OpenReview Privacy Policy

Last updated: September 24, 2024

This Privacy Policy describes the manner in which OpenReview collects, uses, maintains and discloses information collected from its users.

OpenReview is dedicated to protecting your personal information and will make every reasonable effort to handle collected information appropriately. All information collected will be handled with care in accordance with OpenReview’s standards for integrity and objectivity and respect for your privacy. OpenReview aims to comply with all laws and regulations that apply to the gathering and use of personal information, including US privacy laws and the EU General Data Protection Regulation (GDPR).

Definitions

“Privacy Policy” is this document in its entirety.

Data Controller and Data Processor, Personal Data, Processing and Appropriate Technical and Organizational Measures) are defined in the European Union’s General Data Protection Regulation (GDPR).

All definitions from the OpenReview Terms of Use also apply in this document.

What Information We Collect From You

Information we gather when you visit the website or use the API

Whether the user is logged in or not, OpenReview collects information of the sort that web browsers typically make available (such as IP address, browser type, language preference, referring site, pages viewed, dates and times). In addition we use cookies (analytics, login cookies, and local storage). We use this information for the legitimate interests of administering the sites, malicious activity tracking, business analysis, research, and development. We also capture information related to how you interact with our products and services (including API calls) for the legitimate interest of business analysis, research, and development. This allows us to understand better how our visitors use the website, to refine the design of the site, improve the user experience, and decide where to target software development activities.

We use (or may use in future) cookies and similar technologies (including local storage, web beacons, and clear GIFs) to enhance your experience with the website and for analytics purposes. Cookies are small text files stored on your computer and accessible only to the websites that created them. Cookies are used to recognize you and to keep track of your preferences. If you are a registered user, OpenReview uses cookies to keep you logged into secure areas of the website. It is not necessary to permit cookies in order to read articles on OpenReview.net, but certain features of our websites may not function properly without the aid of cookies. If you would like to disable or otherwise manage the cookies placed on your computer or other device by us and others, please use your browser settings. Note that you will need to set your cookie preferences on each device and each web browser that you use. The independent AboutCookies.org website contains comprehensive information on how to modify your browser settings. You can conceal your true IP address by using a virtual private network (VPN).

We use Google Analytics to gather and summarize web analytical data. A description of how Google uses information collected from sites that use its services is located at https://policies.google.com/technologies/partner-sites. You may opt out of participating with Google Analytics by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

The complete record of all OpenReview API traffic is logged and kept for 90 days, including the IP address of the caller, and all arguments appearing in the URL. For a subset of API operations that store data in the system (POST/PUT/DELETE) we store in perpetuity (with access only to OpenReview administrators) all aspects of the API call, except password, but including IP address, user id making the API call, complete URL, and API body arguments. These logs are used by OpenReview Staff to debug the system, and occasionally to answer requests by Venue Organizers about author or reviewer activity (such as requests for a User’s last login date, file upload attempts, and failed submission attempts during the deadline).

Information we gather from registered users and public sources

When you register as a user with OpenReview, we collect certain “Profile” information. Name, email address, current position (university, company, self-employed) with its location, and a URL clearly showing your name are required for system registration. You may voluntarily provide other optional information, such as past email addresses, affiliation history, past demographic information, expertise description, education history, career history, additional contact information, additional homepages (such as those for DBLP, LinkedIn, Wikipedia, Semantic Scholar, Google Scholar, ORCHIDid other online identifiers), and conflicts-of-interest, such as name and email address of doctoral advisor. (It is your responsibility to obtain appropriate consent from any other person whose information you provide.)

This Profile information is useful when Venues are striving to build a cohort of submission reviewers with a balance of seniority, background, affiliations, and expertise, while also avoiding conflicts of interest.

Some Profiles are pre-created by aggregating information publicly available on the web, such as publication databases (e.g. from DBLP), grant databases (e.g. from NSF), directories (e.g. universities’ public faculty directories), home pages (e.g. individuals’ public home URLs), and other public information sources. Pre-created Profiles help Venues find relevant expertise with more diversity than they might otherwise.

In addition, registered Users may contribute Profile information to other users’ Profiles. For example, a professor’s PhD advisee may indicate their advisor, causing a new “advisee” relation to appear on the professor’s profile. Or, one user may contribute information (such as an affiliation) to another user’s Profile; such information is marked as “unconfirmed” and rendered in gray text until it has been confirmed by the Profile owner or other reliable validator of factual information.

Some email addresses are designated “confirmed email addresses” when the user has clicked on a link sent to that email address by the OpenReview system.

Some names are designated “confirmed names” when the user presses the save button in a profile containing those names.

All “Profile” information can be viewed publicly on your OpenReview profile page, with two exceptions:

  1. Email addresses are obfuscated by showing email domain only. Full email addresses are, however, shared with Venue Organizers (such as journal editors and program chairs, who may at their discretion further share with subordinates, such as action editors or area chairs). Designation as a “Venue Organizer” is granted at the discretion of the OpenReview Staff.
  2. Selected conflicts-of-interest and other relations may be hidden by the Profile owner from all but a designated list of readers. For example, designated readers may include certain Venue Organizers selected by the Profile owner.

The Profile owner may directly change or modify all Profile information, except confirmed email addresses and confirmed names (although these may be changed at special request by sending email to profiles@openreview.net).

The Edit history of Profile content is stored in the system, available to the Profile owner, the creator of the Profile-edit in question, and the OpenReview Database administrators.

Information gathered upon submission of articles and comments

Registered users may submit to OpenReview Venues Articles, Comments, and other Works, such as reviews and discussion. The content data fields are specified by the Venue Organizers. Additional Metadata fields gathered by the OpenReview system include the account name of the person submitting the content, and date of submission.

In the content submission and moderation process we link user accounts, authorship, and submitted content to track and process submissions. Data provided by the submitter may include, for example, author names, author emails, and submitter name, all of which may be displayed (depending on the readability policy of the Venue) with the article posting, email announcement of articles, and bulk metadata access via API. It is the responsibility of the submitter to obtain appropriate consent from any other person whose information the submitter provides.

Other Information you may provide us voluntarily

Users may voluntarily provide other information, such as when they email OpenReview support (info@openreview.net) for technical help requests. Users may also submit other types of information voluntarily through the OpenReview web site, such as ratings, reviewing bids, tags, comments, and preferences. Such information will be used in accordance with this Privacy Policy.

How we use information about you that we collect

We use the information that we collect to better understand how users use the System, to support efforts to improve Users’ experience through refining existing features and developing new features, and to optimize the System. We also use the information to administer the OpenReview API and website and verify accounts and activity and to monitor suspicious activity to help prevent abuse. In addition, we use and make available the information for the OpenReview Purpose and scientific communication purpose for which it was provided. Furthermore, if you email us about an issue, we will use your information to respond to your question. We will also use your information to communicate with you regarding the OpenReview System and your account with us.

Data Control Responsibility

The Venue Organizers and other Solicitors are considered the stewards and managers of Works for which they are the Solicitor, not OpenReview, which serves merely as the repository. Venue Organizers and other Solicitors are also stewards and managers of content about you that you did not submit, such as the assignment of reviewers to Submissions. The Venue Organizers and other Solicitors determine when, to whom, and how much of your information in Works they solicit is shared with others. More specifically, OpenReview and OpenReview Staff are a Data Controller (in the GDPR sense) only for Works for which “OpenReview.net” is the Solicitor. With respect to all other Works, OpenReview is a Data Processor but not a Data Controller; in this case the Data Controller is the Work’s Solicitor (for example, the Venue soliciting the Article Submissions).

If you choose to submit an Article or any other Work, it is important that you understand the terms and conditions set by the Solicitor. The practices regarding the level of openness vary throughout OpenReview.net, as determined by the Solicitor. For example, depending on the policies of a Venue, content submitted by users to that Venue may be freely accessible and available to any third-party use. Your Submission of a Work constitutes your acceptance of the level of sharing planned by the applicable Solicitor.

With whom we share your information

Venue Organizers, other Solicitors, and other Users. Generally speaking, information sharing choices are determined by the Venue or other Solicitor of Works containing the information. (The Solicitor is the Data Controller, while OpenReview, OpenReview Staff, and the OpenReview System are the Data Processors.) When a user responds to a Solicitor’s invitation to upload a Work to the OpenReview System, that work is stored in the OpenReview Database, and assigned readers, nonreaders, and writers according to the parameters of the Solicitor’s invitation. The OpenReview System will thus share the Work you upload according to the Work’s “readers” and “nonreaders” Database fields. Users with “write” permission (typically the Venue Organizers and Authors) to the Work may also be invited to modify the Work, including its “readers” and “nonreaders” fields. Typically the Venue or other Solicitor publicly discloses its intended workflow, and Submitters can thus know in advance the schedule and extent of information sharing planned.

Service Providers. We use third party service providers to help us operate the OpenReview System. These third party vendors have access to some information about our Users, but they are required to protect the confidentiality of the information and to use it only on our behalf. The types of service providers with which we share include providers of email services, other communication services, website development, website hosting, analytics, and security.

Legal compliance. OpenReview will also share information about users when required to do so by law, or in the good faith belief that such action is necessary to comply with state and federal laws or to respond to a court order, subpoena or search warrant. We will also share information if we believe that it is necessary to protect the rights, property and safety of OpenReview or others. If we share information about you for this reason, we will use reasonable efforts to inform you of this disclosure, unless we are prohibited by law from doing so.

Business Transactions. We may also share information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.

Consent. We will also share your information in the event that you consent to us sharing it in a certain way.

De-identified Information. If we have de-identified your information such that it can no longer be linked directly to you, we may use and share such de-identified information for purposes of analyzing, debugging, or improving the OpenReview System and OpenReview Purpose.

Protecting your information

No method of transmitting data over the internet or storing electronic data is 100% secure, but OpenReview aims to provide technical and organizational methods to protect against the loss, misuse, or alteration of the information that is under our control.

Third Party Website Links

There are links from OpenReview to other websites that we neither own nor control. OpenReview is not responsible for the content, privacy practices, or web accessibility needs on these websites. These websites have their own privacy policies and your visiting these websites from our website is subject to those website’s own terms and policies. This Privacy Policy covers only information collected through OpenReview.net.

Do Not Track Signals

Do Not Track (“DNT”) is a privacy preference that users may set in certain web browsers. We do not currently respond to DNT signals.

General Data Protection Regulation (GDPR)

If you are located within the European Economic Area (European Union, Norway, Liechtenstein, the United Kingdom, and Iceland), we acknowledge the rights granted to you under the General Data Protection Regulation (GDPR) and provide you with some additional information required by the GDPR in this section.

Legal Bases for Processing. We use a variety of legal bases for processing your information, as follows:

  • Legitimate Interests. We will process your information when it is in our legitimate business interests to do so, such as analyzing use of the services, communicating with you, enhancing the services, and for other internal business operations.
  • Performance of a contract. We will process your information where it is necessary to provide the services of the OpenReview Terms of Use and OpenReview Purpose to you and other OpenReview Users, including to manage your registration and provide you with access to the System.
  • Consent. We will process your information when you give us consent to process it for particular purposes.

Data Subject Rights. The GDPR offers the following rights to EU data subjects:

  1. Right to access your information held by us
  2. Right to correct inaccurate or incorrect information about you
  3. Right to the erasure of your information when it is no longer necessary for us to retain it
  4. Right to restrict processing of your personal information in specific situations
  5. Right to object to processing your information, including sending you communications that may be considered direct-marketing materials
  6. Right to object to automated decision-making and profiling, where applicable
  7. Right to complain to a supervisory authority in your jurisdiction within the EU

We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law. Please contact us with any questions, concerns, or if you wish to exercise any of these rights: privacy@openreview.net.

International Transfer. Please note that in providing services to you, your information may be transferred and stored in jurisdictions (including the United States) other than your jurisdiction of residence, and that such other jurisdictions may have data protection laws that differ from those in your jurisdiction. By using the website, you acknowledge that these transfers may occur.

Retention of Information

We retain your information for no longer than necessary for the OpenReview Purpose or purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and used it and/or as required to comply with applicable laws.

Children’s Privacy

Use of OpenReview is intended for adults at least eighteen (18) years of age and we do not knowingly collect personally-identifying information from children under the age of thirteen (13).

Changes to this Document

OpenReview may update this Privacy Policy at any time in its sole discretion. Changes become effective upon posting. Users will be notified of the date of last update to this Privacy Policy before logging in to the OpenReview Web Site. The date on the top of this document indicates the date the policy was last updated. Your continued use of the OpenReview System after the Privacy Policy has been modified means that you accept the revised terms. We will also comply with any applicable laws governing notice or choice in the event we make any material changes to this Privacy Policy. It is your responsibility to review the Privacy Policy periodically to become aware of any modifications.

Questions?

If you have any questions about this Privacy Policy, or privacy-related requests, please email us at privacy@openreview.net