Last updated: September 22, 2023
OpenReview is dedicated to protecting your personal information and will make every reasonable effort to handle collected information appropriately. All information collected will be handled with care in accordance with OpenReview’s standards for integrity and objectivity and respect for your privacy. OpenReview aims to comply with all laws and regulations that apply to the gathering and use of personal information, including US privacy laws and the EU General Data Protection Regulation (GDPR).
Data Controller and Data Processor, Personal Data, Processing and Appropriate Technical and Organizational Measures) are defined in the European Union’s General Data Protection Regulation (GDPR).
What Information We Collect From YouInformation we gather when you visit the website or use the API
We use Google Analytics to gather and summarize web analytical data. A description of how Google uses information collected from sites that use its services is located at https://policies.google.com/technologies/partner-sites. You may opt out of participating with Google Analytics by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
The complete record of all OpenReview API traffic is logged and kept for 90 days, including the IP address of the caller, and all arguments appearing in the URL. For a subset of API operations that store data in the system (POST/PUT/DELETE) we store in perpetuity (with access only to OpenReview administrators) all aspects of the API call, except password, but including IP address, user id making the API call, complete URL, and API body arguments. These logs are used by OpenReview Staff to debug the system, and occasionally to answer requests by Venue Organizers about author or reviewer activity (such as requests for a User’s last login date, file upload attempts, and failed submission attempts during the deadline).Information we gather from registered users and public sources
When you register as a user with OpenReview, we collect certain “Profile” information. Name, email address, institution, and homepage URL are required for system registration. You may voluntarily provide other optional information, such as past email addresses, affiliation history, demographic information, expertise description, education history, career history, additional contact information, additional homepages (such as those for DBLP, LinkedIn, Wikipedia, Semantic Scholar, Google Scholar, ORCHIDid other online identifiers), and conflicts-of-interest, such as name and email address of doctoral advisor. (It is your responsibility to obtain appropriate consent from any other person whose information you provide.)
This Profile information is useful when Venues are striving to build a cohort of submission reviewers with a balance of seniority, background, affiliations, and expertise, while also avoiding conflicts of interest.
Some Profiles are pre-created by aggregating information publicly available on the web, such as publication databases (e.g. from DBLP), grant databases (e.g. from NSF), directories (e.g. universities’ public faculty directories), home pages (e.g. individuals’ public home URLs), and other public information sources. Pre-created Profiles help Venues find relevant expertise with more diversity than they might otherwise.
In addition, registered Users may contribute Profile information to other users’ Profiles. For example, a professor’s PhD advisee may indicate their advisor, causing a new “advisee” relation to appear on the professor’s profile. Or, one user may contribute information (such as an affiliation) to another user’s Profile; such information is marked as “unconfirmed” and rendered in gray text until it has been confirmed by the Profile owner or other reliable validator of factual information.
Some email addresses are designated “confirmed email addresses” when the user has clicked on a link sent to that email address by the OpenReview system.
Some names are designated “confirmed names” when the user presses the save button in a profile containing those names.
All “Profile” information can be viewed publicly on your OpenReview profile page, with two exceptions:
- Email addresses are obfuscated by showing email domain only. Full email addresses are, however, shared with Venue Organizers (such as journal editors and program chairs, who may at their discretion further share with subordinates, such as action editors or area chairs). Designation as a “Venue Organizer” is granted at the discretion of the OpenReview Staff.
- Selected conflicts-of-interest and other relations may be hidden by the Profile owner from all but a designated list of readers. For example, designated readers may include certain Venue Organizers selected by the Profile owner.
The Profile owner may directly change or modify all Profile information, except confirmed email addresses and confirmed names (although these may be changed at special request by sending email to firstname.lastname@example.org).
The Edit history of Profile content is stored in the system, available to the Profile owner, the creator of the Profile-edit in question, and the OpenReview Database administrators.Information gathered upon submission of articles and comments
Registered users may submit to OpenReview Venues Articles, Comments, and other Works, such as reviews and discussion. The content data fields are specified by the Venue Organizers. Additional Metadata fields gathered by the OpenReview system include the account name of the person submitting the content, and date of submission.
In the content submission and moderation process we link user accounts, authorship, and submitted content to track and process submissions. Data provided by the submitter may include, for example, author names, author emails, and submitter name, all of which may be displayed (depending on the readability policy of the Venue) with the article posting, email announcement of articles, and bulk metadata access via API. It is the responsibility of the submitter to obtain appropriate consent from any other person whose information the submitter provides.Other Information you may provide us voluntarily
How we use information about you that we collect
We use the information that we collect to better understand how users use the System, to support efforts to improve Users’ experience through refining existing features and developing new features, and to optimize the System. We also use the information to administer the OpenReview API and website and verify accounts and activity and to monitor suspicious activity to help prevent abuse. In addition, we use and make available the information for the OpenReview Purpose and scientific communication purpose for which it was provided. Furthermore, if you email us about an issue, we will use your information to respond to your question. We will also use your information to communicate with you regarding the OpenReview System and your account with us.
Data Control Responsibility
The Venue Organizers and other Solicitors are considered the stewards and managers of Works for which they are the Solicitor, not OpenReview, which serves merely as the repository. Venue Organizers and other Solicitors are also stewards and managers of content about you that you did not submit, such as the assignment of reviewers to Submissions. The Venue Organizers and other Solicitors determine when, to whom, and how much of your information in Works they solicit is shared with others. More specifically, OpenReview and OpenReview Staff are a Data Controller (in the GDPR sense) only for Works for which “OpenReview.net” is the Solicitor. With respect to all other Works, OpenReview is a Data Processor but not a Data Controller; in this case the Data Controller is the Work’s Solicitor (for example, the Venue soliciting the Article Submissions).
If you choose to submit an Article or any other Work, it is important that you understand the terms and conditions set by the Solicitor. The practices regarding the level of openness vary throughout OpenReview.net, as determined by the Solicitor. For example, depending on the policies of a Venue, content submitted by users to that Venue may be freely accessible and available to any third-party use. Your Submission of a Work constitutes your acceptance of the level of sharing planned by the applicable Solicitor.
With whom we share your information
Venue Organizers, other Solicitors, and other Users. Generally speaking, information sharing choices are determined by the Venue or other Solicitor of Works containing the information. (The Solicitor is the Data Controller, while OpenReview, OpenReview Staff, and the OpenReview System are the Data Processors.) When a user responds to a Solicitor’s invitation to upload a Work to the OpenReview System, that work is stored in the OpenReview Database, and assigned readers, nonreaders, and writers according to the parameters of the Solicitor’s invitation. The OpenReview System will thus share the Work you upload according to the Work’s “readers” and “nonreaders” Database fields. Users with “write” permission (typically the Venue Organizers and Authors) to the Work may also be invited to modify the Work, including its “readers” and “nonreaders” fields. Typically the Venue or other Solicitor publicly discloses its intended workflow, and Submitters can thus know in advance the schedule and extent of information sharing planned.
Service Providers. We use third party service providers to help us operate the OpenReview System. These third party vendors have access to some information about our Users, but they are required to protect the confidentiality of the information and to use it only on our behalf. The types of service providers with which we share include providers of email services, other communication services, website development, website hosting, analytics, and security.
Legal compliance. OpenReview will also share information about users when required to do so by law, or in the good faith belief that such action is necessary to comply with state and federal laws or to respond to a court order, subpoena or search warrant. We will also share information if we believe that it is necessary to protect the rights, property and safety of OpenReview or others. If we share information about you for this reason, we will use reasonable efforts to inform you of this disclosure, unless we are prohibited by law from doing so.
Business Transactions. We may also share information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
Consent. We will also share your information in the event that you consent to us sharing it in a certain way.
De-identified Information. If we have de-identified your information such that it can no longer be linked directly to you, we may use and share such de-identified information for purposes of analyzing, debugging, or improving the OpenReview System and OpenReview Purpose.
Protecting your information
No method of transmitting data over the internet or storing electronic data is 100% secure, but OpenReview aims to provide technical and organizational methods to protect against the loss, misuse, or alteration of the information that is under our control.
Third Party Website Links
Do Not Track Signals
Do Not Track (“DNT”) is a privacy preference that users may set in certain web browsers. We do not currently respond to DNT signals.
General Data Protection Regulation (GDPR)
If you are located within the European Economic Area (European Union, Norway, Liechtenstein, the United Kingdom, and Iceland), we acknowledge the rights granted to you under the General Data Protection Regulation (GDPR) and provide you with some additional information required by the GDPR in this section.
Legal Bases for Processing. We use a variety of legal bases for processing your information, as follows:
- Legitimate Interests. We will process your information when it is in our legitimate business interests to do so, such as analyzing use of the services, communicating with you, enhancing the services, and for other internal business operations.
- Consent. We will process your information when you give us consent to process it for particular purposes.
Data Subject Rights. The GDPR offers the following rights to EU data subjects:
- Right to access your information held by us
- Right to correct inaccurate or incorrect information about you
- Right to the erasure of your information when it is no longer necessary for us to retain it
- Right to restrict processing of your personal information in specific situations
- Right to object to processing your information, including sending you communications that may be considered direct-marketing materials
- Right to object to automated decision-making and profiling, where applicable
- Right to complain to a supervisory authority in your jurisdiction within the EU
We will consider all requests and provide our response within the time period stated by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request as required or permitted by applicable law. Please contact us with any questions, concerns, or if you wish to exercise any of these rights: email@example.com.
International Transfer. Please note that in providing services to you, your information may be transferred and stored in jurisdictions (including the United States) other than your jurisdiction of residence, and that such other jurisdictions may have data protection laws that differ from those in your jurisdiction. By using the website, you acknowledge that these transfers may occur.
Retention of Information
We retain your information for no longer than necessary for the OpenReview Purpose or purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and used it and/or as required to comply with applicable laws.
Use of OpenReview is intended for adults at least eighteen (18) years of age and we do not knowingly collect personally-identifying information from children under the age of thirteen (13).
Changes to this Document