Scholar Sidekick is designed to be safe by default. We minimise data collection, avoid long-term storage, and aim to be transparent about how requests are handled.
This page explains what information is processed, why, and how it is handled.
Summary (plain language)
Scholar Sidekick can be used without an account for its core features.
We do not sell, share, or monetise user data.
User inputs are processed on demand; raw citation inputs are not retained as application data after the request completes.
We retain only minimal operational logs needed to run the service.
We do not use advertising trackers. We use limited, privacy-focused analytics and performance telemetry to understand aggregate usage and improve reliability.
Information we process
1. User-provided input
When you use Scholar Sidekick, you may provide identifiers or references such as:
DOIs, PMIDs, ISBNs, ISSNs
URLs or free-text citations
How this data is used:
Inputs are processed in memory to generate citation output.
By default, inputs are processed in memory and discarded once the response is returned.
We do not build libraries, profiles, or long-term records of user inputs.
2. Operational metadata
Like most web services, we temporarily process limited technical metadata, such as:
IP address
User agent
Timestamp of request
Purpose:
Ensuring service reliability
Preventing abuse or automated misuse
Debugging operational issues
Retention:
Hosting/runtime logs are retained only briefly - on the order of about an hour, per our hosting provider's default for our current plan tier.
Error-monitoring events are retained for up to 30 days.
Scholar Sidekick does not configure any longer custom retention beyond these provider defaults.
Logs are not linked to user identities or stored alongside citation content.
Browser extensions
Our official browser extensions for Chrome, Firefox, and Edge transmit user-selected text to our citation-formatting API to produce a formatted citation. The data flow is the same as the public API:
Only the text you explicitly select and submit via the right-click “Cite” action is sent. The extensions contain no content scripts and do not read page contents, browsing history, or any other data from the pages you visit.
Selected text is processed in memory to produce the citation and is not retained as application data after the request completes.
Requests are rate-limited by IP address and logged with the same minimal operational metadata described above (IP address, user agent, timestamp).
The extensions contain no analytics, advertising trackers, or behavioural telemetry.
Cookies and tracking
Scholar Sidekick does not use:
Advertising cookies
Behavioural tracking
Third-party analytics for marketing or profiling
We may use limited, non-identifying first-party and platform telemetry mechanisms for reliability and aggregate performance measurement. These are not used for advertising or behavioural profiling.
Third-party services
To resolve bibliographic metadata, Scholar Sidekick may query external public services, such as:
Crossref
PubMed / NCBI
Open Library
Other public bibliographic endpoints, depending on identifier type
What is shared:
Only the identifier or reference text required to retrieve citation metadata
Limited operational and telemetry metadata for hosting, performance monitoring, and error reporting
What is not shared:
No personal data beyond transient technical metadata required for service operation
No user profiles
No usage history
Hosting & telemetry services used:
Sentry (error monitoring)
Vercel Analytics
Vercel Speed Insights
Each third-party service is subject to its own privacy policies.
Data storage and security
Requests are processed on demand
Raw citation inputs are not retained as application data after the request completes
No user accounts or persistent identifiers are created
HTTPS is enforced for all traffic
Standard security practices are used to protect the service and infrastructure
Error and telemetry events are scrubbed to remove sensitive identifier fields before transmission to observability providers
If optional user accounts or paid features are introduced in the future, this policy will be updated to clearly describe what additional data is stored and for what purpose.
Data sales and advertising
Scholar Sidekick does not:
Sell user data
Share data with advertisers
Use data for marketing or profiling
Train models on user input
International users
Scholar Sidekick is available globally. Operational infrastructure is provided by Vercel Inc., based in the United States, with content delivered via a global edge network; error monitoring is provided by Sentry. Citation requests may be processed in any of these jurisdictions. The data handling principles described here apply regardless of where a request is processed.
Scholar Sidekick aims to handle personal data consistently with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and UK GDPR, for users in those jurisdictions. Because the service does not maintain user accounts, persistent identifiers, or long-term records of inputs, the volume of personal data processed is intentionally minimal.
Your choices and questions
Because Scholar Sidekick does not maintain user accounts or long-term personal records, there is typically no personal data to access, correct, or delete.
If you have questions about this policy or about how operational metadata is handled, you can contact:
