Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

• Account and profile data, such as your name, institutional email address, password hash, handle, display name, affiliation, biography, profile photo, and professional links.
• Content and files you submit, including projects, documents, PDFs, references, comments, posts, collaboration applications, and other materials you choose to upload or publish.
• Communications you send to us or through the Service, including support requests, verification requests, notifications, and email correspondence.
• Billing and subscription information if you purchase paid features, such as plan selection, billing contact details, invoices, payment status, and transaction identifiers. We do not store full payment card numbers.

1.2 Information We Receive from Other Sources

• If you sign in through a third-party identity provider, we may receive basic profile information and your email address from that provider.
• We may receive payment confirmations, subscription status, or transaction metadata from payment processors.
• We may receive information from collaborators, institutions, or administrators when they add you to workspaces or manage account-related permissions.

1.3 Information Collected Automatically

• Log and device data, such as IP address, browser type, operating system, timestamps, referring URLs, and basic request metadata.
• Usage data, such as features accessed, actions taken, page views, session activity, and security events.
• Cookie and session data used to keep you signed in, secure the Service, remember preferences, and prevent abuse.
• Technical metadata associated with uploaded files and processing workflows, such as filenames, MIME types, storage paths, processing status, and related diagnostic records.

1.4 Derived and Generated Data

• We may generate derived data from content you submit in order to provide the Service, such as previews, extracted citations or references, parsed metadata, search indexes, and troubleshooting artifacts.
• Derived data may include raw processing outputs necessary to debug parsing, conversion, storage, or synchronization issues.

2. How We Use Your Information

• To create and manage your account and authenticate your identity.
• To provide, host, operate, secure, maintain, and improve the Service.
• To store, display, process, and transform the content and files you submit, including creating derived artifacts such as parsed references, previews, and metadata needed for product functionality.
• To send transactional emails and other service communications, such as verification, password reset, billing, account, and security notices.
• To administer subscriptions, invoices, and payment-related workflows.
• To enforce our Terms of Service and applicable policies.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

We do not sell personal information, and we do not use your personal information for third-party advertising or cross-context behavioral advertising.

3. How We Disclose Information

We may disclose information in the following circumstances:

• With your consent: when you explicitly agree to share information.
• With other users, collaborators, or institutions: when your account settings, project permissions, publication choices, or workspace roles make content visible to them.
• Service providers: vendors that help us operate the Service, such as cloud hosting and storage providers, authentication providers, email delivery providers, and payment processors.
• Legal requirements: when required by law, regulation, or valid legal process.
• Safety and enforcement: to protect the rights, property, or safety of StuVe, our users, our service providers, or the public, and to investigate violations of our terms or policies.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to applicable confidentiality and legal requirements.

We disclose only the categories of information reasonably necessary for the relevant purpose.

4. Visibility of Profiles, Projects, and Content

Depending on the feature and the visibility or permission settings you select, your display name, handle, profile details, public or institutional content, collaboration listings, and materials shared in workspaces may be visible to other users or, for designated public content, to broader audiences. Private workspace materials are intended to be visible only to authorized users, subject to administrative, legal, and security access needs.

5. Cookies and Similar Technologies

We use essential cookies and similar technologies to authenticate users, maintain secure sessions, support sign-in flows, remember necessary preferences, and help protect the Service from abuse. These may include session cookies, CSRF or security cookies, and related authentication tokens. We do not use advertising cookies.

6. Data Storage, Security, and Retention

Your data is stored using service providers selected by StuVe LLC, including Google Cloud infrastructure and other operational vendors. We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information, including:

• Passwords stored using bcrypt hashing with a cost factor of 12.
• Data in transit protected by TLS encryption.
• Files stored in private Google Cloud Storage buckets with signed URL access.
• Rate limiting and related controls on authentication and security-sensitive endpoints.

No method of transmission, storage, or processing is completely secure. We retain personal information for as long as reasonably necessary to provide the Service, maintain records, resolve disputes, enforce agreements, comply with law, and support security, backup, and recovery processes. Retention periods may vary depending on the data type and legal context.

7. International and Cross-Border Processing

StuVe LLC operates in the United States and may process or store information in the United States or other jurisdictions where we or our service providers operate. By using the Service, you understand that your information may be transferred to and processed in countries that may have data protection rules different from those in your place of residence.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or request restriction of certain processing.
• Request information about categories of personal information we collect, use, disclose, or retain.
• Withdraw consent where processing is based on consent.

You can also update certain account and profile information from within the Service. To exercise privacy rights that are available to you, contact us at privacy@stuve.app.

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without appropriate authorization, we will take steps to delete that information as required by applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at: privacy@stuve.app