figshare help

Figshare’s approach to security and stability

This page is applicable to academic institutions, government agencies, funders, and publishers. If you are a user, see our privacy policy, data storage information, and backup information.

Figshare is a fully maintained and developed Software as a Service (SaaS) platform running on Amazon Web Services (AWS) with a record of 99.9% uptime, reported transparently through the Figshare Status page. Figshare (founded in 2010 and incorporated in 2012) is held by Digital Science & Research Solutions Limited (founded 2010) and works with Digital Science and its other portfolio companies to provide a secure and stable research services environment. Figshare aims to be as transparent as possible around security measures and personal data protections. This page outlines Figshare’s security measures and data storage options to help you understand how we protect information. Figshare can provide an example of the standard SLA and other security documentation upon request (

Figshare Security Information

We have a dedicated team with robust security measures in place (dictated by one of the highest standards in the industry, ISO27001). Real-time and historical status for the platform is at and email updates are available from that page. 

Platform security

  • Digital Science and Figshare are ISO 27001 certified, please see Figshare's certificate here. If you require more details please contact us at
  • Figshare is a multi-tenant platform. Access to data is controlled through access control lists and query filters
  • The system is monitored 24/7 with OS level monitoring, real-time analysis, and an antivirus solution
  • The system also undergoes regular vulnerability scanning and 3rd party penetration testing.
  • Figshare has completed a HECVATlite audit and we can share the results with those evaluating the platform for enterprise use.

Figshare scalability and availability

Figshare serves individuals and institutions across the globe. To meet IT business continuity requirements, the Figshare platform is deployed across multiple AWS Availability Zones and Regions.  All Figshare public services are deployed in a highly available and fault tolerant design following AWS cloud best practices.

Platform updates and functionality

  • The Figshare platform is updated about eight to 12 times a year with no planned downtime during updates
  • Figshare’s public pages are optimized for mobile devices through a mobile responsive website
  • Figshare functions on these minimum browser versions

Data location, transfer, backup, and preservation

Storage can be provided via the closest AWS node, via another cloud storage provider, or data can be stored locally at the institution.

If using Figshare Amazon S3 storage:

  • Resistance to unavailability of a data center is provided by AWS S3 standard multiple backups. Both Figshare and AWS are ISO 27001 certified.
  • Data in transit and at rest is encrypted.

Figshare integrates with preservation systems to enable institutions to use their preferred preservation service or system. Figshare provides preservation for researchers accounts on For organizations that license Figshare, we enable integrations with various preservations systems. Figshare does not provide preservation services for clients.

User authentication and user roles

  • Institutional portals can integrate with SAML2 single sign-on systems.
  • Permissions for the Figshare API are managed through account tokens. A user account’s permissions determine their permissions when using the API. The Figshare REST API supports the OAuth2 authorization standard and API Personal Access Tokens.
  • Authenticated users can be assigned roles by group and these are managed internally. A user account can have multiple roles. Users with no administrator privileges are only able to access their own private records. Administrators can assign roles with elevated permissions to users as needed. Available user roles are detailed on our help site.


Support is detailed in the standard Figshare SLA. In addition to 24/7 monitoring of the figshare platform, support agents are available to respond to general technical and configuration issues between 8am - 4pm UTC, Monday – Friday, excluding public holidays. Email support requests may be submitted at any time.  For customers based in regions with working hours outside of the Main Support Desk Hours, regional account managers monitor support tickets, so requests and emergencies can be responded to and escalated in a timely manner.

Data Protection Compliance

Figshare complies with GDPR and thus most other requirements around the world. As part of a licensing agreement, we provide a Data Processing Addendum to clients that details compliance with data processing under data protection laws. Digital Science complies with GDPR and  is ISO 27701 certified.

Figshare collects IP and user agent information (as advertised by our cookie banner) for visitors to the public portal. We collect this in our capacity as the platform provider and in accordance with our privacy policy. Figshare (or one of our third party sub processors) is the processor and the user or institution is the controller of their data. We only record non-sensitive information provided by the user, such as name, email, title, research categories and city/location. Please see our privacy policy for security measures taken.

We keep personal data for as long as it is necessary for the purposes for which it was collected, after which it is destroyed, erased, or anonymised. For users that have made content public, we retain a record of the association with that content.

If you need more information, please contact us at

Share this article: