Security built for peer-reviewed work.
Your unpublished figures are sensitive intellectual property. We treat them that way.
Your figures are yours.
We never train models on your private figure content. Public, opted-in templates only.
Minimum data, max care.
We collect what's required to operate the product and nothing more. No third-party ad tracking.
Deletable, exportable, portable.
Account deletion removes all personal data within 30 days. Full export in open formats anytime.
Controls
Encryption at rest
AES-256 on all stored figures, exports, and backups.
Encryption in transit
TLS 1.3 for all client and service-to-service traffic.
Row-level security
Every database query is scoped to the authenticated user. No service-role calls from the browser.
Least-privilege access
Engineering access to production data is restricted, time-bound, and audit-logged.
Audit logging
User-facing audit trail of sensitive actions: exports, deletions, role changes.
Vulnerability scanning
Dependency scanning on every deploy; secrets scanning on every commit.
SOC 2 Type I
Trust Services Criteria mapped; auditor engagement scheduled for the next fiscal quarter.
SOC 2 Type II
Continuous control monitoring follows Type I; observation period begins immediately after.
HIPAA-aligned controls
BAA available on the Enterprise plan; PHI handling matches §164.312 technical safeguards.
Single Sign-On (SSO)
SAML 2.0 and OIDC for institutional and enterprise customers.
Reporting a vulnerability
We welcome responsible disclosure. Email security@scivue.live with reproduction steps. We acknowledge within 48 hours and aim to remediate critical issues within 7 days.
Please do not test against other users' data or run automated scanners against production endpoints.