Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
security [2018/08/21 00:54] dstillmansecurity [2020/02/03 15:52] dstillman
Line 9: Line 9:
 If institutional policies prevent uploading of data to third-party servers, Zotero can always be used locally without syncing any data, but syncing is required to use group functionality. If institutional policies prevent uploading of data to third-party servers, Zotero can always be used locally without syncing any data, but syncing is required to use group functionality.
  
-If you choose to sync your data with the Zotero servers, all data is encrypted in transit with current best practices ([[https://www.ssllabs.com/ssltest/analyze.html?d=www.zotero.org&hideResults=on|Zotero receives an A+ score]] on the well-respected SSL Labs test) and stored within the Amazon cloud, where access is tightly restricted to the few people who need access to maintain the service. All data is currently stored in the us-east-1 AWS region in Virginia.+If you choose to sync your data with the Zotero servers, all data is encrypted in transit with current best practices ([[https://www.ssllabs.com/ssltest/analyze.html?d=api.zotero.org&hideResults=on|Zotero's API endpoint receives an A+ score]] on the well-respected SSL Labs test) and stored within the Amazon cloud, where access is tightly restricted to the small number of Zotero staff members who need access to maintain the service. Data in newly created accounts is also encrypted at rest using AES-256. All data is currently stored in the us-east-1 AWS region in Virginia.
  
 While library data can be synced only with Zotero servers, for syncing of attached files you can choose between Zotero servers and a WebDAV server under your control, or you can use linked files that are stored in a location of your choosing and aren't synced by Zotero. While library data can be synced only with Zotero servers, for syncing of attached files you can choose between Zotero servers and a WebDAV server under your control, or you can use linked files that are stored in a location of your choosing and aren't synced by Zotero.
  
-The Zotero data server is open-source and can be run locally, which some organizations choose to do, but this can be technically challenging, and we don't currently provide support for such installations. We hope to provide additional support for local server installations in the future.+The Zotero data server is open-source and can be run locally, which some organizations choose to do, but this can be technically challenging, and we don't currently provide support for such installations. We hope to provide additional support for local server installations in the future. If your organization may be interested in an officially supported local installation, you can contact [[support@zotero.org]] to discuss further.
  
 See our [[privacy|privacy policy]] for further details on Zotero's collection and use of data you choose to share. See our [[privacy|privacy policy]] for further details on Zotero's collection and use of data you choose to share.
security.txt · Last modified: 2023/05/31 11:44 by dstillman