top of page

Privacy Policy

V1.2

Last Updated: February 4, 2026

1. Introduction

Welcome to Aurelius Canon Enricher (“we,” “us,” or “our”). We are committed to protecting your privacy and being transparent about how we handle information. This Privacy Policy explains what information we collect, how we use and share it, and your rights regarding that information.

Our offering includes:

  • The Website, hosted on Wix, which provides information about the product and may include member login functionality.
     

  • The Service, our enrichment API/application, which processes reference data to resolve DOIs and related publication metadata.
     

 

2. Information We Collect

We collect information only as necessary to provide, secure, and improve the Service.

A. Information You Provide

Uploaded Files (Not Retained)
You may upload files (such as TXT or DOCX) containing reference lists. The contents of uploaded files—including original reference text, formatting, and document structure—are processed in memory and are not retained after processing is complete and results are returned to you.

Email Address
If you sign up for a plan, complete a purchase, request support, or otherwise interact with the Service, we may collect your email address for account creation, usage tracking, billing, and communication.

Account-related information, including email addresses and plan status, is stored securely within our Google Cloud Platform environment (such as Firestore), subject to appropriate access controls and security measures.

Email addresses may be used for:

  • Account creation and management
     

  • Usage tracking and plan enforcement
     

  • Service-related communications (including receipts, important updates, or support responses)
     

We use Google Workspace to manage email communications. We do not operate a CRM system at this time.

Payment Information
If you subscribe to a paid plan, payment information is collected and processed by our payment processor, Stripe. We do not have access to your full credit card details. We retain limited subscription-related identifiers (such as Stripe customer IDs, subscription IDs, subscription status, and billing period information) solely for billing, account management, and service access control.

Voluntary Correspondence
If you voluntarily send us information via email or other support channels (including file contents), we use that information only to respond to your request. Such correspondence is retained only as long as necessary to address the inquiry or for recordkeeping purposes consistent with applicable law.

 

B. Information We Collect Automatically

Usage Information (Metadata Only)
We log limited metadata about use of the Service, such as request timestamps, number of references processed, aggregate outcome counts (for example, how many DOIs were resolved), and service usage statistics. We do not log or store the original textual contents of uploaded reference lists.

This metadata may also include non-identifying processing outcomes (such as match confidence levels or resolution status) used to ensure service reliability and prevent erroneous enrichment.

Internal Identifiers
For authenticated users, we generate and store internal identifiers that are associated with an account and used to support billing reconciliation, service auditing, abuse prevention, and support investigations. These identifiers are not meaningful outside our systems and are not disclosed publicly.

Access to account records containing these identifiers is restricted to authorized personnel and protected by technical and organizational security controls. These identifiers are not used for advertising, profiling, or marketing purposes.

IP-Based Rate Limiting
For anonymous or unauthenticated usage, we may process IP addresses in a hashed or transient form to enforce rate limits, prevent abuse, and maintain service security. These mechanisms are designed to avoid storing raw IP addresses in persistent user records.

Derived Bibliographic Metadata and Tags
As part of the enrichment process, the Service may derive and normalize bibliographic metadata from uploaded references, such as DOI, title, authors, journal, publication year, and similar citation fields.

In addition, the Service may derive structured or “tagged” fields (such as topical classifications, population indicators, methodological labels, or study-type descriptors) based on reference metadata. These derived fields are generated programmatically to support internal enrichment processes, filtering, analytics, and service functionality.

 

Derived metadata and tags do not include the original uploaded reference text and are not intended to be used to reconstruct a user’s original file or reference list.

Unmapped Citation Information

If uploaded reference text contains information that cannot be reliably recognized or verified, the Service may return that information in the output for your review. Such information is treated as non-authoritative and is not retained by the Service after results are delivered.

Cached Metadata (Performance Cache)
To improve performance and reduce redundant external queries, we may retain derived bibliographic metadata and associated tags in a performance cache. This cache does not store original uploaded file content and is periodically reviewed.

Cached records may include non-identifying, privacy-preserving fingerprints (such as cryptographic hashes) derived from normalized bibliographic metadata, along with outcome indicators (for example, whether a reference was resolved or not).

These cache entries do not store raw uploaded reference text or original file contents and cannot be used to reconstruct a user’s submissions.

Cached entries reflecting unresolvable or low-confidence outcomes may be retained only temporarily and expire automatically after a short period.

Service Performance Data (Telemetry)
We collect limited operational performance and error data to monitor, secure, and improve the reliability of the Service. This data may include request timing information, error signals, and high-level system diagnostics.

Telemetry data is processed within our own cloud infrastructure and/or through trusted infrastructure and observability service providers. This data is used solely for service monitoring, debugging, performance optimization, and security purposes, and is not used for advertising or marketing.

We may update or change the specific tools or providers used for service observability over time as the Service evolves.

 

3. Website Cookies

Our website uses only essential cookies required for core functionality, such as security features and (if enabled) member login sessions via Wix. We do not use advertising cookies or third-party marketing or analytics trackers.

 

4. How We Use Your Information

We use collected information for the following purposes:

  • To provide and maintain the Service, including processing uploads and returning enriched results
     

  • For billing and account management, including managing subscriptions and enforcing plan limits
     

  • For security and abuse prevention
     

  • To improve the Service, including monitoring performance and diagnosing issues
     

  • For communication, including responding to inquiries and sending important service-related notices
     

 

5. Data Sharing and Third Parties

We do not sell personal data. We share information only as necessary to operate the Service.

A. Academic Indexing Services (Core Functionality)
To resolve publication metadata, we may send reference metadata (such as title, author, and publication year) to third-party scholarly services, including:

  • Crossref
     

  • OpenAlex
     

B. Advanced Enrichment Using Language Models
 

We may use third-party language model providers to assist with citation parsing and bibliographic enrichment. This may include transmitting citation strings or portions of uploaded reference files (such as .docx or .txt content) when necessary to perform parsing or enrichment tasks.

Requests to language model services are made via API and are configured to disable storage or reuse of submitted content where supported (for example, by explicitly opting out of content storage and training). We do not opt in to the use of submitted inputs or outputs for model training or product improvement.

Uploaded files are processed transiently and are not retained by us after processing is complete, as described in this Privacy Policy. Any temporary processing or short-term retention performed by a language model provider is limited to service operation, abuse prevention, or legal compliance in accordance with that provider’s published API data-use policies.

We do not authorize language model providers to associate submitted content with individual user identities or to use such content for purposes unrelated to providing the requested enrichment functionality.

C. Service Providers
We use the following service providers:

  • Wix (website hosting and member login functionality)
     

  • Google Cloud Platform (hosting and infrastructure, including Firestore and BigQuery)
     

  • Google Workspace (email communication)
     

  • Stripe (payment and subscription processing)
     

We may use additional infrastructure, security, or observability service providers as the Service evolves, provided such providers process data solely on our behalf and in accordance with this Privacy Policy.

6. Data Retention

We retain information only for as long as necessary to provide the Service and for legitimate business or legal purposes.

  • Uploaded file content is processed in memory and not retained after processing is complete
     

  • Derived bibliographic metadata and tags may be retained in a performance cache for efficiency
     

  • Account information is retained while the account remains active
     

  • Usage and audit metadata is retained for limited periods for security, abuse prevention, billing reconciliation, and monitoring
     

 

7. Security

We implement technical and organizational safeguards, including:

  • Privacy-preserving techniques for IP-based rate limiting
     

  • Secure infrastructure hosted on Google Cloud Platform
     

  • Encryption in transit using TLS
     

  • Access controls limiting data access to authorized personnel only
     

 

8. Children’s Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13 years of age.

If you believe that a child under 13 has provided us with personal information, please contact us at legal@aureliuscanon.com, and we will take appropriate steps to delete such information.

 

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, or request deletion of personal data we hold. To make a request, contact us at legal@aureliuscanon.com from the email address associated with your account (or provide sufficient verification). We will honor requests where feasible, subject to legal retention obligations.

 

10. Legal Bases for Processing (EEA/UK)

Where applicable, we process personal data under the following legal bases:

  • Contract, to provide the Service you request
     

  • Legitimate interests, to secure, maintain, and improve the Service
     

  • Consent, where required by law
     

 

11. International Data Transfers

Our service providers may process data in jurisdictions outside your country of residence. Where required, appropriate safeguards are used.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date. Material changes may be accompanied by additional notice.

 

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

legal@aureliuscanon.com

bottom of page