Security & Compliance

Manuscript data is sensitive. We treat it that way.

Alkademy Press stores, encrypts, and controls access to your submissions data with the same standards we hold for our own infrastructure. Here is what that means in practice.

Start free

Core security

Four layers of protection

Data encryption

  • All data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Manuscript files stored in encrypted object storage — never on application servers
  • Database backups encrypted with rotating keys

Access controls

  • Role-based access: Editor-in-Chief, Section Editor, Reviewer, Author
  • Reviewers see only assigned submissions — no cross-journal visibility
  • API keys are scoped (read-only or full-access) and revocable at any time

Audit trail

  • Every status change, decision, and editor action is time-stamped and attributed
  • Full submission history is immutable and exportable
  • Reviewer invitation and response records are permanently retained

Infrastructure

  • Hosted on enterprise cloud infrastructure with 99.9% uptime SLA
  • Automatic patching — no server administration required from your team
  • Daily automated backups with point-in-time recovery

AI screening — your manuscripts are never used for training

Alkademy Press uses Claude (Anthropic) to screen submissions for scope, methodology, and duplicate risk. Manuscript content is sent to the AI model only for the purpose of that screening. It is never stored by the AI provider, never used to train models, and never accessible to other customers. Anthropic's API operates under a zero-retention policy for API inputs.

Anthropic API — zero data retention on inputs

Privacy

GDPR-aligned by design

Most of your users — authors, reviewers, editorial board members — are researchers. Their personal data deserves careful handling.

Data processing agreement

We offer a signed DPA on request for institutional and enterprise customers.

Right to erasure

Authors and reviewers can request deletion of personal data. Editorial workflow records are retained separately per academic record-keeping requirements.

Data residency

Data is stored in your chosen region. EU data does not leave EU infrastructure.

Data portability

Export your complete journal data at any time — submissions, reviewer records, metadata, and published content.

Integrations security

API key management

If you connect external tools via the Alkademy Press API, you control the keys — not us.

Scoped permissions

Issue read-only or full-access keys independently

Revocable instantly

Revoke any key from the dashboard — no support ticket needed

Webhook signatures

All outbound webhooks are HMAC-signed so you can verify the source

Rate limiting

Per-key rate limits protect your integration from runaway loops

Security questions

Have a specific security requirement? Email security@alkademy.com or .

Questions about how we protect your data?

Book a security briefing. We will walk through our architecture, access controls, and compliance posture — including a data processing agreement if your institution requires one.

Start free