Privacy policy
Last updated July 7, 2026
The short version
- Reading requires no account, and we do not track readers individually.
- We collect what an account needs to work: email, display name, password hash.
- The only cookie we set is the session cookie that keeps you signed in.
- Pseudonymous publishing is supported. Your email is never shown publicly.
- We do not sell personal data and we do not run third-party advertising.
- You can export your work and delete your account at any time.
1. What we collect
We collect three kinds of data:
- Account data: your email address, display name, and a hash of your password.
- Content: papers, comments, and everything else you choose to publish.
- Technical logs: IP address, browser type, and request data, kept briefly for security and debugging.
Aggregate read counts are not tied to reader identities. We run no third-party analytics and no advertising trackers.
2. What we use it for
Running the platform: authenticating you, showing your byline the way you chose, counting reads in aggregate, and sending the emails you ask for, such as account recovery. Technical logs support security work like rate limiting and abuse prevention.
Nothing else. No profiling, no ad targeting, no sale of data.
3. Cookies
Reading signed out sets no cookies. Signing in sets one session cookie so you stay signed in; it is essential to the service and holds no tracking identifiers. There are no third-party cookies.
4. Pseudonymity and your byline
Your display name is the only identity shown with your work. Changing it applies everywhere, including past papers and comments. We do not verify real names and do not require them. Your email address is never shown publicly and never shared with other users.
5. Sharing
Published papers and comments are public by design and carry the license you chose. Search engines and archives may index them; that is the point of open access.
Personal account data is shared only with the processors needed to run the service, currently our hosting, database, and email providers, and when the law requires it. We do not sell personal data. If we receive a legal demand for your data, we will notify you unless the law forbids it.
6. Retention and deletion
While your account is active, we keep your account data and content. Technical logs are kept for thirty days.
When you delete your account, your email, password hash, and settings are removed immediately. Published papers are covered by the permanence commitments in the open access policy: before deleting your account you can unpublish your papers, or leave them up under their open license, attributed to your display name.
7. Your rights
You can access, correct, and export your data, and delete your account, by request through the contact page. We answer requests within thirty days. Jurisdiction specifics, including GDPR and CCPA details, are pending legal review.