The privacy of your data—and it is your data, not ours!—is a big deal to us. In this policy, we lay out what data we collect and why, how your data is handled, and your rights with respect to your data. We promise we never sell your data: never have, never will.
This policy applies to the Disseminate platform, website, and related services (collectively, the “Services”) operated by Disseminate (“Company,” “we,” “our,” or “us”).
What We Collect and Why
Our guiding principle is to collect only what we need. Here is what that means in practice:
Identity and access
When you sign up for Disseminate, we ask for identifying information such as your name and email address. This allows you to personalize your account and allows us to send you product updates and essential information. We may also send you optional surveys from time to time to help us understand how you use the platform and to make improvements.
We will never sell your personal information to third parties, and we will not use your name or institution in marketing statements without your permission.
Billing information
If you sign up for a paid plan, you will be asked to provide payment information and a billing address. Credit card information is submitted directly to our payment processor and does not touch Disseminate servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for account history, invoicing, and billing support.
Content you provide
We store content that you upload, create, or receive through the Services, including manuscripts, reviews, editorial decisions, and comments. This is necessary to provide the Services to you. We keep this content as long as your account is active.
Geolocation data
We log the full IP address used to sign up an account and retain it for use in mitigating spam. We also log all account access by full IP address for security and fraud prevention purposes, and we keep this data for as long as your account is active.
Website interactions
We collect information about your browsing activity for analytics and statistical purposes such as conversion rate testing and experimenting with new product designs. This includes your browser and operating system versions, your IP address, which web pages you visited, and which website referred you to us.
Voluntary correspondence
When you email us with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future.
When We Access or Disclose Your Information
To provide the Services
We use third-party service providers (“subprocessors”) to help run the platform and provide the Services to you. These providers supply infrastructure, hosting, email delivery, and other operational capabilities. They are bound by data protection obligations and process your data only as necessary to provide the Services.
We do not permit any subprocessor, including artificial intelligence or machine learning service providers, to use your content for training models or any purpose other than delivering the Services to you. A current list of subprocessors is available upon request.
No human access without reason
No Disseminate employee looks at your content except for limited purposes with your express permission, for example, if an error occurs that stops an automated process and requires manual intervention. These are rare cases, and when they happen, we look for root cause solutions to prevent recurrence. We may also access your data if required to respond to legal process.
Aggregated and de-identified data
We may aggregate and de-identify information collected through the Services. We may use de-identified or aggregated data for any purpose, including analytics.
When required under applicable law
Disseminate is a U.S. company with data infrastructure located in the U.S. Our policy is to not respond to government requests for user data unless compelled by legal process or in limited circumstances in the event of an emergency request. If compelled by a legally binding order (warrant, criminal subpoena, or court order), we must comply. It is our policy to notify affected users before disclosing data unless we are legally prohibited from doing so.
If Disseminate is acquired by or merges with another company, we will notify you well before any of your personal information is transferred or becomes subject to a different privacy policy.
Your Rights
We strive to apply the same data rights to all users, regardless of location. These rights include:
- Right to Know. You have the right to know what personal information is collected, used, shared, or sold.
- Right of Access. You have the right to access the personal information we hold about you and to obtain information about how it is processed.
- Right to Correction. You have the right to request correction of your personal information.
- Right to Erasure. You have the right to request that your personal information be erased from our systems, subject to certain limitations under applicable law. Fulfillment of some deletion requests may require closing your account.
- Right to Restrict Processing. You have the right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (We never have and never will sell your personal data.)
- Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
- Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
- Right to not Be Subject to Automated Decision-Making. You have the right to object to and prevent any decision that could have a legal or similarly significant effect on you from being made solely based on automated processes. This right is limited if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
- Right to Non-Discrimination. We will not charge you a different amount, offer you different discounts, or give you a lower level of service because you have exercised your data privacy rights.
Many of these rights can be exercised by signing in and updating your account information. If you need assistance, please contact us at privacy@disseminate.pub.
How We Secure Your Data
All data is encrypted via SSL/TLS when transmitted from our servers to your browser. Database backups are also encrypted. We go to great lengths to secure your data at rest using industry-standard encryption practices.
Data Deletion
If you choose to cancel your account, your content will become immediately inaccessible. We may retain data as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.
Data Retention
We keep your information for the time necessary for the purposes for which it is processed. The length of time depends on the purposes for which we collected and used it and your choices, after which time we may delete or aggregate it. We may also retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Location of Data
The Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to and stored in the United States. By using the Services, you consent to this transfer.
Changes and Questions
We may update this policy as needed to comply with relevant regulations and reflect new practices. When we make significant changes, we will update the date at the top of this page and take appropriate steps to notify users.
Have questions, comments, or concerns about this privacy policy, your data, or your rights? Please get in touch at privacy@disseminate.pub.
This policy is adapted from the Basecamp open-source policies, licensed under CC BY 4.0.