Data Security

Your research is completely private

We built Bibby with a zero-knowledge architecture. That means your research documents are encrypted with keys only you control — and we have no ability to read, share, or use your content. Ever.

AES-256
Encryption at Rest
TLS 1.3
Encryption in Transit
0 bytes
Data sold to third parties

Enterprise-Grade Security Infrastructure

Built with the same security standards used by financial institutions and government agencies.

Data Storage Security

  • AES-256 encryption for all data at rest
  • Separate encryption keys per user account
  • Automated daily backups in geo-redundant encrypted storage
  • Data stored exclusively in SOC 2 Type II certified data centers
  • Logical data isolation between all user accounts
  • Automatic data purge 30 days after account deletion

Data in Transit

  • TLS 1.3 for all data in transit — no exceptions
  • HTTP Strict Transport Security (HSTS) enforced
  • Certificate pinning for API endpoints
  • Perfect Forward Secrecy (PFS) on all connections
  • All API calls authenticated via signed JWT tokens
  • Regular SSL/TLS configuration audits

Access Control

  • Multi-factor authentication (MFA) supported
  • Role-based access control for collaborators
  • Granular document-level permissions
  • Session management with automatic 24h timeout
  • Audit logs for all access events and document changes
  • IP-based anomaly detection and alerting

Network Security

  • DDoS protection via enterprise-grade WAF
  • Rate limiting on all API endpoints
  • Isolated network environments per service
  • Regular automated penetration testing
  • 24/7 infrastructure monitoring and alerting
  • Vulnerability scanning on every code deployment

Your Data Never Trains Our AI

This is our clearest, most important commitment. Your research documents are yours alone — they will never be used to train, fine-tune, or improve any AI model.

What Bibby AI Does

  • Process your text on our secure, isolated servers
  • Use pre-trained models that cannot learn from your data
  • Apply AI assistance without storing your content
  • Encrypt all AI processing requests and responses end-to-end
  • Use zero-retention API agreements with all AI providers

What Bibby AI Never Does

  • Send your documents to OpenAI, Anthropic, or other AI companies
  • Use your research to improve or fine-tune any AI model
  • Store your text in any AI training dataset
  • Share your research data with any external AI service for training
  • Retain your prompts or completions after session ends

Your Data, Your Rights

You maintain complete ownership and control of your research at all times. Here's exactly what that means in practice.

Full Ownership

You own 100% of the intellectual property in your documents. Bibby claims no rights to your content.

Export Anytime

Download your data in standard LaTeX, PDF, or ZIP formats at any time — no lock-in, no questions asked.

Request Deletion

Request permanent deletion of your data from your account settings. Requests enter a 14-day grace period during which your account remains recoverable, and are finalized within 30 days per GDPR. Self-service deletion may be unavailable in certain regions — contact us by email in that case.

Access Logs

See exactly who accessed your documents, when, and what changes were made. Full transparency on your audit trail.

Portability

Your data is always in standard formats. If you leave, your research leaves with you in a format you can use anywhere.

Sharing Control

You decide exactly who can view, comment, or edit your documents. Revoke access instantly at any time.

What “Zero-Knowledge” Really Means

Traditional cloud services encrypt your data, but hold the keys themselves — meaning they could read your files. Bibby uses a zero-knowledge model: your encryption keys are derived from credentials only you control. Our servers see only encrypted ciphertext.

This means: even if a government subpoenas our servers, even if our employees wanted to, even if we were hacked — no one can read your research without your credentials. This is the same approach used by Swiss banks and secure messaging apps like Signal.

View Compliance CertificationsAsk a Security Question

Write with complete peace of mind

Join thousands of researchers at top universities who trust Bibby to keep their unpublished research safe while they write.

Start Writing for Free →
Data Security | How Bibby Protects Your Research — Bibby AI | Bibby AI