This document is provided to set expectations and understanding about PREreview’s practices and services. It is not legally binding.
Current version (this document): v1, 24 April, 2023
PREreview is a fiscally sponsored project of Code for Science and Society, a registered 501(c)3 nonprofit organization based in the United States of America.
We strive to adhere to the highest ethical standards in all of our operations and are dedicated to protecting the privacy of everyone who interacts with us. We do not sell, barter, give away, rent, or permit anyone outside of PREreview, our Advisory Committee, and project-scoped contractors to use or access information about our partners, collaborators, research participants, or website visitors.
We use third-party services to publish work, keep in touch with people, and understand how we can do both of these things better. Here you can find out what these services are and how we handle all sorts of data, from event sign-up to preprint review platform data collection.
If there is additional information you would like to see in this document about our practices, or if you have other comments or questions, please reach out to firstname.lastname@example.org.
Our site and services
We use the following services to run our websites and understand how people use them.
PREreview web domain
Prereview.org domain is registered with Google Domains.
Google Drive and email
- PREreview preprint review platform code is openly available under MIT License on our organizational GitHub repository.
- Signup and login are built via the ORCID public API, meaning that all PREreview users must have an ORCID iD in order to create an account.
- PREreview provides a RESTful API documented using the OpenAPI v3.0 standard. Using this API and simple web requests, users have access to all of the same data and functionality as is exposed by the PREreview.org website. A basic overview of the API's functionality is provided here (with examples using the common open-source command-line utility cURL). The OpenAPI specification is available in JSON format here, and detailed, automatically generated documentation of all available endpoints and methods is available here.
- Application logs are sent to Axiom.
- Data is stored in Upstash.
- The website is monitored with UptimeRobot.
- Full PREreviews on our platform are licensed CC-BY 4.0 and receive a digital object identifier (DOI) via Zenodo.
Social media: Twitter, LinkedIn, Mastodon
Research is an important part of our work: it helps us understand people’s needs and build better products and services.
We conduct user experience research in the form of 1:1 interviews, community calls, and user research sprints. Feedback from 1:1 interviews is kept for internal use in improving PREreview.org, though we may share trends from 1:1 interviews in the aggregate without identifying any participants. Notes and recordings from community calls and user research prints are public. We remind participants to manage their participation accordingly in ways that feel comfortable to them regarding their privacy and security at the start of each call and sprint before recording and note taking begin. We also partner with ReadySet to help us challenge our own assumptions from an equity, diversity and inclusion perspective and implement outreach and partnership strategies grounded in our values to get feedback from stakeholders in our work.
Things we don’t do
PREreview doesn’t participate in the following data processing activities:
- Buying or selling marketing lists
- Entering into data sharing agreements with other organizations
- Telephone marketing
- Postal marketing
- CCTV surveillance
We don’t use “soft opt-in”, meaning you won’t receive any marketing communication from us unless you’ve specifically agreed to it.
Keeping data secure
We carefully choose our services and tools at PREreview. It’s important that they follow good security practices, like HTTPS, two-factor authentication and the ability to set a strong password.
In the event of a data breach, we are required to notify the Information Commissioner’s Office. We will do so following their guidance.
There are exemptions to data protection regulations that may require us to share data about you, including requests by law enforcement. This includes requirements and orders in the United States, where we are based.
In drafting this policy we used a number of different resources and inspirations. We want to offer particular thanks to Simply Secure (now rebranding as Superbloom) and Measurement Lab for their clear examples.