Account-gated workspaces
Evaluation, dashboard, report, revise, and package surfaces must be available only through the user’s authenticated workspace unless the author explicitly exports or shares material.
Security & Access Controls
Serious manuscripts need controlled workspaces.
RevisionGrade is designed to feel like a private editorial desk, not a public posting tool. This page explains the security and access-control posture authors can expect when they upload, evaluate, revise, export, or prepare manuscript materials.
Plain-language posture
Private by default. Shared by author action.
Evaluation work belongs in the author’s account workspace.
Downloads are deliberate author actions.
Storygate access must be controlled, approved, and logged.
Security commitments
The author-facing experience must reduce exposure, not create it.
These commitments describe the product posture for uploaded manuscripts, generated reports, revision decisions, downloads, and controlled-access packages.
Manuscript storage boundaries
Uploaded manuscripts and generated reports must be treated as private project materials, not public content, marketing samples, or open browsing inventory.
Controlled downloads
Report exports must be author-facing files created for the user’s own review, records, and submission preparation. Downloaded files must avoid foregrounding internal job IDs or machine residue.
Logged controlled access
Storygate-style project access must be requested, approved, and logged. Controlled manuscript discovery is not the same as public indexing.
Access boundaries
Every surface needs a clear boundary.
Authors need to understand which areas are private, which actions create exports, and which package surfaces require explicit approval.
Private workspace
The default product experience is the author’s private workspace: uploaded writing, reports, dashboard state, and revision decisions belong inside the account context.
Export boundary
The author may download reports or prepared materials. Export is an intentional boundary-crossing action, not an automatic publication event.
Storygate boundary
Storygate materials must be creator-approved, access-controlled, and visible only to appropriate verified publishing professionals when the author chooses that path.
Admin boundary
Internal operational details, job IDs, raw errors, worker traces, and maintenance controls must not dominate normal author-facing pages.
Author controls
The author decides when work moves outward.
Evaluation and revision create private working materials first. Exports, packages, and submissions must be author-directed actions.
Choose whether to evaluate a saved document, uploaded file, or pasted text.
Review the generated report before using it for revision or submission preparation.
Decide whether to accept, reject, keep original, defer, or write a custom repair in Revise.
Use downloads as private records unless the author chooses to share them.
Prepare Storygate or Agent Readiness materials only as author-controlled package outputs.
What this page does not claim
Security language must stay precise.
Trust is weakened when public pages claim certifications, workflows, or sharing models the product does not yet support.
No public manuscript indexing by default.
No promise that a completed evaluation makes the manuscript publicly discoverable.
No unsupported claim of agent interest, publication, or sales outcome.
No public exposure of raw operational traces as part of the normal author experience.
No unsupported scripted-media routing as a current public workflow.
No claim here of a formal compliance certification such as SOC 2 unless and until that certification exists.
Security FAQ
Plain answers about access and exposure.
This page avoids legal or certification overreach. It explains the user-facing trust model in direct language.
Is this a formal security policy?
No. This is a plain-language security and access-control trust page. Formal legal, privacy, and security policies can still define the binding terms for account, data, and infrastructure handling.
Can manuscripts appear in public search?
No. Manuscripts are private author materials unless the author intentionally exports or approves a controlled package workflow.
What must happen when a report is downloaded?
The downloaded file must be a professional author-facing artifact: readable, branded, useful for review, and stripped of avoidable machine-looking residue.
What must be logged in Storygate-style access?
Access requests, approvals, and material-viewing events must be treated as controlled activity. The public promise is controlled manuscript discovery, not open browsing.
Where do technical failure details belong?
Technical diagnostics belong in support, admin, or operational views. Normal author-facing pages must use clear human status messages and hide raw internals unless needed for support.
Does this page claim legal compliance certification?
No. It states the intended product trust posture and user-facing access model. Compliance claims must only be added when they are verified and current.
Trust by design
A manuscript-readiness system must protect the manuscript while it diagnoses it.
Continue to Privacy & Research Controls for the companion trust doctrine, or begin an evaluation when ready.