and irreversible
• No backups are retained after deletion

Infrastructure Security

Cloud Security

Our infrastructure follows security best practices:

• Reputable cloud hosting providers with strong security track records
• Regular security reviews
• Continuous monitoring for threats
• Redundant systems for reliability

Network Security

• Web Application Firewall (WAF) protection
• DDoS mitigation
• Intrusion detection systems
• Regular vulnerability scanning

Application Security

• Secure development practices
• Regular code security reviews
• Dependency vulnerability monitoring
• Prompt security patch deployment

Access Control

Authentication

• Secure authentication with industry-standard protocols
• Multi-factor authentication available
• Session management with automatic timeouts
• Password requirements following NIST guidelines

Authorization

• Role-based access control
• Granular sharing permissions
• Audit logs for access tracking
• Revocable sharing links

Sharing Controls

When you share results:

• You control who has access
• Set expiration dates on shared links
• Revoke access at any time
• Track who has viewed shared content

Compliance

Data Residency

• Data processing occurs in secure data centers
• Options for regional data residency where required
• Clear documentation of data flows

Institutional Agreements

For institutional customers:

• Data Processing Agreements (DPA) available
• Custom security requirements can be accommodated
• Compliance documentation provided
• Security questionnaire responses available

Privacy Practices

What We Collect

We collect only what's necessary:

What We Don't Do

• We don't sell your data
• We don't share data with advertisers
• We don't mine manuscripts for any purpose
• We don't retain data longer than necessary

Your Rights

You have the right to:

• Access - Request a copy of your data
• Correction - Update inaccurate information
• Deletion - Remove your data permanently
• Portability - Export your data
• Objection - Opt out of certain processing

AI-Specific Protections

Model Architecture

Our AI systems are designed with privacy in mind:

• Models are pre-trained before deployment
• Your data doesn't improve our models
• Analysis happens in isolated environments
• No data persists after processing

Third-Party AI Services

When we use external AI services:

• Data is transmitted securely
• Processing agreements ensure confidentiality
• No third party retains your data
• Services are vetted for security compliance

Security Best Practices for Users

Account Security

Protect your account:

1. Use a strong, unique password
2. Enable multi-factor authentication
3. Don't share login credentials
4. Log out on shared devices

File Management

Manage your files securely:

1. Delete files you no longer need
2. Review sharing permissions regularly
3. Use expiring links for temporary sharing
4. Keep local backups of important work

Sharing Safely

When sharing results:

1. Share only with trusted parties
2. Use the minimum necessary access level
3. Set expiration dates when appropriate
4. Revoke access when no longer needed

Incident Response

Our Process

If a security incident occurs:

1. Detect - Continuous monitoring identifies issues
2. Contain - Immediate action to limit impact
3. Investigate - Determine scope and cause
4. Notify - Affected users informed promptly
5. Remediate - Fix vulnerabilities and prevent recurrence

Reporting Vulnerabilities

If you discover a security issue:

• Email us at support@reviewerzero.ai
• We respond to reports within 24 hours
• Responsible disclosure is appreciated
• We don't pursue legal action against good-faith reporters

Frequently Asked Questions

Is my manuscript safe to upload?

Yes. Your manuscript is encrypted, processed in isolation, and never used for any purpose other than providing your analysis results.

Can ReviewerZero employees see my manuscript?

Access to user data is strictly limited and logged. Only authorized personnel with legitimate need can access data, and all access is audited.

What happens if I delete my account?

All your data is permanently deleted, including uploaded files, analysis results, and account information. This cannot be undone.

How long is my data retained?

You control retention. Files can be deleted immediately after analysis or kept as long as you need. Account data is retained while your account is active.

Contact

For privacy and security questions:

• Privacy inquiries: support@reviewerzero.ai
• Security reports: support@reviewerzero.ai
• DPA requests: support@reviewerzero.ai
• General support: support@reviewerzero.ai

Related Resources

• Data Processing Agreement - Formal DPA for institutional customers
• Platform Features - Security features in the platform
• Quick Start - Get started securely