Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
privacy [2018/08/20 23:17] – New privacy policy dstillmanprivacy [2024/02/27 12:16] (current) – Add Anrok to privacy policy. fcheslack
Line 3: Line 3:
 ===== Overview ===== ===== Overview =====
  
-Zotero is an open-source project committed to providing the best research tool available anywhere. Our philosophy is that what you put into Zotero is yours, and one of our founding principles is to make sure you remain in control of your data and can share it how you like — or choose not to share it at all.+Zotero is an open-source project committed to providing the best tool for managing your research. Our philosophy is that what you put into Zotero is yours, and one of our founding principles is to make sure you remain in control of your data and can share it how you like — or choose not to share it at all.
  
 **We are an independent, nonprofit organization and have no financial interest in your private information.** We fund further development by offering additional online storage space to people who find the software useful, not by selling data. **We are an independent, nonprofit organization and have no financial interest in your private information.** We fund further development by offering additional online storage space to people who find the software useful, not by selling data.
Line 33: Line 33:
  
   * **Syncing:** Sync preferences → leave unconfigured or disable automatic syncing   * **Syncing:** Sync preferences → leave unconfigured or disable automatic syncing
-  * **Automatic PDF metadata retrieval:** General preferences → disable "Automatically retrieve metadata for PDFs". //Note: We do not log any information about the contents of PDF metadata requests.//+  * **Automatic PDF metadata retrieval:** General preferences → disable "Automatically retrieve metadata for PDFs" 
 +    * We do not log any information about the contents of PDF metadata requests. 
 +  * **Open-access PDF retrieval:** General preferences → disable "Automatically attach associated PDFs and other files when saving items" 
 +    * If a PDF can't be saved for an item with a DOI, Zotero will send the DOI to Zotero servers to check for open-access versions. We do not log the contents of these requests. Disabling this preference will disable all automatic attachment saving.
   * **Broken site translator reporting:** disable "Report broken site translators" in the Advanced pane of Zotero and the Zotero Connector   * **Broken site translator reporting:** disable "Report broken site translators" in the Advanced pane of Zotero and the Zotero Connector
   * **Translator/style update checking:** Advanced preferences → disable "Automatically check for updated translators and styles"   * **Translator/style update checking:** Advanced preferences → disable "Automatically check for updated translators and styles"
-  * **Zotero update checking:** Advanced → Config Editor → set ''app.update.auto'' to false. //Note: Automatic update checking is strongly recommended for security and stability reasons.//+  * **Zotero update checking:** Advanced preferences → Config Editor → set ''app.update.auto'' to false 
 +    * Automatic update checking is strongly recommended for security and stability reasons. 
 +  * **Retracted item checking:** Advanced preferences → Config Editor → set ''retractions.enabled'' to false 
 +    * Retraction checks are performed [[/blog/retracted-item-notifications/#designed-for-privacy|without sharing]] the items you have in your database. 
 +  * **Proxy authentication checking:** Advanced → Config Editor → set ''extensions.zotero.triggerProxyAuthentication'' to false. 
 +    * At Zotero startup, HEAD requests are made to a test file on Amazon S3 and selected publisher websites (controlled by ''extensions.zotero.proxyAuthenticationURLs'') to trigger a proxy authentication prompt if and only if Zotero detects that a proxy is required to connect to the internet. If you disable this option and require an authenticated proxy, Zotero network connections will fail.
  
-If automatic syncing or automatic translator/style updates is enabled, Zotero will maintain a persistent connection to Zotero servers when it is open in order to provide immediate updates. You can disable this connection by disabling both of those options or by setting ''extensions.zotero.streaming.enabled'' to false in the Config Editor.+If automatic syncing or automatic translator/style updates are enabled, Zotero will maintain a persistent connection to Zotero servers when it is open in order to provide immediate updates. You can disable this connection by disabling both of those options or by setting ''extensions.zotero.streaming.enabled'' to false in the Config Editor.
  
 If you use the Zotero Connector without having Zotero open, the Connector will make a daily request to Zotero servers for information on available site translators. It will then download translators for the sites you visit. For example, if you load a <html><i>New York Times</i></html> article, the Connector will download Zotero’s <html><i>New York Times</i></html> translator and cache it. If Zotero doesn’t have a translator for a specific site, no request will be made. No information on the specific pages you visit is transmitted, and subsequent requests won’t be made for the same translator until you restart your browser or the translator is updated. You can avoid these requests by keeping Zotero open while you browse the web. If you use the Zotero Connector without having Zotero open, the Connector will make a daily request to Zotero servers for information on available site translators. It will then download translators for the sites you visit. For example, if you load a <html><i>New York Times</i></html> article, the Connector will download Zotero’s <html><i>New York Times</i></html> translator and cache it. If Zotero doesn’t have a translator for a specific site, no request will be made. No information on the specific pages you visit is transmitted, and subsequent requests won’t be made for the same translator until you restart your browser or the translator is updated. You can avoid these requests by keeping Zotero open while you browse the web.
 +
 +===== Permissions Warnings =====
 +
 +When using third-party platforms, we request the most restrictive permissions available that still allow Zotero to perform its advertised functions. In some cases, the necessary permissions can sound a bit scary, so we want to explain why they’re necessary.
 +
 +==== Zotero Connector ====
 +
 +When installing the Zotero Connector, your browser will warn you that the extension can “Read and change all your data on the websites you visit” (or similar). This is the standard permission that browser extensions that run on all pages require. Zotero uses it to determine what content it can save on a given page and update the save button accordingly, as well as to provide advanced features such as automatic proxy redirection and automatic RIS/BibTeX import. No data is stored except when you choose to save a page to either your local or online Zotero library.
 +
 +==== Google Docs Integration ====
 +
 +When you first use Google Docs integration, Google will ask you to grant Zotero Google Docs Integration permission to “See, edit, create, and delete all your Google Docs documents”. The plugin requires this permission to insert citations into your documents. The plugin doesn’t do anything else with your document content and doesn’t access documents other than the ones on which it’s triggered. The integration works entirely locally on your computer, so even when you trigger the plugin on a given document, nothing is sent to Zotero servers.
  
 ===== Storage Purchases ===== ===== Storage Purchases =====
Line 63: Line 83:
   * All Zotero server data is stored in the United States in Amazon Web Services. See [[:security|Security of Zotero Data]] for more information.   * All Zotero server data is stored in the United States in Amazon Web Services. See [[:security|Security of Zotero Data]] for more information.
   * Certain operations you perform in Zotero may trigger requests to public third-party services such as Crossref or the Library of Congress for metadata retrieval. These third parties may log your IP address and search terms (e.g., DOI or ISBN) according to their privacy policies, but no other identifying information is provided.   * Certain operations you perform in Zotero may trigger requests to public third-party services such as Crossref or the Library of Congress for metadata retrieval. These third parties may log your IP address and search terms (e.g., DOI or ISBN) according to their privacy policies, but no other identifying information is provided.
 +  * When you save items to or update items in Zotero, Zotero may, depending on your settings, connect to the associated sites to download metadata or save PDFs or snapshots. This is equivalent to loading those sites in your browser, and similar privacy implications apply. See [[kb:zotero_and_firewalls|Zotero and Firewalls]] for access requirements.
   * Some fonts on Zotero’s websites are licensed from myfonts.com. In order to verify Zotero’s compliance with this license, myfonts.com collects your IP address and the URL of the accessed Zotero webpage.   * Some fonts on Zotero’s websites are licensed from myfonts.com. In order to verify Zotero’s compliance with this license, myfonts.com collects your IP address and the URL of the accessed Zotero webpage.
   * When an account is registered, we use Google reCAPTCHA to verify that it is not an automated registration attempt.   * When an account is registered, we use Google reCAPTCHA to verify that it is not an automated registration attempt.
   * Payment processing is provided by [[https://stripe.com|Stripe]].   * Payment processing is provided by [[https://stripe.com|Stripe]].
   * When buyers are unable to use Stripe, we process payments with [[https://www.paypal.com|PayPal]].   * When buyers are unable to use Stripe, we process payments with [[https://www.paypal.com|PayPal]].
 +  * Additional accounting services use [[https://www.anrok.com/|Anrok]].
  
 ===== Deleting Your Data ===== ===== Deleting Your Data =====
Line 74: Line 96:
 ===== Backed-up Data ===== ===== Backed-up Data =====
  
-We make regular automated backups to protect against accidental loss of user data. These backups are intended for disaster recovery and would be accessed only in the event of significant data loss. Backups may be retained for up to 6 months.+We make regular automated backups of data on our servers to protect against accidental loss of user data. These backups are intended for disaster recovery and would be accessed only in the event of significant data loss. Backups may be retained for up to 6 months.
  
 ===== Legally Compelled Disclosure ===== ===== Legally Compelled Disclosure =====
privacy.1534821467.txt.gz · Last modified: 2018/08/20 23:17 by dstillman