Glacivis is in closed alpha. Learn what we're building →
Glacivis

Feature · jurisdiction & ownership

EU-jurisdiction native. Yours to keep.

Most ELNs offer EU hosting as a configuration toggle. Glacivis declares jurisdiction at the Cloudflare binding level, in the same wrangler.toml you can point your DPO at.

Why "EU-bound at the binding level" is different

A lot of cloud software claims "EU hosting available." When you ask how, the answer is usually "we deploy to a US-East region by default, but on request we can spin up an EU-West replica." That's an account-level configuration that can be toggled, that depends on a sales conversation, and that doesn't always survive a vendor's internal reorganisation.

Glacivis's cloud substrate is Cloudflare R2 (object storage) and D1 (SQLite-on-the-edge). Each binding declares jurisdiction = "eu" in the server/wrangler.toml file at deploy time. Cloudflare's control plane enforces the jurisdiction at the platform layer: EU-jurisdiction R2 buckets and D1 databases physically reside in EU regions, route through EU points of presence, and cannot be migrated out of jurisdiction without explicit redeploy.

This is the posture you want when a research-IT reviewer or a DPO asks "show me where the bytes live." It's a single config block, in a single source file, in a single production deployment.

Sub-processor list

Glacivis's data path involves three sub-processors. The list is short on purpose; every additional sub-processor is another GDPR addendum surface.

  • Cloudflare — R2 (object storage), D1 (database), Workers (edge compute), Durable Objects (sync coordination). EU jurisdiction. Cloudflare is ISO 27001, ISO 27018, ISO 27701, and SOC 2 Type II certified at the infrastructure layer.
  • Resend — transactional email (verification, password reset, invitations). EU region. Replaceable with any SMTP provider on roadmap.
  • Better Stack — uptime monitoring and centralised logs. EU region. Ingest paths tag every log entry with account, workspace, and request IDs for SOC 2 evidence collection.

Not in the sub-processor chain: any US-only analytics tool, any US-only AI provider, any US-only file CDN. (The site analytics on these very pages run through Plausible, which is privacy-friendly, EU-hosted, and uses no cookies.)

No data lock-in

A vendor lock-in audit on most ELNs comes down to: "the data is in a proprietary database, the export is a partial CSV, and you'll never get your attachments cleanly." Glacivis is the inverse, by design.

  • The desktop app keeps a complete SQLite copy of your workspace on disk, today.
  • Per-entity ZIP export of any subtree (notes + attachments + relations metadata) is available today.
  • Every attachment is content-addressed by SHA-256 — you can verify integrity without trusting us.
  • Per-page export to PDF / DOCX / Markdown / HTML is available today.

Coming Q3 2026. Bulk export to .eln RO-Crate format — the emerging ELN-Consortium standard for portable archives. We're tracking the spec; the bulk-export endpoint is in the Phase 3 roadmap. Until then, the per-entity ZIP plus the on-disk SQLite cover the practical export needs.

What "your data doesn't leave the EU" actually means

For shared workspaces using Glacivis's hosted cloud sync, every byte of your workspace content (entity rows, attachment objects, op-log) is stored in EU-jurisdiction R2 and D1. Worker compute that processes your sync requests runs in Cloudflare's EU points of presence. Authentication tokens are signed by an EU-resident JWT issuer.

For private workspaces — which are local-only by default — there is no cloud path to discuss. The data is on your laptop. Whether your laptop crosses a border is your decision, not ours.

Trust posture today

Glacivis is at the academic / individual-lab tier of ELN security maturity. The building blocks below are shipping or in active development:

  • Argon2id password hashing with timing equalisation against the dummy-hash path.
  • JWT with explicit iss / aud / nbf, ±60s skew tolerance.
  • Refresh-token rotation with reuse-detection (revokes the family on detection).
  • TLS 1.3 across the entire client-server path.
  • Audit log with 90-day retention default; class-tagged retention coming.
  • Right-to-erasure path documented per table.

What's not shipped yet, honestly: SAML SSO, customer-managed keys, 21 CFR Part 11 e-signatures, SOC 2 Type II audit. Those map to the enterprise / regulated-lab tier and are not in scope for the academic tier we're shipping today.

What you can do today

  • Read the public sub-processor list above and verify the EU-region claim against Cloudflare's published jurisdiction docs.
  • Operate entirely on private (local-only) workspaces if your data classification rules out any cloud sync.
  • Export any entity subtree to PDF / DOCX / Markdown / HTML for handoff to non-Glacivis users.

What's coming

  • Bulk export to .eln RO-Crate (Q3 2026).
  • Hash-chained audit log with class-tagged retention. (Phase 2 — substrate already in place.)
  • TOTP-based MFA on password accounts. (Phase 2.)
  • SAML SSO for institutional accounts. (Phase 5 — enterprise tier.)

Download Glacivis →