top of page

Privacy Policy

Last Updated: January 15, 2026

1. Introduction

Welcome to Aurelius Canon Enricher (“we,” “us,” or “our”). We are committed to protecting your privacy and being transparent about how we handle information. This Privacy Policy explains what information we collect, how we use and share it, and your rights regarding that information.

Our offering includes:

  • The Website, hosted on Wix, which provides information about the product and may include member login functionality.
     

  • The Service, our enrichment API/application, which processes reference data to resolve DOIs and related publication metadata.
     

 

2. Information We Collect

We collect information only as necessary to provide, secure, and improve the Service.

A. Information You Provide

Uploaded Files (Not Retained)
You may upload files (such as TXT or DOCX) containing reference lists. The contents of uploaded files—including original reference text, formatting, and document structure—are processed in memory and are not retained after processing is complete and results are returned to you.

Email Address
If you sign up for a plan, complete a purchase, request support, or otherwise interact with the Service, we may collect your email address for account creation, service usage tracking, billing, and communication.

Account-related information, including email addresses and plan status, is stored securely within our Google Cloud Platform environment (such as Firestore), subject to appropriate access controls and security measures.

Email addresses may be used for:

  • Account creation and management
     

  • Usage tracking and plan enforcement
     

  • Service-related communications (including receipts, important updates, or support responses)
     

We use Google Workspace to manage email communications. We do not operate a CRM system at this time.

Payment Information
If you subscribe to a paid plan, payment information is collected and processed by our payment processor, Stripe. We do not have access to your full credit card details. We retain limited subscription-related identifiers (such as Stripe customer IDs, subscription IDs, subscription status, and billing period information) solely for billing, account management, and service access control.

Voluntary Correspondence
If you voluntarily send us information via email or other support channels (including file contents), we use that information only to respond to your request. Such correspondence is retained only as long as necessary to address the inquiry or for recordkeeping purposes consistent with applicable law.

 

B. Information We Collect Automatically

Usage Information (Metadata Only)
We log limited metadata about use of the Service, such as request timestamps, number of references processed, aggregate outcome counts (for example, how many DOIs were resolved), and service usage statistics. We do not log or store the original textual contents of uploaded reference lists.

This metadata may also include non-identifying processing outcomes (such as match confidence levels or resolution status) used to ensure service reliability and prevent erroneous enrichment.

IP-Based Rate Limiting
For anonymous or unauthenticated usage, we may process IP addresses in a hashed or transient form to enforce rate limits, prevent abuse, and maintain service security. These mechanisms are designed to avoid storing raw IP addresses in persistent user records.

Derived Bibliographic Metadata and Tags
As part of the enrichment process, the Service may derive and normalize bibliographic metadata from uploaded references, such as DOI, title, authors, journal, publication year, and similar citation fields.

In addition, the Service may derive structured or “tagged” fields (such as topical classifications, population indicators, methodological labels, or study-type descriptors) based on reference metadata. These derived fields are generated programmatically to support enrichment quality, filtering, analytics, and service functionality.

 

Derived metadata and tags do not include the original uploaded reference text and cannot be used to reconstruct a user’s original file or reference list.

Cached Metadata (Performance Cache)
To improve performance and reduce redundant external queries, we may retain derived bibliographic metadata and associated tags in a performance cache. This cache does not store original uploaded file content and is periodically reviewed.

Cached records may include non-identifying indicators of whether a reference was confidently resolved.

Entries reflecting unresolvable or low-confidence outcomes may be retained only temporarily and expire automatically after a short period.

Service Performance Data (Telemetry)
We collect limited operational performance and error data to monitor, secure, and improve the reliability of the Service. This data may include request timing information, error signals, and high-level system diagnostics.

Telemetry data is processed within our own cloud infrastructure and/or through trusted infrastructure and observability service providers. This data is used solely for service monitoring, debugging, performance optimization, and security purposes, and is not used for advertising or marketing.

We may update or change the specific tools or providers used for service observability over time as the Service evolves.

 

3. Website Cookies

Our website uses only essential cookies required for core functionality, such as security features and (if enabled) member login sessions via Wix. We do not use advertising cookies or third-party marketing or analytics trackers.

 

4. How We Use Your Information

We use collected information for the following purposes:

  • To provide and maintain the Service, including processing uploads and returning enriched results
     

  • For billing and account management, including managing subscriptions and enforcing plan limits
     

  • For security and abuse prevention
     

  • To improve the Service, including monitoring performance and diagnosing issues
     

  • For communication, including responding to inquiries and sending important service-related notices
     

 

5. Data Sharing and Third Parties

We do not sell personal data. We share information only as necessary to operate the Service.

A. Academic Indexing Services (Core Functionality)
To resolve publication metadata, we may send reference metadata (such as title, author, and publication year) to third-party scholarly services, including:

  • Crossref
     

  • OpenAlex
     

B. Advanced Enrichment Using OpenAI
We may use OpenAI to assist with enrichment based on bibliographic metadata you provide. Only the information necessary for enrichment is sent. OpenAI typically retains limited API data for up to 30 days for abuse monitoring and service integrity purposes, unless longer retention is required by law. We do not opt in to share API inputs or outputs for model training beyond what is required to provide the feature.

C. Service Providers
We use the following service providers:

  • Wix (website hosting and member login functionality)
     

  • Google Cloud Platform (hosting and infrastructure, including Firestore and BigQuery)
     

  • Google Workspace (email communication)
     

  • Stripe (payment and subscription processing)
     

 

6. Data Retention

We retain information only for as long as necessary to provide the Service and for legitimate business or legal purposes.

  • Uploaded file content is processed in memory and not retained after processing is complete
     

  • Derived bibliographic metadata and tags may be retained in a performance cache for efficiency
     

  • Account information is retained while the account remains active
     

  • Usage and audit metadata is retained for limited periods for security, abuse prevention, billing reconciliation, and monitoring
     

 

7. Security

We implement technical and organizational safeguards, including:

  • Privacy-preserving techniques for IP-based rate limiting
     

  • Secure infrastructure hosted on Google Cloud Platform
     

  • Encryption in transit using TLS
     

  • Access controls limiting data access to authorized personnel only
     

 

8. Children’s Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age.

If you believe that a child under 13 has provided us with personal information, please contact us at legal@aureliuscanon.com, and we will take appropriate steps to delete such information.

 

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, or request deletion of personal data we hold. To make a request, contact us at legal@aureliuscanon.com from the email address associated with your account (or provide sufficient verification). We will honor requests where feasible, subject to legal retention obligations.

 

10. Legal Bases for Processing (EEA/UK)

Where applicable, we process personal data under the following legal bases:

  • Contract, to provide the Service you request
     

  • Legitimate interests, to secure, maintain, and improve the Service
     

  • Consent, where required by law
     

 

11. International Data Transfers

Our service providers may process data in jurisdictions outside your country of residence. Where required, appropriate safeguards are used.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date. Material changes may be accompanied by additional notice.

 

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

legal@aureliuscanon.com

bottom of page