Privacy policy

This Privacy Policy describes how Astera Institute ("we," "us," or "our") collects, uses, and shares personal information when you use The Stacks. ## Information we collect ### Information you provide - Account registration details (name, email) - Profile information - Submitted content and metadata - Communications with us ### Automatically collected information - Log data (IP address, pages visited, timestamps) - Device and browser information - Cookies and similar technologies - Telemetry required for operating an open-source service ### Analytics data We use privacy‑respecting analytics tools to understand how users interact with the Service. We may also use Google Analytics or similar services. These tools collect information such as page views, session duration, and referrer URLs. Users may opt out of non-essential analytics via our cookie banner or via the “Your privacy choices” link in the site footer. Google may use tracking technologies to collect or receive data from the Service and use it to provide measurement services. You can learn more about how Google Analytics processes data at: [https://policies.google.com/technologies/partner-sites](https://policies.google.com/technologies/partner-sites) ## How we use information We use the information we collect to: - Provide and operate the Service - Improve features and performance - Personalize content - Communicate with you about updates, support, and features - Ensure safety, integrity, and compliance - Maintain a permanent scholarly record of published contributions and associated metadata - Detect, investigate, and prevent harmful or unlawful behavior ## Cookies and tracking technologies We use cookies to: - Enable essential functionality - Maintain login sessions and user preferences - Support analytics (including Google Analytics, if enabled) You can manage cookie preferences through your browser and through our cookie banner. Non-essential cookies are disabled and will not be set without your consent where legally required. ## How we share information We may share information with: - Service providers that assist with hosting, analytics, support, or platform functionality - Legal authorities when required by law - Other users, through publicly available published content We do not sell personal data. We may redact or de-identify personal data contained in user submissions when necessary to comply with legal obligations or protect safety. ## Legal bases for processing Where the GDPR applies, we process personal data under one or more of the following legal bases: - Contract necessity (e.g., account creation and operation) - Legitimate interests (e.g., Service security, moderation, analytics necessary for operations) - Consent (e.g., non-essential cookies) - Public interest in maintaining a scholarly record - Scientific or historical research purposes ## Data retention We retain personal information only as needed for operational, legal, or safety purposes. Published content is retained indefinitely due to persistent identifiers and for the public-interest purpose of maintaining the scholarly record. Where deletion of public comments or contributions is requested, we may pseudonymize, de-identify, or replace such content rather than remove it entirely to preserve academic integrity. ## Your rights Depending on your jurisdiction, you may have rights including: - Access to your personal data - Correction or deletion (except for published content and subject to legitimate archiving or research exceptions). - Objection or restriction of processing - Data portability We honor these rights where required by applicable law. If we deny a deletion request due to public-interest archiving, we will explain the legal basis and may offer pseudonymization instead. Individuals located in the European Union may have the right to lodge a complaint with their local supervisory authority. ## International users If you access the Service from outside the U.S., your information may be transferred to and processed in jurisdictions with different data protection laws. Where legally required (e.g., GDPR), we rely on mechanisms such as Standard Contractual Clauses, supplemented by technical and organizational safeguards. ## Data security We implement reasonable administrative, technical, and physical safeguards to protect user information. However, no system is completely secure. User Content may include publicly accessible components outside our control (e.g., links to third-party repositories), and we are not responsible for those environments. ## Children’s privacy The Service is not intended for children under 16, and because content submitted to the platform may become publicly accessible, users should not submit personal information about children. We do not knowingly collect personal information from children. ## Changes to this policy We may update this Privacy Policy periodically. If we make material changes, we will provide notice on the Service. ## Contact us For questions about this Privacy Policy, contact us at .