Security Concerns/Quesitons
Hello World,
I was interested in purchasing subscriptions to Zotero for users in our organization, while using the syncing functions; however, I had a few privacy and security concerns I was hoping anyone could answer for me.
1. On your support page, what is considered “library data” that you collect from the user?
2. Can I be assured that Zotero will have no ownership or viewing ability of our data or publications?
3. What security measures are you implementing on your sync servers to help protect the confidentiality, integrity and availability of our resources?
4. Geographically, where are your servers located?
Any help would be greatly appreciated.
Thanks!
I was interested in purchasing subscriptions to Zotero for users in our organization, while using the syncing functions; however, I had a few privacy and security concerns I was hoping anyone could answer for me.
1. On your support page, what is considered “library data” that you collect from the user?
2. Can I be assured that Zotero will have no ownership or viewing ability of our data or publications?
3. What security measures are you implementing on your sync servers to help protect the confidentiality, integrity and availability of our resources?
4. Geographically, where are your servers located?
Any help would be greatly appreciated.
Thanks!
Here's the privacy policy:
https://www.zotero.org/support/privacy
1. "Library data" = all information in your Zotero library. Obviously syncing needs to collect that information, otherwise it can't be synced.
2. No ownership of any kind, but the data are not encrypted server-side and as with any application that allows you to view data on the web, a very small number of Zotero core developers are technically able to view your data.
3. I don't know, but this is also a very broad question. For file integrity and accessibility, you can refer to AWS documentation (I believe the guaranteed 99.99% uptime and 99.99999% integrity), but I don't think Zotero has any plans to describe in detail their security set-up (nor is it standard or even necessarily a good idea to do so).
4. They are on AWS US-East servers (I think Virginia)