We, Paperpile LLC, build productivity software to help you manage your academic literature. Our goal is to provide the best service of its kind. We are convinced that that's only possible by taking your privacy seriously and being transparent about it. That's what this document is about. It lays out our policies regarding what information we collect about you, how we use, process, and protect this information and what rights you have to control this information.
If you do not agree with this Policy, do not access or use our Services.
These "Services" include but are not limited to our:
The amount and type of information that we collect depends on the nature of the interaction with our Services. We are not in the business of collecting and selling information. In each case, we collect only the minimum amount of information necessary or appropriate to fulfill the purpose of your interaction with our Services.
For example, you can browse our websites anonymously but we ask for your email address when you sign up for a trial of our web-application, and we ask for your billing information when you subscribe to a paid subscription.
Some of the information we collect is directly and actively provided by you. You can always refuse to supply any of this information, with the caveat that it may prevent you from using some of our Services.
Some information is collected automatically when you interact with our Services:
Website visitor logs: Like most website operators, we collect information of the sort that web browsers and servers typically make available, such as the date and time of the visit, the Internet Protocol (IP) address, the browser type, language preference, referring site.
Usage information: We collect information about your interaction with our Services. For example, we track which features you use, which elements in the user interface you click on, or from which sources you add references to your library.
Device information and crash data: We collect information about the device you use to access our Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. What kind of information is collected depends on the type of the device and its settings.
Other users of the Services: Other users of our Services may provide information about you when they submit content to the Services. For example, a collaborator may mention you in a comment on a PDF file or shares content with you via your email address. The administrator of a group or institutional subscription may invite you to use the Services.
Third parties: We may receive information about you and your activities on and off the Services from third-party partners, such as advertising and analytics services (see Third Party Service Providers) who provide us with information about your interest in, and engagement with, our Services and online advertisements.
We only collect and use your information if:
In the following we explain in more detail and with examples how we use your information.
To operate the Services: We use your profile information and cookies to identify you and allow you to build your personalized library of academic literature. If you choose to collaborate with others, we use your email, name and profile picture to identify you to your collaborators (e.g. when you comment on an article). We may identify your affiliation from the domain of your email address in case you are eligible for an institutional subscription. We process the content and files you provide to us with the goal to present them to you in the most useful way (e.g. organized, searchable, synced across devices, ...)
To improve our Services and help research for new products and features: All software has bugs and our goal is to fix them as quickly as possible. We use crash data to identify and analyze problems. We combine this information with usage information to find out what actions triggered a problem. We collect usage information to understand which features of our Services are used and how. It informs us how to allocate our resources (e.g. we want to spend more resources on improving popular features and remove features that are not used). We use some Third Party Service Providers like Google Analytics, MixPanel and Bugsnag for this purpose, which require cookies for their functionality.
To communicate with you about the Services: We use your email address to send you information that's essential during your use of our Services. For example, on sign-up we send you your account information and instructions how to sign-in; when you sign up for a paid subscription we send you payment confirmations and receipts. In addition to these automatic messages sent automatically by our applications, we may send you technical notices about service interruptions due to planned maintenance, security alerts, and other administrative messages. Some of these messages are essential for the Services and cannot be opted out (you can always delete your account).
To educate, market, promote, and drive engagement with the Services: We offer a variety of different products with hundreds of individual features around a common topic of academic productivity. We use your email address to send you information about how you can make the most out of our Services and your paid subscription. We may send you messages on how to get started after signing-up with our products; about features you may not be aware of but which are likely to be useful for you; about new features or products we recently added; or other topics, which we think enhance your experience with our Services and are of interest to you (e.g. company events such as local user group meetings, current promotions like coupon codes, new content on our blog).
You always can opt out of these messages either by clicking the provided unsubscribe link in the email or in your account settings.
To provide customer support: We use your contact and profile information to respond to your requests. We use crash data, usage information and any other information you provide us (e.g. screenshots) to understand and help you with your problem.
To protect the safety and security of the Services: We use some of the information we collect (e.g. website visitor logs, IP addresses, device identifiers, cookies, usage information, cookies, device identifier) to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
We do not share or disclose any of your information with others except in some limited and well-defined scenarios:
For collaboration: The academic workplace is inherently collaborative and it's our goal to make it easy for you to collaborate with your colleagues. You can choose to share some of your information stored in our Services with others. You can share references, citations, notes, files and other content with other users of our Services or in some cases with the public (e.g. public reading lists). Sharing content may also disclose your profile information (email, name, profile picture).
Administrators of group and institutional subscriptions: To use some our Services you need a paid subscription (after a free trial period). If you use our Services through a group or institutional subscription provided by your employer or school, we share some of your information with the administrators of this subscription. This information only includes some basic profile information and limited usage information necessary to manage a group or institutional subscription and monitor its usage.
In aggregate and de-identified form: We may disclose information if aggregated or de-identified so it is no longer associated with an identified or identifiable person. For example, we may publish usage statistics like the average number of stored articles per user on our blog or share it with potential new customers for marketing purposes.
With your consent: We may disclose your information with your consent. For example, we publish testimonials and case studies on our website that include name, affiliation and photographs of the customer.
To comply with laws, to enforce our rights, prevent fraud and for safety: In exceptional circumstances, we may disclose your information when required to do so by law, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of our company, third parties or the public at large.
Paperpile takes all measures reasonably necessary to protect against the unauthorized access, disclosure, use or loss of your information. However, given the nature of communications and information processing technology, we cannot guarantee absolute security of that information, during transmission through the Internet or while stored on our systems or otherwise in our care.
We store and process your information in data centers in the
US and EU using infrastructure provided by Amazon Web
Services (1200 12th Avenue South, Suite 1200, Seattle, WA
98144, USA) the industry leading cloud infrastructure
provider. For additional redundancy, we create regular backups
of all information through MongoDB Cloud Services
(229 W 43rd Street
5th Floor, New York, NY 10036, USA). Amazon Web Services and MongoDB Cloud Services are compliant with the EU General Data Protection Regulation and EU-US Privacy Shield and Swiss-US Privacy Shield (see How we transfer information internationally)
If you delete your account or instruct us to delete your information, we will delete your profile information, your content stored in our Services and other information we have collected from you. We try to make sure the deletion process is simple, fast and complete. Please note some important details of our data retention policy:
Legal requirements: We will retain some minimal information required as necessary to comply with legal obligations or to resolve disputes (e.g. for tax audits or to handle refunds after a customer has deleted his or her account).
Usage information: We may retain some usage information in de-identified form to be included in aggregate statistics.
Shared content: In most cases, we will delete your content independent of whether you have shared it with others or not (e.g. a public reading list will be deleted when you delete your account). However, we do not delete information you shared if it leads to problems for other users using the Services (e.g. you have added a citation to a shared manuscript and deleting it would render the bibliography invalid; or you have commented on another users' PDF file and deleting the comment would make the conversation meaningless).
Group and institutional subscriptions: If you are using our Services through a group or institutional subscription some basic profile information will remain available to the administrator.
Backups: We delete your information immediately from our main databases, but it can take some time until the information is deleted from our backups. Those backups are stored separately from our main database and it's technically not possible to delete individual data records from them. Your information will be deleted within a reasonable timeframe as part of our routine backup deletion schedule.
The type and amount of information we collect depends on how you interact with our Services. You can always decide not to use our Services or only a subset of our Services and features.
You have the right to request a copy of your information, to object to our use of your information (including for marketing purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format.
You can exercise some of these rights by using the settings and tools in our Services or by contacting us (see Contact ). We will respond to requests about your Privacy within a reasonable timeframe.
Here is a summary of some ways to access and control your information:
Access and update: You can always sign in to your account and view your information (your references, citations, files, notes) which we have stored for you. Most of the information can be directly edited or deleted. Some of our services use profile information from your Google Account and cannot be changed directly from within our Services (you need to update your profile in your Google account).
Delete: You can choose to delete your account at any time in your account settings or by contacting us. We will delete your information from our systems. Please note, however, that we may retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations (see How long we keep the information).
Transfer: You can export the information stored in our Services and use it with other software. We provide structured, machine-readable exports of your bibliographic data in two common industry standards RIS and BibTeX. Unfortunately, there is no common agreed upon data exchange format that covers all types of information stored in our Services (like labels, folders or notes). So, while we try hard to provide useful data exports that can be directly imported to other software, it's not possible for all data and with all software. To make data transfer easier in that cases, we provide all data not included in RIS or BibTeX data files also as JSON formatted data file, another structured machine-readable format.
Opt out of communications: You can opt out of receiving promotional messages by using the unsubscribe link within each email, changing your account settings or contacting us. Some non-promotional messages (see How we use the information) are required for the Service and you will receive such transactional messages unless you stop using and delete your account.
Disabling and deleting cookies: You can instruct your browser to delete existing cookies and stop accepting cookies. If you do not accept cookies, however, you may not be able to use all aspects of our Services. To opt out of receiving personalized advertising see Third Party Service Providers and visit http://www.aboutads.info, http://optout.networkadvertising.org/ and http://www.youronlinechoices.eu.
We may transfer your information to countries other than the one in which you live. We deploy the following safeguards if we transfer information originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
Under the EU-US and Swiss-US Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.
If you are a resident of a European country participating in the Privacy Shield and you have not received timely response to your concern, or we have not addressed your concern to your satisfaction, you may seek further assistance, at no cost to you, from JAMS (https://www.jamsadr.com/eu-us-privacy-shield), which is an independent dispute resolution body in the United States.
Under certain conditions, more fully described on the Privacy Shield website including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
European Union Model Clauses: In certain cases, we will transfer information from the EU in accordance with the European Commission-approved Standard Contractual Clauses, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087.
We disclose some of your information with, and receive some of your information from, selected third parties. We limit the amount of information being disclosed depending on the nature of the service. We only work with Third Party Service providers who strictly adhere to the General Data Protection Regulation of the European Union and the EU-US Privacy Shield and Swiss-US Privacy Shield.
Intercom: Customer relations and support (Intercom Inc. 55 2nd Street, San Francisco, CA 94105, USA)
MailChimp and Mandrill: Transactional and promotional email (The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308, USA)
Stripe: Payments and billing (Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA)
Bugsnag: (Bugsnag, Inc., 939 Harrison St., San Francisco, CA 94107, USA)
Mixpanel: Analytics (Mixpanel, Inc., 405 Howard St., 2nd Floor, San Francisco, CA 94105, USA) Opt out
Facebook: Advertisting (Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025) Opt out
Our Services are not directed to individuals under 16. Please contact us (see Contact) for questions on age restrictions and use of our Services in schools. Depending on local privacy laws, additional privacy policies might apply.
Also use this contact address if you are seeking to exercise any of your statutory rights under the EU General Data Protection Regulation.
28 Glenwood Ave #2
Cambridge, MA 02139
Residents from the EU also can contact our EU representation:
Paperpile LLC & Co OG
4190 Bad Leonfelden