Privacy Policy
Last Updated: December 18, 2025
Introduction
ScholarSync ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and associated services.
By using ScholarSync, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Personal Information
We collect the following personal information that you provide to us:
- Email Address: Used as your unique identifier and for account-related communications
- Institution and Department: Optional information to help you connect with colleagues
- Profile Information: Name, bio, and other optional profile details you choose to provide
Academic Content
We collect and store:
- Research Papers: URLs, titles, authors, abstracts, and metadata of papers you save
- Reading Lists: Names and organization of your custom reading lists
- Personal Notes: Your private notes, ratings (clarity, impact, usefulness), and annotations on papers
- Reading Status: Whether papers are marked as read or important
- Access History: Dates when you access or modify papers and lists
Usage Data
We automatically collect:
- Timestamps: When you create, modify, or access content
- Interaction Data: Which features you use within the extension
- Error Logs: Technical information to help us diagnose and fix issues
Social Features
If you use our collaboration features:
- Shared Lists: Papers and metadata you add to shared lists
- Follows: List of users you follow and users who follow you
- List Memberships: Information about shared lists you participate in
How We Use Your Information
Core Functionality
- Sync your research papers and reading lists across devices
- Enable collaboration through shared lists
- Provide paper organization and management features
- Display your personalized content
Account Management
- Authenticate your identity (via PIN)
- Maintain your account and preferences
- Respond to your support requests
Service Improvement
- Analyze usage patterns to improve features
- Debug technical issues
- Ensure security and prevent abuse
Communications
- Send important service updates
- Respond to your inquiries
- Notify you of account-related changes (only when necessary)
How We Store Your Information
Data Security
- Encryption: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
- Password Security: Your PIN is hashed using bcrypt with salt before storage
- Access Control: Your data is protected by authentication and only accessible to you
- Server Security: Data is stored on secure servers with industry-standard protections
Data Location
- Your data is stored on Railway cloud infrastructure
- We use SQLite/PostgreSQL databases with regular backups
Data Retention
- Active Accounts: We retain your data as long as your account is active
- Inactive Accounts: Accounts inactive for 2+ years may be archived or deleted
- Deleted Accounts: Data is permanently deleted within 30 days of account deletion request
How We Share Your Information
We DO NOT:
- ❌ Sell your personal information to third parties
- ❌ Share your private notes or reading lists without permission
- ❌ Use your data for advertising purposes
- ❌ Share your data with data brokers
We MAY Share:
- ✅ With Your Consent: When you explicitly choose to share lists or follow other users
- ✅ Shared Lists: Content you add to shared lists is visible to other list members
- ✅ Public Profiles: Profile information you mark as public (institution, department, bio)
- ✅ Legal Requirements: If required by law, court order, or government regulation
- ✅ Service Providers: With trusted third parties who help operate our service (e.g., hosting providers), under strict confidentiality agreements
Your Privacy Rights
Access and Control
You have the right to:
- ✅ Access Your Data: View all data we have about you
- ✅ Export Your Data: Download your complete data in JSON format
- ✅ Correct Your Data: Update or correct your profile and content
- ✅ Delete Your Data: Permanently delete your account and all associated data
- ✅ Opt-Out: Stop using shared features without deleting your account
- ✅ Withdraw Consent: Stop data collection by uninstalling the extension
How to Exercise Your Rights: Use the built-in data export/deletion features in the extension settings or contact our support team. We will respond within 30 days.
Cookies and Tracking
What We Use
- Session Tokens: To keep you logged in during your session
- Local Storage: To cache data for offline access and better performance
- No Third-Party Cookies: We do not use advertising or tracking cookies
Browser Permissions
Our extension requests the following permissions:
- Storage: To save your preferences and cache data locally
- Host Permissions: To extract paper metadata from academic websites
- Tabs: To detect when you're viewing research papers
- Identity: (Optional) For authentication purposes
Each permission is used solely for the stated functionality and not for tracking.
Third-Party Services
Services We Use
- Railway: Cloud hosting provider for our backend server
- GitHub: For extension updates and version control
These services have their own privacy policies. We encourage you to review them.
Academic Websites
When you use ScholarSync to save papers, the extension accesses public academic websites (PubMed, arXiv, ScienceDirect, etc.). We do not share your identity with these sites.
Children's Privacy
ScholarSync is intended for researchers, students, and academics. We do not knowingly collect information from anyone under 13 years of age. If you believe a child has provided us with personal information, please contact us immediately.
International Users
If you are accessing ScholarSync from outside your country, please note that your information may be transferred to, stored, and processed where our servers are located. By using our service, you consent to this transfer.
GDPR Compliance (EU Users)
If you are in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to data portability
- Right to object to processing
- Right to restrict processing
- Right to lodge a complaint with a supervisory authority
Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify you via email within 72 hours
- Describe the nature of the breach
- Explain steps we're taking to address it
- Recommend actions you should take to protect yourself
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the "Last Updated" date at the top of this policy
- Sending an email notification for material changes
- Displaying a prominent notice in the extension
Your continued use after changes constitutes acceptance of the updated policy.
Your Choices
Data Minimization
You can minimize data collection by:
- Only saving papers you truly want to keep
- Not using optional features (shared lists, follows)
- Not providing optional profile information
Uninstall
You can stop all data collection immediately by:
- Uninstalling the ScholarSync extension
- Requesting account deletion via support
- All your data will be permanently deleted within 30 days
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your data, please reach out to our support team.
Response Time: We aim to respond to all inquiries within 48 hours.
Compliance
We comply with:
- General Data Protection Regulation (GDPR) - EU
- California Consumer Privacy Act (CCPA) - USA
- UK Data Protection Act 2018
- Chrome Web Store Developer Program Policies
Transparency
We believe in transparency. This privacy policy is written in plain language to ensure you understand:
- What data we collect
- Why we collect it
- How we protect it
- Your rights regarding it
By using ScholarSync, you acknowledge that you have read and understood this Privacy Policy.