Security & Data Protection

At ReviewerZero AI, Inc, accessible from https://reviewerzero.ai, security and data protection are fundamental to our operations. As an early-stage startup, we have implemented a strong security foundation from day one and continuously evolve our security measures based on product needs and client requirements.

If you have questions about our security practices or data protection measures, please contact us at hi@reviewerzero.ai.

Cloud Infrastructure & Compliance

ReviewerZero AI is hosted on Amazon Web Services (AWS), benefiting from AWS's robust infrastructure security and extensive compliance certifications. AWS data centers are designed to meet the needs of the most security-sensitive organizations and maintain compliance with SOC 2, ISO 27001, FedRAMP, PCI DSS, and many other standards.

All client data is stored in secure AWS environments with strong physical and environmental safeguards. This cloud foundation allows us to scale while maintaining enterprise-grade security and reliability that our university and enterprise clients expect.

Data Encryption & Network Security

We implement comprehensive security measures to protect your data:

• Encryption in Transit: All communication with the ReviewerZero platform is encrypted using TLS 1.2 or higher
• Network Controls: AWS Virtual Private Cloud (VPC) security groups act as virtual firewalls, following the principle of least privilege
• Access Control: Restricted IP ranges and no unnecessary open ports
• Data at Rest: All stored data is encrypted using industry-standard encryption protocols

GDPR Compliance & Data Protection Rights

We are committed to protecting the privacy rights of all users. You have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data under certain circumstances
• Right to Data Portability: You can request your data in a structured, machine-readable format
• Right to Object: You can object to certain types of data processing
• Right to Restrict Processing: You can request limitation of data processing under certain conditions

To exercise any of these rights, please contact us at hi@reviewerzero.ai. We will respond to your request within 30 days.

Legal Basis for Data Processing

We process personal data under the following bases:

• Contractual Necessity: To provide our research integrity analysis services
• Legitimate Interest: To improve our services and ensure platform security
• Consent: Where you have provided explicit consent for specific processing activities
• Legal Obligation: To comply with applicable laws and regulations

Data Retention & Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Specifically:

• Account Data: Retained while your account is active and for up to 3 years after account closure
• Analysis Data: Retained according to your chosen retention settings or institutional requirements
• Log Data: Retained for up to 12 months for security and operational purposes
• Marketing Data: Retained until you opt out or for up to 2 years of inactivity

You can request earlier deletion of your data by contacting us at any time.

Monitoring & Incident Response

We maintain vigilant monitoring of our infrastructure and applications using AWS CloudWatch and related observability tools. Our monitoring includes:

• Real-time logging of system performance and security indicators
• Automated alerts for anomalies, errors, or security-relevant events
• Audit trails for all actions in our environment using AWS CloudTrail
• 24/7 monitoring dashboards for rapid incident response

In the event of a data breach that may affect personal data, we will notify affected users and relevant supervisory authorities within 72 hours as required by GDPR.

Secure Development Practices

Security is integrated into our development workflow through:

• Private Repositories: All code managed in private GitHub repositories with role-based access control
• Secret Scanning: Automated detection of credentials or sensitive data in code
• Dependency Management: Dependabot alerts for known vulnerabilities in third-party libraries
• Regular Updates: Prompt application of security patches and dependency updates
• Automated Testing: Security checks integrated into our continuous integration pipeline

Third-Party Security Partners

We carefully select third-party services that maintain high security standards and compliance certifications:

• Amazon Web Services (AWS): SOC 1/2/3, ISO 27001, PCI DSS Level 1, FedRAMP certified
• Google Cloud Vertex AI: SOC 2, ISO/IEC 27001 certified with GDPR compliance
• Stripe (Payment Processing): PCI DSS Level 1 Service Provider with SOC 1/2 compliance
• Roboflow: SOC 2 Type II certified with HIPAA-ready infrastructure
• Modal: SOC 2 Type II compliant with HIPAA support

All third-party integrations are implemented following security best practices and data processing agreements that ensure GDPR compliance.

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where transfers are to countries with adequate data protection
• Additional safeguards as required by applicable data protection laws

Data Protection Officer & Contact Information

For any questions, concerns, or requests regarding data protection, security, or to exercise your GDPR rights, please contact: hi@reviewerzero.ai

Updates to This Security Policy

We may update this security and data protection policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify users of any material changes and post the updated policy on our website with a revised effective date.

Last Updated: July 18, 2025