Trust at Aperture Papers

Author and reviewer accounts are protected by email and password authentication. Sessions use signed tokens managed by our backend, and credentials are never stored in browser code.

Administrative areas of the platform require an authenticated session and a server-side role check — client-side flags alone do not grant access.

Aperture Papers runs on Lovable Cloud, which provides managed PostgreSQL, authentication, file storage, and serverless functions. Traffic to the site is served over HTTPS.

Shared responsibility: Lovable provides the underlying platform capabilities; Aperture Papers configures access policies, content, and editorial workflows on top of it.

We collect the information you submit: author profiles (name, affiliation, ORCID iD, email), manuscript files and metadata, and correspondence related to peer review. This data is used only to operate the journal — screening, peer review, publication, and indexing.

We do not sell personal data. Published article metadata is intentionally public so that indexers (Google Scholar, OAI-PMH consumers) can discover and link to articles.

Database tables that hold author submissions and private review correspondence use row-level security so that users can only read or modify their own records, and reviewers see only the assignments routed to them by an editor.

We use a small number of first-party cookies required for sign-in and session management. A cookie banner is shown on first visit. We do not load advertising trackers.

Published articles and their metadata are retained indefinitely as part of the scholarly record. Account and submission data tied to unpublished or withdrawn manuscripts can be deleted on request by writing to the contact address below.

If you believe you have found a security issue, please email the editorial team via the contact page. Please describe the issue and steps to reproduce; do not include real user data in your report.

Aperture Papers aligns its editorial process with COPE Core Practices — see our Publication Ethics and Peer Review pages. We do not currently claim SOC 2, ISO 27001, HIPAA, or PCI compliance.