CiteKeeper Security Policy

CiteKeeper is committed to providing you with a secure experience that protects your information. As attorneys ourselves, we understand the importance of confidentiality and security between you and your clients. Security is paramount throughout our application and our entire operation. Accordingly, CiteKeeper is built on Heroku and Amazon's platforms, which provide industry-standard protection to your data.

CiteKeeper’s platform security is maintained by Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout the world. Heroku applies security best practices and manages platform security so customers such as CiteKeeper can focus on their business. The Heroku platform protects customers from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption. To read more about Heroku’s security, visit:

Heroku runs on Amazon Web Services. Amazon Web Services is a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world, with data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia. To read more about Amazon's security, visit:

Physical Security

CiteKeeper is hosted by Heroku, which uses ISO 27001 and FISMA certified data centers managed by Amazon. AWS’s world-class, highly secure data centers utilize state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis. Environmental systems are designed to minimize the impact of disruptions to operations. And multiple geographic regions and Availability Zones allow you to remain resilient in the face of most failure modes, including natural disasters or system failures.

Network Security

Network security is provided by AWS. Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default all access is denied and only explicitly allowed ports and protocols are allowed based on business need. Each system is assigned to a firewall security group based on the system’s function. Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.

Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. Heroku utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels.

Session data is protected in transit by the use of SSL.

Data Security

CiteKeeper isolates company data via role based authentication and company identification. Users must be credentialed in order to access company data and may only access company data for which they are attached. Strong passwords are required for authentication of all users. Backups of all data are maintained on a secure server via Heroku and may only be obtained using a secure console connection.

Disaster Recovery

CiteKeeper is hosted on Heroku. Heroku has its own disaster recovery plan that involves using multiple AWS zones and replicated databases and servers across zones.

Additionally, backups are automatically run by Heroku nightly on the application and the application data. These backup is stored on a secure Amazon S3 instance. In the event of a complete Heroku failure lasting days, the application and data may be restored to a custom Amazon AWS instance in a matter of a few hours.

Maintenance and Upgrades

We maintain and upgrade our applications as part of the fully-managed service and regularly release new features based on customer feedback.

Vulnerability Reporting

To report a security issue, the CiteKeeper team can be reached at