Trust Center
How we protect your manuscripts, royalty data and reader lists.
security@publisheds.comCertifications & compliance
SOC 2 Type II
Audited annually by independent firm. Report available under NDA.
GDPR
EU data protection compliant. DPA available on request.
CCPA
California Consumer Privacy Act compliant.
ISO 27001
In progress β certification expected Q4 2026.
Our security principles
Your manuscripts are yours
We never train models on private content. Your drafts, notes and revisions stay yours β period.
Data residency
EU customers have data stored in Frankfurt. US customers in Virginia. Choose your region at signup.
Encryption everywhere
AES-256 at rest. TLS 1.3 in transit. Manuscript uploads use signed URLs that expire in 60 seconds.
Access controls
Role-based access on every plan from Studio up. SSO/SAML on Enterprise. Audit logs included.
Backups & disaster recovery
Hourly snapshots, retained 30 days. RPO < 1h, RTO < 4h. Tested quarterly.
Vendor due diligence
We only use subprocessors that meet our standards. Full list public and updated.
Subprocessors
| Vendor | Purpose | Location |
|---|---|---|
| Hetzner | Primary hosting (EU) | Germany |
| AWS S3 | Backups & cold storage | Multi-region |
| Stripe | Payment processing | US |
| Postmark | Transactional email | US |
| Sentry | Error monitoring | US (self-hosted option for Enterprise) |
| OpenAI / Anthropic / DeepSeek | LLM inference (opt-in per workspace) | US |
Reporting a vulnerability
Found something? We appreciate coordinated disclosure and reward security researchers. Email security@publisheds.com with details.
PGP key available on request.