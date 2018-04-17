Privacy Policy

1. Introduction

PubPub (“Company,” “we,” “us,” or “our”) is an open-source publishing platform run by the nonprofit organization Knowledge Futures, Inc. that values your privacy. In this Privacy Policy (“Policy”), we describe what information we collect from you as a user of our Site or Service, why we collect and use it, and how you can manage and delete your data.

1.1 Definitions

“Personal Information” refers to (i) any information that identifies, relates to, describes, is reasonably capable of being associated with you, or could reasonably be linked, directly or indirectly, with you, and (ii) any information that is associated with you and thus could potentially be used to identify or reidentify you, including when combined with other information from or about you. For the avoidance of doubt, PubPub defines Personal Information broadly, and our definition includes “personal data” as this term is used in the EU General Data Protection Regulation and “personal information” as it is used in the California Consumer Protection Act. Personal Information does not include (i) information that has been aggregated, excerpted, anonymized, or otherwise deidentified to the point at which an individual can no longer be identified or reidentified using reasonable efforts, technology, and resources and (ii) contact information that is routinely made available in a professional capacity to facilitate business and professional communications, such as the information ordinarily found on a business card, website profile, or CV, when used solely for purposes of professional and business communications.

“Site” refers to our website, which includes all pages within the pubpub.org host directory and subdomains, all pages hosted on PubPub servers regardless of domain (including but not limited to Journal pages).

“Service” means our services available through our Site and any mobile applications we may provide.

Data Controller

When this Policy mentions “PubPub,” “Company,” “we,” “us,” or “our,” it refers to PubPub. PubPub is the data controller and responsible for your information under this Policy. The following is our contact information:

PubPub

℅ Knowledge Futures, Inc.

245 Main street

Floor 2

Cambridge, MA 02142



By visiting the Site, or using any of our Service, you agree that your Personal Information will be handled as described in this Policy. Before using the Service or submitting any Personal Information to us, please review this Privacy Policy carefully and contact us at [email protected] if you have any questions. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service. Your use of our Site or Service, and any dispute over privacy, is subject to this Policy and the relevant Terms of Service, including any applicable limitations on damages and provisions for the resolution of disputes.

2. Information We Collect

We ask for and collect information about you when you use our Site or Service. We collect this information directly from you, from third parties, and automatically through your use of our Site or Service.

2.1 Information we collect directly from you

We collect Personal Information when you register or access the Site. The Personal Information collected during these interactions may vary based on what you choose to share with us. To register, you must submit your email address to the Site and a password that you create for user authentication purposes. We also ask you to provide a first and last name, but you may use a pseudonym if you wish. We will only record your email address when you submit it to us as part of the user registration process, our newsletter signup process, or if you send us a message. We do not collect your age or other age-related information.

2.2 Information we collect automatically

When you visit our Site, we may automatically collect and log the following information about your use of our Site or Service through cookies and other technologies: your domain name; your browser type, device name, and operating system; the URLs you requested to access; the dates, methods, and the status code of requests; your IP address; the time, frequency, and length of time you visit our Site or use our Service; the number of bytes transferred; or the URLs of pages that referred you to the Site.

2.2.1 Web Server Logs

When you visit the Site, our web server may record some automatically collected information described in Section 2.2 in its server log. We use server log information to help diagnose problems with our server and to administer our Site by identifying which parts or features of our Site are most heavily used. We also use this information to tailor Site content to user needs and to generate aggregate statistical reports. Web server logs are retained on a temporary basis, during which time their contents are accessible to Site administrators, and then deleted completely from our systems. Unless required by legal process, we do not link IP addresses to any Personal Information. This means that user sessions will be tracked by IP address, but a user’s identity will remain anonymous.

2.2.2 Cookies and similar technologies

2.2.2.1 Cookies

We and our third-party service providers may use cookies, to track information about your use of our Site and Service. Cookies are alphanumeric identifiers that we store on your computer or mobile device. Some cookies allow us to make it easier for you to navigate our Site and Service, while others are used to enable a faster login process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies.

Session Cookies. Session cookies exist only during an online session. They disappear from your computer or device when you close your browser or power off your computer or device. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site. Persistent Cookies. Persistent cookies remain on your computer or device after you have closed your browser or turned off your computer or device. We use persistent cookies to track aggregate and statistical information about user activity.

2.2.2.2 Disabling Cookies

Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Separately, you may opt out of our non-essential cookies by following this link. Visitors to our Site who disable cookies will not be able to browse certain areas of the Site or use the Service.

2.2.2.3 Other Websites

Other websites. This Site may contain links to and embeds of other websites. The websites to which the Site links may also install cookies on your computer, log your access to their web pages, or collect user-identifying information directly from you, once you proceed to browse those websites. We are not responsible for the privacy policies of other websites to which the Site provides links. Please visit the relevant websites to review their privacy policies.

2.2.3 "Do Not Track" Signls

Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies), but such disabling will impair use of the Site and Service.

2.3 Legal basis for processing of Personal Information

Where required by applicable law, we rely on certain legal bases for our collection and processing of Personal Information, including your consent, necessity to perform a contract, or our legitimate interest. In the case of Personal Information collected to contact you with information and updates about the Company, we rely on your consent and our legitimate interest.

2.4 User-generated content

The Site allows registered users to post content, images, multimedia presentations, and other scholarly works, as well as reviews, comments and other user-generated content in certain areas. The content you post will be available for all registered users to view and will identify you as the poster by the user name you have selected. If you do not wish to be identified as the source of content you post to the Site, you should select a pseudonymous user name. We create a profile page for each registered user. The profile pages are public-facing. By default, the profile page includes your user name and information about your posted content and other activities on the Site. You may (but do not need to) augment your profile page with additional information, including a picture.

We do not control the content added by you to our Site and Service during your use of our Site and Service. For example, videos you may choose to embed as a part of your content on our Site and Service may include third-party trackers. You are agreeing that you will be responsible for any such additions, inclusions, or any other embedded content.

2.5 Children’s Data

Our Site and Service are intended for general audiences and not for children under the age of 13.

If you are under the age of 13, you may not use our Site or Service unless we receive prior verifiable consent from your parent or legal guardian in accordance with the Children’s Online Privacy Protection Act (COPPA). If we discover that our Site or Service has collected the Personal Information of a child under the age of 13, we will notify the child’s parent or legal guardian and we will seek verifiable consent for that information from the child’s parent or legal guardian in a manner consistent with COPPA requirements.

You must be old enough to consent to the processing of your Personal Information in your country (depending on your country, we may allow your parent or guardian to do so on your behalf). If you are a resident of the European Union, you must be at least 16 years old to use the Site or Service, unless we receive a prior verifiable consent from your parent or legal guardian.

If you are a parent or guardian and discover that your child under the age of 13 has submitted Personal Information to us without your prior, written consent, then you may alert us at [email protected] and request that we delete that child’s Personal Information from our systems.

3. How We Use Information We Collect

We use your information for the following purposes:

3.1 Provide our service

We use your information to provide our Site and Service, communicate with you about your use of our Site and Service, to respond to your inquiries, and for other customer service purposes.

3.2 Improve and develop our services

We use your information to ensure our Site and Service are working as intended, to analyze how users access and use our Site and Service, both on an aggregated and individualized basis, to maintain and improve the content and functionality of our Service, to develop new Service, and for other research and analytical purposes. For example, we may elect to conduct internal programming analytics of anonymized user-generated content.

3.3 Offer promotions

We use your information for marketing and promotional purposes. For example, we may use your information, such as your email address, to send you news, promotions, or to otherwise contact you about information regarding the Service or information we think may interest you. When you submit your email address to the Site during registration, we will ask you whether you want to receive periodic announcements from the Site by email. Accepting emailed announcements is entirely optional and not a condition of registration, and you may change your email settings at any time to subscribe or unsubscribe to these mailings.

3.4 Fraud prevention and compliance

We use your information to prevent fraud, criminal activity, or misuses of our Site and Service, and to ensure the security of our IT systems, architecture and networks. We also may use your information to comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or other third parties.

4. How We Share And Disclose Your Information

4.1 Sharing with your consent

Where you have provided consent, we share your information, including Personal Information, as described at the time of consent and only for the purpose for which you have provided your information to us. We will not sell, lend, or disclose to third parties any Personal Information collected from users, except as described in this Policy.

4.2 Affiliates

We may disclose the information we collect from you to our affiliates solely for the purpose of providing Service to you; however, if we do so, their use and disclosure of your Personal Information will be maintained by such affiliates in accordance with this Policy.

4.3 Service providers

We may disclose the information we collect from you to third-party vendors, service providers, contractors, or agents who perform functions on our behalf, including, but not limited to, providers of hosting services, cloud services and other information technology services providers, email communication software and email newsletter services, and payment processors. Pursuant to our instructions, these parties may access, process or store Personal Information in the course of performing their duties to us. These parties will be prohibited from using or sharing Site user information for any purpose other than performing functions on our behalf.

4.4 In response to legal process

We ordinarily do not disclose to third parties Site usage by individual IP addresses, but we may do so without further notice to you in very limited circumstances when complying with the law, a judicial proceeding, court order, or other legal process, working with consultants assisting us with fixing or improving the Site, or monitoring and improving the security of our network.

4.5 To protect us and others

We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of this Policy, of any relevant Terms of Use, or as evidence in litigation in which we are involved.

4.6 Aggregate and De-identified information

We may share aggregate or de-identified information about users with third parties and publicly for marketing, advertising, research, or similar purposes.

Please note that except as noted above, we will not sell or share your Personal Information with any third party for their direct marketing purposes without your consent.

5. Third-Party Analytics

PubPub uses Heap, a third-party analytics service. Heap collects anonymous information from users to help us track Site usage and referrals from other websites. Information collected and processed by Heap includes the user’s IP address, network location, and geographic location. Heap acquires all its information directly from the user, by installing a cookie on JavaScript-enabled computers.

We use the information collected by Heap to perform Site usage analytics through storing, aggregating and summarizing information about user behavior on our platform. We do this to optimize the website experience for our visitors, to help our engineering team make product decisions, and to help communities who use our service to measure the performance of their content. If you allow us to enable Heap while you browse, we will send requests to Heap’s servers containing things like the URL of the current page, your browser version, and your IP address. If you're logged in, we will also send your PubPub user ID, which is made of random letters and numbers.

We will never send Heap any identifying information such as your name, affiliation, or email address.

We do not share with Heap or other third parties any Personal Information, and Heap does not collect any personal identifying information.

For more information about Heap, please visit https://heap.io/tos/.

6. Third-Party Links

The Site may contain links to other websites not operated or controlled by us, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Policy. By providing these links we do not imply that we endorse or have reviewed these Third Party Sites and we are not responsible for the information practices of such Third Party Sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

7. Your Rights

In certain circumstances, providing Personal Information is optional. However, if you choose not to provide Personal Information that is needed to use some features of our Service, you may be unable to use those features.

7.1 Rights relating to my Personal Information

You may request access, modification, or deletion of Personal Information that you have submitted to us by contacting us at [email protected]. For example, you may ask us to correct, update, or delete your Personal Information. We will reply to and honor such requests to the extent required by law. We may need to retain some information in order to comply with law, and to defend or exercise our legal claims. Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages of the Site for a period of time.

EU residents may also request to exercise certain additional rights under the General Data Protection Regulation (“GDPR”) to restrict processing (Art. 18), request data portability (Art. 20), and object to certain processing (Art. 21). We will respond to such requests in the time period and to the extent required by the GDPR. Such requests can be made by contacting us at [email protected].

7.2 Non-U.S. Users

If you use the Site or Service outside of the United States of America, you consent to having your Personal Information transferred to and processed in the United States of America, which may have less protections than your jurisdiction of residence.

7.3 What choices do I have regarding use of my Personal Information for marketing?

We may send periodic promotional or informational emails to you if you have signed up for such information on the Site. You may opt-out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt out of receiving emails about recommendations or other information we think may interest you, we may still send you e-mails about your account or any Service you have requested or received from us.

7.4 Data retention

We, generally, retain Personal Information as long as necessary to fulfill the purposes for which the Personal Information was collected, including for as long as you use our Service. We may continue to retain such Personal Information even after you cease to use any particular Service, as reasonably necessary to comply with applicable laws and our legal obligations, resolve disputes, prevent fraud and abuse, enforce our agreements, and protect our legitimate interests.

8. Security of Your Personal Information

You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect your Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction. However, no system or electronic transmission is ever fully secure, impenetrable, or error free. In particular, e-mail sent to or from us may not be secure. We cannot completely guarantee the security of our database, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Information to us via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.

We have implemented commercially reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee 100% security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

9. Changes to this Privacy Policy

This Policy is current as of the Effective Date set forth above. As we periodically review our security measures and Privacy Policy, the Service may change from time to time. As a result, we may change this Privacy Policy at any time, so please be sure to check back periodically. We will post any changes to this Policy on the Site, unless another type of notice is required by the applicable law. If we make any changes to this Policy that materially affect our practices with regard to the Personal Information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or if you have an account with us, providing notice to the email address in your account (for this reason you should make sure to update your account information promptly if it changes). By continuing to use our Service or providing us with Personal Information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.

10. Contact Us

If you have questions or complaints about this Privacy Policy or our information practices, please contact us at [email protected]. If you are an EU resident and believe our processing of your Personal Information violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work, or the place of the alleged violation.