Technical Information on Data Processing

In corporate environments, it is important to know when software connects to the Internet and what data is exchanged in the process. In this chapter, we describe these situations in detail. Naturally, this chapter contains technical terminology. Please also refer to our Glossary if needed.

If you are interested in the non-technical aspects of data protection, please refer to our Privacy Policy.

Data Transmission on Program Start and Login

• When the program starts, Citavi checks with the Citavi server to see if an update is available. A system administrator can disable this check.
• When the program starts, Citavi checks the installed AddOns. If a new AddOn has been added or an update is available, it is downloaded and activated.
• When the program starts, Citavi checks whether a connection to the Citavi Cloud is allowed. A system administrator can disable this check.
• When the program starts, Citavi checks whether the user has previously logged in to their Citavi Account on that computer. If so, Citavi automatically logs in the user. This login is encrypted. Automatic login does not occur if
  • the user has never logged in on that computer,
  • the user logged out in the previous session,
  • the user chose to delete login credentials automatically after each session.
• After successful login to the Citavi Account, Citavi downloads the user's license information from our server. This applies only to Citavi for Windows. Citavi for DBServer users receive license information from the company computer that runs the SQL database server with the Citavi database.
• Citavi communicates via the WebApi of our server for login and all subsequent steps. Communication via the WebApi occurs over HTTPS, port 443.
• Configure your firewall as described here.

Data Transmission While Using Citavi

• Before a help topic is displayed for the first time in the program, it is downloaded from the Citavi server.
• Citavi displays messages in the start window. These messages inform users about important program updates. Universities that use a campus license can show relevant messages to their members. Each user can add their own message feeds. These messages are only updated when an internet connection is available.
• When the user performs online searches from within Citavi, imports text files, or selects citation styles, Citavi checks whether the necessary description file is available in a newer version on the Citavi server. If so, the file is downloaded.
• When the user imports PDF files, Citavi tries to retrieve bibliographic data. To do so, it analyzes the PDF file:
  • If a DOI, ISBN, PubMed ID, or ArXiv ID is found on the first five pages, it is used for the search.
  • If none of the above identifiers are found, Citavi attempts to find the title of the work (usually the largest heading) and uses it for a search.
• During online searches, ISBN lookups, and full-text searches, Citavi transmits the search terms (and only those) to the respective servers. Two types of communication are distinguished:

• • Searching in web-based libraries or via web services: These searches are conducted exclusively via HTTP (port 80) or HTTPS (port 443). The communication always takes place directly between the locally installed Citavi program and the data provider.
  • Searching via the Z39.50 protocol, which is used by most public libraries: Z39.50 is operated by libraries on various ports, but most commonly on port 210 or 3950. If a Z39.50 server cannot be reached due to a strict firewall, Citavi sends the request via HTTPS (port 443) to a web service on the Citavi web server. The server executes the query on behalf of the library and returns the data to the client. No data is stored on the Citavi server in this process.

Data Transmission in Case of Program Errors

To improve Citavi and resolve program errors, we use the Application Insights service from Microsoft Azure.

If the program's product development mode is enabled, program errors including the context and sequence of the error are transmitted. As a rule, only the name of the Citavi function that was called is transmitted. However, it is possible that a user name may be included: "Access to file C:\Users\thomas.schempp\Documents\Citavi 6\... failed." Sensitive information such as passwords is never transmitted.

This data is only transmitted if the user activates this option under Tools > Options > Diagnostics or Tools > Options > Product development. A system administrator can disable these options using the MSI Assistant.

Errors are always logged if they occur within our cloud infrastructure. They never contain personal data.

Additional Data Transmissions

Any further network access depends on where the Citavi project is stored:

Local Projects

The Citavi project is stored on a computer, an external hard drive, or in a local network. In this case, there are no additional data transmissions.

DBServer Projects

The Citavi project is stored in a Microsoft SQL database.

• With a per seat license for Citavi for DBServer, Citavi stores this license information on the user's computer for 56 days. This allows the user to work with local projects even without a connection to the company's SQL Server. To determine the expiration date of the cached license, Citavi retrieves the date via a WebAPI call from our server.
• If all concurrent licenses for Citavi for DBServer are in use and another user attempts to obtain a license, Citavi can initiate the sending of an email to the license administrator via a WebAPI call. This option must be configured by the license administrator. The email informs them that there were not enough licenses available for all interested users. The email does not contain any personal data.

Cloud Projects

The Citavi project is stored in the Citavi Cloud, which uses Microsoft Azure. Microsoft operates many data centers around the globe. For users in Europe, we use data centers in Western Europe (Azure WestEurope in Dublin and Amsterdam) for account data and Citavi projects. Users in America are served from data centers in the United States (Azure US Central), and in Asia, from a data center in Singapore (Azure Southeast Asia).

Citavi continuously communicates with the WebAPI.

• Each Citavi installation sends an encrypted proof (= token) to the cloud project. The token ensures that the correct person opens the correct project with the appropriate permissions.

• When a cloud project is opened for the first time, Citavi downloads the full project data from our servers and saves it as a cached copy on the user’s computer. On subsequent openings, only the differences between the cache and the cloud version are downloaded. (The cache is deleted when the user logs out of their Citavi Account.)
• While working with a cloud project, Citavi accesses the WebAPI to save and synchronize data changes, upload attachments, etc.
• To reduce load on our web servers, Citavi sometimes accesses Microsoft’s cloud infrastructure directly. The connections are encrypted and protected (via so-called Shared Access Tokens). We use this technology in the following cases:
  • initial project download,
  • uploading an existing project to the cloud (in certain scenarios),
  • uploading and downloading attachments,
  • storing extensive bibliographic information after a large import.
• In parallel with this data exchange, Citavi opens a “real-time” communication channel via Ably. With Ably, our servers can notify a Citavi installation that another user has made changes to a shared project. After receiving this notification, changes are synchronized so that all participants have the same project version. Ably also allows communication between active users of a project, for example, allowing users to send messages to team members using the built-in chat function. After the chat session ends, the chat contents are deleted.

Additional Information

Citavi for DBServer

Connection

Citavi uses the standard .NET libraries (System.Data.SqlClient) to connect to the SQL Server. All communication between Citavi and the database server is based on this framework and follows the protocols established and proven by Microsoft.

DBServer Manager

DBServer Manager is not a server application and does not communicate with Citavi. DBServer Manager is a frontend that sends SQL statements to the selected SQL Server — in other words, a "Management Studio light" for Citavi purposes. Since DBServer Manager is not a server application, it is not a critical component in terms of security.

Project/Data Security

Security at the database/project level is enforced using standard SQL Server mechanisms (i.e., not Citavi-specific methods).

Each project is represented as a schema on the SQL Server. For each schema, there are three roles: Managers, Authors, and Readers. Authors have insert/update/delete permissions, while Readers only have select permissions. (Managers additionally have the right to change role memberships.)

When a user is granted author rights in DBServer Manager, this means — technically speaking — that the user is added via SQL to the “Authors” role of the corresponding project schema. This architecture ensures that even if a user accesses the SQL Server database using a client other than Citavi, they can only view data that they would also be able to access in Citavi.

Cloud

We use Microsoft Azure’s cloud services for our web services. Our servers are operated as so-called WebApps (Platform-as-a-Service). This means that Microsoft ensures the security of these systems on multiple levels.

Communication

All communication with our servers is always encrypted (HTTPS / TLS).

Project Database

Cloud projects are stored in a SQL Azure database. We implement various safeguards in our code and on the database level to ensure that users can never see “foreign” project data — even if one of our developers were to accidentally write an incorrect SQL query.

SQL Azure mirrors all data across three instances simultaneously, so that no data is lost in the event of a hardware failure. SQL Azure creates automatic backups every few minutes and retains them for the past 7 days. In the rare case that an entire data center fails, the data is continuously copied to another data center.

SQL Azure data is encrypted at the physical level, making it inaccessible to any external attacker who might gain access to the database storage systems. For Swiss Academic Software itself, the data is not encrypted — this is technically unavoidable. Because administrative access to the production environment implies access to Citavi project data and user attachments, we have strictly limited this access to very few individuals. These individuals are obligated not to view any user data.

Client (Desktop Application)

The Citavi desktop application does not provide any server services and therefore cannot be externally attacked. In this sense, it is not considered critical from a security perspective.

When Citavi stores security-relevant information (e.g., in the case of an access token), we use strong public/private key encryption.