Privacy policy

This Privacy Policy describes how Astera Institute (“Astera,” "we," "us," or "our") collects, uses, and shares personal information when you use The Stacks, an online research and publishing platform operated by Astera Institute. ## Information we collect ### Information you provide - Account registration details (name, email) - Profile information - Submitted content and metadata - Communications with us ### Automatically collected information - Log data (IP address, pages visited, timestamps) - Device and browser information - Cookies and similar technologies - Telemetry required for operating an open-source service ### Analytics data We use privacy‑respecting analytics tools to understand how users interact with the Service. We may also use analytics services (such as Google Analytics). These providers act as our service providers and process data on our behalf. These tools collect information such as page views, session duration, and referrer URLs. Users may opt out of non-essential analytics via our cookie banner. Google may use tracking technologies to collect or receive data from the Service and use it to provide measurement services. You can learn more about how Google Analytics processes data at: [https://policies.google.com/technologies/partner-sites](https://policies.google.com/technologies/partner-sites) ## How we use information Where required by applicable law, we process personal information on the basis of legitimate interests in operating and improving the Service, user consent, or other lawful bases permitted under applicable data protection laws. We use the information we collect to: - Provide and operate the Service - Improve features and performance - Personalize content - Communicate with you about updates, support, and features - Ensure safety, integrity, and compliance - Maintain a permanent scholarly record of published contributions and associated metadata - Detect, investigate, and prevent harmful or unlawful behavior ## Cookies and tracking technologies We use cookies to: - Enable essential functionality - Maintain login sessions and user preferences - Support analytics (including Google Analytics, if enabled) You can manage cookie preferences through your browser and through our cookie banner. Non-essential cookies are disabled without user consent where legally required. ## How we share information We may share information with: - Service providers that assist with hosting, analytics, support, or platform functionality. These providers may include cloud infrastructure providers, content delivery networks, analytics providers, and software vendors that help operate the platform. - Legal authorities when required by law - Other users, through publicly available published content We do not sell personal data. We may redact or de-identify personal data contained in user submissions when necessary to comply with legal obligations or protect safety. ## Legal bases for processing Where the GDPR applies, we process personal data under one or more of the following legal bases: - Contract necessity (e.g., account creation and operation) - Legitimate interests (e.g., Service security, moderation, analytics necessary for operations) - Consent (e.g., non-essential cookies) - Public interest in maintaining a scholarly record - Scientific or historical research purposes ## Data retention We retain personal information only as needed for operational, legal, or safety purposes. Published content is retained indefinitely due to persistent identifiers and for the public-interest purpose of maintaining the scholarly record, including where permitted under research, archival, or public-interest exceptions under applicable data protection laws (such as GDPR Article 89). Where deletion of public comments or contributions is requested, we may remove identifying information and pseudonymize or de-identify the author while retaining the content itself, where permitted by applicable law, in order to preserve the scholarly and research record ## Your rights Depending on your jurisdiction, you may have rights including: - Access to your personal data - Correction or deletion (except for published content and subject to legitimate archiving or research exceptions) - Objection or restriction of processing - Data portability We honor these rights where required by applicable law. Residents of certain jurisdictions, including California, may have additional rights under applicable law such as the right to request disclosure of categories of personal information collected or shared. If we deny a deletion request due to public-interest archiving, we will explain the legal basis and may offer pseudonymization instead. Individuals located in the European Union may have the right to lodge a complaint with their local supervisory authority. ## International users If you access the Service from outside the U.S., your information may be transferred to and processed in jurisdictions with different data protection laws. Where legally required (e.g., GDPR), we rely on mechanisms such as Standard Contractual Clauses, supplemented by appropriate technical, organizational, and contractual safeguards. ## Data security We implement reasonable administrative, technical, and physical safeguards to protect user information. However, no system is completely secure. User Content may include publicly accessible components outside our control (e.g., links to third-party repositories), and we are not responsible for those environments. ## Children’s privacy The Service is not intended for children under 16, and because content submitted to the platform may become publicly accessible, users should not submit personal information about children. We do not knowingly collect personal information from children. ## Changes to this policy We may update this Privacy Policy periodically. If we make material changes, we will provide notice on the Service. ## Contact us For questions about this Privacy Policy, contact us at .