Our commitment to your data security

We believe in putting the researcher and their needs at the center of the products we build at Editage. We understand that the privacy of your data and manuscript is very important to you, so protecting your invaluable work is our number one priority! Keeping our ecosystem of products secure is fundamental to our overall aim to intercept the Researcher journey, to accelerate Research success and support Researcher well-being. Read more around privacy in our Privacy Policy and Terms of Use pages.

top banner
You are the owner of your data

You are the owner of your data

Your manuscript is exclusively own by you retain, including copyrights and duplication privileges. We never sell or claim ownership of your manuscript.

Access Control to User Data

Our servers, and data centers have rigorous access restrictions to better protect your data. Only those authorized personnel have access to your data.

  • Multi Factor Authentication
  • Products use standard RBAC with username and password for providing authentication.
Access Control to User Data
Your Personal Data Retention

Retention of Personal Information

We retain Personal Information as long as an account is active or as needed to provide the service(s). Retention is also necessary to comply with our legal obligations, maintain accurate financial and other records, resolve disputes, and enforce our agreements. If you wish to terminate your account or request that we no longer use your Personal Information, please contact privacy@cactusglobal.com

Security Is the Foundation of All
Processes at CACTUS

CACTUS emphasis a secure company, product, and infrastructure, security is the topmost
priority at CACTUS. Our security policies and procedures are ISO 27001:2013 Certified

Dedicated Privacy Team

Dedicated Privacy Team

A dedicated privacy team comprise of security specialists, ISMS, compliance specialists and legal experts is focused on ensuring security and compliance across company, our products and infrastructure, as well as in all operations. The team also oversees the entire information security process and standards compliance.
Access Management

Access Management

Cactus adheres to the principle of least privilege to grant access data and infrastructure. Access grants are regularly reviewed to ensure only minimum required privileges are granted. All workstations are MFA and centrally controlled endpoint protection software that enforces security configurations and protection solutions.
Application Security Testing

Application Security Testing

We conduct mandatory security assessment for every platform update. Automated scanners, third-party Vulnerability Assessment and Penetration Testing (VAPT) certifications ensure vulnerabilities are addressed.

Security event response Plan

  • We have a clear action plan for security events that might occur and have educated all our staff on our policies. Our staff is also trained to identify or even anticipate such security events.
  • Whenever a security event is detected, it is immediately shared with our emergency engineering team, which addresses the event straightaway.
  • After a security event is sufficiently addressed and resolved, we do a retrospective analysis of the problem.
  • Security event analysis is reviewed by the Information Security Manager, and action items are identified, after which the learnings are shared with a larger group to avoid similar instances from happening in the future.
Security event response Plan
Disaster Recovery

Disaster Recovery

With backups across multiple regions, your data, and manuscripts remain accessible even in the rarest of disruptions. Automated back-up to ensure no data is lost.
Build Process Automation

Build Process Automation

  • New features and general changes are launched onto the platform using in-built automation.
  • Security patches and platform updates are deployed seamlessly throughout the day, keeping you protected without interruptions.
Secure Systems

Secure Systems

  • All servers that run the Editage software are recent and continuously patched Linux systems.
  • Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from intermediate attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256
Security event response Plan

Product Security

Audit Logging

  • All access to Products, and all actions are logged and audited.
  • We have set various auto-alert notifications that monitor and alert personnel in case of any inefficiencies detected.

Data Security

  • Editage is committed to building trust in our organization and platform by protecting our customer data.
  • Data is encrypted at rest and in-transit.
  • Antivirus software is installed in the server, operation terminal, and other operating environments, and virus checks are performed regularly. Virus pattern files are also updated regularly
  • We protect web applications (including APIs) using WAF etc

Our infrastructure

  • We do not run our own routers, load balancers, DNS servers, or any physical servers. All our services run in the cloud.
  • The vast majority of our services and data are hosted on Amazon Web Services (AWS) facilities in the USA, and Singapore.
  • All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that block unauthorized requests.
  • Additionally, we have multiple VPCs for different environments to ensure data integrity.
  • We also have an automatic backup system to ensure that no data is lost.

All about your data

  • All our customer data is stored in USA, Singapore and backup is in Tokyo.
  • Data is stored in an encrypted form using KMS key.
  • We conduct mandatory application security testing regularly. All these tests are run every time new changes are made on the platform.
  • Additionally, we have auto-scanners that run after set routines to assess application vulnerability.
  • Our data security system undergoes VAPT assessment by a third-party agency, which also gives us a “Safe-to-host” certification over our systems.

Physical Security

Data from our products are processed, encrypted, and stored within the AWS Data Centers, which use robust security measures, including:

  • Custom-designed electronic access cards
  • Biometric checks
  • Perimeter fencing
  • Vehicle access barriers
  • Laser beam intrusion detection
  • Continuous external and internal security camera surveillance
  • 24x7 trained security guards
Physical Security