Information Privacy Policy

01

Personal Data We Collect

We collect only the data necessary to provide our research-management services. The categories below describe the personal data we may process:

Account Information

Full name, email address, username, password (hashed), profile picture, bio, and affiliations.

Research Content

Ideas, protocols, projects, tasks, notes, manuscripts, submissions, publication records, and file attachments you create within the platform.

Communications

Messages exchanged through in-app messaging, support requests, and contact-form submissions.

Usage & Technical Data

IP addresses, browser type, operating system, pages visited, timestamps, referral URLs, and session identifiers collected automatically via server logs.

Public Profile Data

Optional information you choose to make public, such as Google Scholar URL, displayed affiliations, bio, and profile views (deduplicated per day using anonymous cookie hashes).

02

Lawful Bases for Processing

Where applicable data-protection law requires a legal basis, we rely on the following:

Lawful Basis	Applies To
Contract performance	Providing the SciTrack platform, account creation, managing research workflows, and delivering customer support.
Legitimate interest	Improving platform security, preventing fraud, generating aggregated analytics, and enhancing user experience.
Consent	Sending optional marketing communications, enabling public profiles, and non-essential cookies or analytics.
Legal obligation	Complying with applicable laws, responding to lawful requests from authorities, and maintaining audit records.

03

How We Use Your Data

Your personal data is used exclusively for the following purposes:

Platform Delivery — To create and maintain your account, authenticate sessions, and provide access to your research workspace (ideas, protocols, projects, tasks, notes, manuscripts, and submissions).
Communication — To send transactional emails (verification, password resets, notification digests), respond to support requests, and facilitate in-app messaging between team members.
Platform Improvement — To analyse anonymised usage patterns, diagnose bugs, and improve the functionality and performance of SciTrack.
Security — To detect and prevent fraudulent or unauthorised access, enforce our terms of service, and maintain platform integrity (e.g., CSRF protection, IP-based rate limiting).
Legal Compliance — To comply with applicable regulations and respond to lawful data-access requests.

We do not sell your personal data, and we do not use it for automated decision-making or profiling.

04

Data Sharing & Third Parties

SciTrack is private by default. Your research content is never shared publicly unless you explicitly choose to make specific items public. We may share limited data with the following categories of recipients:

Infrastructure Providers — Hosting (cPanel/server provider), email delivery services (e.g., Mailtrap for transactional emails). These providers act as data processors under contractual obligations.
Legal Authorities — If required by applicable law, subpoena, court order, or to protect the rights, safety, and property of SciTrack and its users.
You — Public profile data (name, bio, affiliations, Google Scholar link) is displayed only if you opt in to a public researcher profile.

We do not share your data with advertisers, data brokers, or any unrelated third parties.

05

Data Storage & Security

We implement industry-standard technical and organisational measures to protect your data:

Encryption All data in transit is encrypted via TLS/SSL. Passwords are stored using bcrypt hashing.

Access Control Role-based access ensures that only authorised personnel can access production systems. User workspaces are strictly isolated.

Infrastructure SciTrack is deployed on secured servers with regular patching, firewall rules, and intrusion monitoring.

Audit Logging Administrative actions and security-relevant events are logged for accountability and incident response.

While no system can guarantee absolute security, we are committed to maintaining the highest practical standard of data protection.

06

Retention & Deletion

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.

Data Category	Retention Period
Account data	Until you delete your account or request erasure
Research content	Until you delete the content or your account
Messages & communications	Until deleted by you or upon account deletion
Server & access logs	Up to 90 days (automatically purged)
Support tickets	Up to 2 years after resolution
Audit logs	Up to 1 year

Upon account deletion, we remove or anonymise your personal data within 30 days, except where retention is legally required.

07

Cookies & Analytics

SciTrack uses a minimal set of cookies necessary for the platform to function. We do not use third-party advertising cookies.

Cookie / Technology	Purpose	Duration
`PHPSESSID`	Session management and authentication	Session (browser close)
`_csrf`	Cross-site request forgery protection	Session
`remember_me`	Persistent login (if opted in)	30 days
Anonymous visitor hash	Deduplicating public-profile views per day	24 hours

We do not integrate third-party analytics services (e.g., Google Analytics) at this time. If this changes, we will update this policy and notify users accordingly.

08

Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Rectification

Correct inaccurate or incomplete data via your account settings.

Erasure

Request deletion of your personal data and account.

Data Portability

Receive your data in a structured, machine-readable format.

Restrict Processing

Request that we limit or stop processing your data in certain circumstances.

Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at admin@scitrack.net or use the Contact page. We will respond within 30 days.

09

International Data Transfers

SciTrack's servers are located in the hosting region associated with our infrastructure provider. If you access SciTrack from outside this region, your data may be transferred to and stored in that region.

Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by relevant data-protection authorities.
Ensuring the receiving jurisdiction provides an adequate level of data protection.
Contractual obligations with processors to maintain equivalent security standards.

10

Children's Privacy

SciTrack is designed for professional researchers, academics, and adult users. We do not knowingly collect personal data from children under the age of 16 (or the applicable minimum age in your jurisdiction).

If we become aware that we have inadvertently collected data from a child, we will promptly delete such data and terminate the associated account. If you believe a child has provided us with personal data, please contact us at admin@scitrack.net.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. When we make material changes:

We will update the "Last updated" date at the top of this page.
For significant changes, we will notify registered users via email or an in-app notification.
Continued use of SciTrack after an update constitutes acceptance of the revised policy.

We encourage you to review this page periodically to stay informed.

12

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

Email

admin@scitrack.net

Contact form

Send us a message →