Privacy Policy
1. Overview & Commitment
ScholarNote is committed to protecting the privacy of users, authors, reviewers, and institutions. We do not sell personal data or monetize user behavior for advertising. This policy explains what data we collect, why we collect it, how we use it, and your rights.
2. Scope
This Policy applies to all ScholarNote websites, mobile apps, APIs, and integrations. Services with separate privacy terms will be identified in their module documentation.
3. Categories of Data Collected
- Account Data: name, email, role, institution, ORCID, contact details.
- Manuscript & Workflow Data: manuscript files, author metadata, reviewer reports, editorial decisions.
- Technical & Usage Data: IP addresses, device identifiers, user agent, session logs, feature usage.
- Payment Data: billing name and contact; payment cards are processed by third-party gateways (we do not store full card numbers unless explicitly authorized).
- Third-Party Data: data provided by institutions, identity providers (ORCID, Google), or partners.
4. Legal Basis for Processing (GDPR)
Where GDPR applies, we rely on the following lawful bases: (a) performance of a contract; (b) legitimate interests; (c) consent; and (d) compliance with legal obligations. Detailed legal bases are documented in our DPA for institutional customers.
5. How We Use Your Data
- To provide and maintain ScholarNote services, including manuscript processing and peer-review workflows.
- To perform authentication and identity verification (ORCID, SSO).
- To deliver system notifications, support, and billing communications.
- To improve the Service via aggregated analytics and product telemetry (non-identifiable where feasible).
- To comply with legal obligations and respond to lawful requests.
8. International Transfers
Where data is transferred outside your jurisdiction (e.g., outside the EEA), we use legal transfer mechanisms such as Standard Contractual Clauses (SCCs), binding corporate rules, or other appropriate safeguards.
9. Data Retention
Service data is retained for the period necessary to provide the Service and per institutional agreements. Upon account termination, data will be retained or deleted according to the subscription terms and applicable laws. Export and deletion requests can be initiated by institutional administrators or by contacting support@scholarnote.ac.
10. Users' Rights
Depending on your jurisdiction, you may have the right to access, correct, erase, restrict processing, export your data, or object to certain processing. To exercise rights, contact support@scholarnote.ac. We verify requests to protect privacy.
11. Security Controls & Breach Response
We implement technical and organizational measures including encryption at rest and in transit, role-based access control, logging, vulnerability management, MFA for admin accounts, secure backups, and periodic audits. In the event of a personal data breach, we will notify supervisory authorities and affected data subjects within legally required timelines (e.g., GDPR 72-hour requirement) unless a delay is permitted by law.
12. Children and Minors
ScholarNote is not directed to children. We do not knowingly process data of minors; if we discover such processing, we will take steps to delete the information and notify the relevant parties.
13. Changes to this Policy
Material changes to this Policy will be communicated to institutional contacts and users via email with reasonable notice. Continued use after changes indicates acceptance.
14. Contact, DPA & Data Protection Officer
For privacy inquiries, DPO requests, or to request a Data Processing Addendum (DPA), contact support@scholarnote.ac. Institutional customers may request a signed DPA and specifics on security attestations (SOC2, ISO27001) where available.