Privacy Policy

Information We Collect

Information You Provide

• Account Information: Name, email address, ORCID iD (optional), and password
• Profile Information: Research interests, affiliation, and profile photo (optional)
• Research Content: Reading history, bookmarks, annotations, notes, and folders
• Collaboration Data: Information about organizations, projects, and shared folders

Automatically Collected Information

• Usage Data: How you interact with PostPrint, features used, and time spent
• Device Information: Device type, operating system, browser type, and IP address
• Cookies: We use essential cookies for authentication and preferences. See our Cookie Policy for details

Browser Extension Data Collection

Important: The browser extension collects additional data to provide paper discovery features. This section explains exactly what is collected and why.

When you use the PostPrint browser extension, we collect additional information to provide paper discovery and management functionality:

Browsing Activity on Academic Sites

• URLs Visited: We collect URLs when you visit academic paper sites including arXiv.org, PubMed Central, CrossRef, bioRxiv.org, and PDF files from any domain
• Page Metadata: Page titles, referrer URLs, and timestamps of your visits to academic content
• Paper Identifiers: DOIs, arXiv IDs, PubMed IDs, and other scholarly identifiers extracted from visited pages

Note: We only track academic paper sites. Your general browsing history on non-academic websites is never collected or monitored.

User Actions and Interactions

The extension tracks the following user actions to improve the service and understand feature usage:

• Paper bookmarks added or removed
• Search queries performed within the extension
• Papers opened from the extension interface
• Extension popup opened or closed
• New tab page interactions
• Settings changes and preferences
• PDF processing requests
• Integration usage with academic sites
• Error events and technical diagnostics

Analytics and Session Recording

• PostHog Analytics: We use PostHog (a third-party analytics platform) to collect usage statistics, user behavior patterns, and feature adoption metrics
• Session Recordings: PostHog may record your interactions within the extension popup and new tab page (NOT your browsing activity on other websites). Session recordings capture:
  • Mouse movements and clicks within the extension interface
  • Extension interface navigation patterns
  • Feature usage within popup and new tab
• User Identity: PostHog receives your PostPrint user ID to link analytics data to your account
• Opt-Out: You can disable analytics and session recording in the extension settings

PDF Processing

• Metadata Extraction: When viewing a PDF, the extension may send the PDF to our servers to extract metadata (title, authors, DOI)
• PDF Storage: PDFs you save are stored on our servers to provide access across your devices
• Processing Consent: By using the extension's PDF features, you consent to upload and storage of PDF files

Local Storage

• Browser Storage: The extension stores preferences, authentication tokens, and cached metadata in your browser's local storage
• Offline Access: Locally stored data enables offline access to your reading history and extension functionality
• Storage Management: You can clear extension data through your browser's extension management interface or extension settings

Browser Extension Permissions

The PostPrint browser extension requires certain browser permissions to function properly. We are transparent about why each permission is needed:

Required Permissions

• storage: Store your preferences, authentication tokens, and cached data locally in your browser
• tabs: Detect when you navigate to academic paper sites, read page URLs and titles to identify papers, and open papers in new tabs from the extension interface
• Host Permissions (Academic Sites): Access and extract paper metadata from specific academic sites including:
  • arXiv.org (preprint repository)
  • ncbi.nlm.nih.gov (PubMed Central)
  • doi.org and *.crossref.org (DOI resolution)
  • biorxiv.org and medrxiv.org (preprint servers)
• Content Script on All URLs: The extension injects a lightweight content script on all pages to:
  • Detect PDF files opened in your browser
  • Extract paper identifiers from any academic site (not just the listed domains)
  • Provide "Save to PostPrint" buttons on paper pages

These host permissions are used ONLY to detect papers and extract metadata like DOI, title, and authors. We do not track your browsing behavior outside academic sites.

What We Do NOT Collect

• General browsing history on non-academic websites
• Passwords, form data, or personal emails
• Social media activity or personal communications
• Financial information or payment details

How We Use Your Information

We use your information to:

• Provide and maintain PostPrint services
• Manage your account and authenticate access
• Track and organize your reading history and notes
• Enable collaboration features with other users
• Send service updates and important notifications
• Improve our services and develop new features
• Ensure security and prevent fraud or abuse
• Analyze usage patterns to improve the browser extension experience

Data Storage and Security

Your reading history and notes are synced securely. We implement industry-standard security measures including:

• Encryption of data in transit (TLS/SSL)
• Encrypted storage of sensitive information
• Regular security audits and updates
• Secure authentication with password hashing
• Access controls and monitoring

Data Sharing and Disclosure

We never sell your personal information. Your name, email, and other identifying information are never sold to third parties. We only share your personal information in these limited circumstances:

• With Your Consent: When you explicitly share papers or collaborate with others
• Service Providers: Third-party services that help us operate (hosting, email, analytics) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or to protect rights and safety
• Business Transfers: In the event of a merger or acquisition (with notice to users)

Anonymized Data

We may use, license, or sell fully anonymized and aggregated data derived from user-generated content such as annotations and comments. This data is stripped of all personal identifiers and cannot be linked back to any individual user. Anonymized data may be used for research, analytics, or commercial purposes. Because this data is not personally identifiable, it falls outside the scope of personal data protection regulations.

Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Export: Download your papers, notes, and data
• Opt-out: Unsubscribe from non-essential emails and disable analytics tracking
• Object: Object to certain data processing activities

To exercise these rights, contact us at privacy@postprint.net

Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account:

• Your personal data is deleted within 30 days
• Shared content in collaborative spaces may be retained for other users
• Anonymized usage data may be retained for analytics
• Backups are deleted according to our backup retention schedule

Our Commitment to Privacy

We are committed to protecting user privacy and personal data. Our practices are designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We support user rights such as access, correction, and deletion of personal data, apply appropriate security safeguards, and use contractual protections when working with service providers or transferring data internationally.

Global Privacy Control (GPC) Support

PostPrint respects the Global Privacy Control (GPC) signal, a technical specification that allows you to exercise your privacy rights automatically across websites and services.

• What is GPC: GPC is a browser signal that communicates your preference to opt-out of data sharing and sale. Learn More
• How We Respond: When we detect a GPC signal from your browser, we automatically:
  • Disable non-essential analytics and tracking
  • Limit data sharing with third-party services to only what's necessary for core functionality
  • Honor your opt-out preferences without requiring manual configuration
• Enabling GPC: You can enable GPC in supported browsers like Firefox, Brave, or via browser extensions like Privacy Badger

GDPR Rights (European Economic Area)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: You may request a copy of the personal data we hold about you
• Right to Rectification: You may request that we correct any inaccurate or incomplete personal data
• Right to Erasure: You may request that we delete your personal data, subject to certain legal exceptions
• Right to Restrict Processing: You may request that we limit how we use your personal data
• Right to Data Portability: You may request a copy of your data in a structured, machine-readable format
• Right to Object: You may object to our processing of your personal data for direct marketing or legitimate interests
• Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time

Legal Basis for Processing: We process your personal data based on: (a) your consent when you sign up; (b) performance of our contract to provide services; (c) our legitimate interests in operating and improving our platform; and (d) compliance with legal obligations.

International Transfers: If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority in your country of residence.

CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request information about the categories and specific pieces of personal information we have collected, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions
• Right to Opt-Out of Sale: We do not sell your personal information. If this changes, you will have the right to opt-out
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

Categories of Personal Information Collected: Identifiers (name, email, ORCID); professional information (affiliation, research interests); internet activity (usage data, device information, browser extension data including URLs visited on academic sites, page titles, user actions, and PostHog analytics); geolocation data (IP address-based); and content you provide (papers, annotations, notes).

Business Purposes: We use personal information to provide and maintain our services, communicate with you, improve our platform, and ensure security.

Third Parties with Whom We Share Information: We share limited personal information with: (1) PostHog for analytics purposes (user ID, events, session recordings); (2) Cloud storage providers if you enable cloud sync; (3) ORCID, Crossref, and PubMed for paper metadata enrichment. We do NOT sell your personal information.

Browser Extension Data: The PostPrint browser extension collects URLs, page titles, and user actions on academic sites. This data is used to provide paper discovery and management features. California residents have the right to opt-out of this collection by disabling the extension or adjusting extension settings to limit data collection.

To exercise your CCPA rights, contact us at privacy@postprint.net. We will respond to verifiable requests within 45 days.

Children's Privacy

PostPrint is not intended for users under 13 years old. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it immediately.

Third-Party Services

PostPrint integrates with third-party services to provide functionality. These services have their own privacy policies:

Research Services

• ORCID: Researcher identification and profile integration — Privacy Policy
• Crossref: Paper metadata and DOI resolution — Privacy Policy
• PubMed/NCBI: Biomedical paper metadata — Privacy Policy
• Cloud Storage Providers: Optional integration for file storage (policies vary by provider)

Analytics and Infrastructure

• PostHog: Product analytics and session recording — Privacy Policy
  • Collects: User ID, events, session recordings (extension popup/newtab only)
  • Purpose: Feature usage analytics, user behavior analysis, product improvement
  • Data Location: PostHog Cloud (US-based)
  • You can opt-out in extension settings

We carefully vet all third-party services for security and privacy practices. We use contractual safeguards and data processing agreements where applicable to protect your information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice in the application. Continued use after changes constitutes acceptance.

Contact Us

If you have questions about this Privacy Policy, contact us:

• Email: privacy@postprint.net
• General inquiries: hello@postprint.net