Center for Open Science, Inc. (referred to as "COS", "Open Science Framework", "OSF", "us" "our" and "we") is a nonprofit organization that operates certain websites at the cos.io (or centerforopenscience.org) and the osf.io (or openscienceframework.org) URLs ("Websites" or "Services"). COS conducts research on scientific practices and provides grants for relevant projects. COS fosters an open and interactive community among open-source developers, open-science researchers, and the broader scientific community. We also support and improve the scientific workflow by connecting technologies that researchers use by means of our development and administration of OSF.
Our mission is to increase the openness, integrity, and reproducibility of scientific research and scholarly communication by creating and operating an open-access infrastructure (referred to as "OSF" or the "Framework") to support the entire research lifecycle from planning, execution, reporting, publishing, archiving and discovery. This Privacy Policy applies to contributors of content to, and users of, our Websites and Services.
In this document, we use "you" to refer to researchers and other users of our Websites and Services. We do not collect any personally identifiable information about you when you visit our Websites unless you choose to provide us with that information. We do not collect information from you for commercial marketing or any other purpose unrelated to our purpose. Our goal is to provide you with a personalized online experience that provides you with the information, resources, and services that are most relevant and helpful to you. This Privacy Policy has been written to describe the conditions under which our Websites and Services are made available to you. Our Privacy Policy discusses, among other things, how data obtained during your visits to our Websites may be collected and used. Our Privacy Policy also discusses important limitations to the way you may use materials and services you find on the site. Read the Privacy Policy carefully. By providing affirmative consent, you have accepted the terms of this Policy. If you do not agree to accept the terms of the Privacy Policy, you are directed to discontinue accessing or otherwise using the site or any materials obtained from it.
We protect your personal information using industry-standard safeguards. As described in this Privacy Policy, we may share your information with your consent or as required by law as detailed in this policy, and we will let you know when we make changes to this Privacy Policy by posting changes to the site.
You are asked to provide explicit agreement to the terms of this Privacy Policy in order to use our Websites and Services, to deposit and/or publish your personal information on or through our Websites. Further, we obtain your consent before collecting any personal data. More information on specific privacy settings for Projects is provided in Section 11.
This Privacy Policy applies to the COS Websites located at cos.io and osf.io, including services hosted on osf.io, but operated or moderated by other communities or entities such as universities or scholarly societies. Our privacy practices are based on three levels of openness and privacy, which are set by the Administrator of each Project, namely, public, limited access, and private access. These levels of privacy are described in Section 11 of this Policy.
The process of maintaining a website is an evolving one, and COS may modify and amend this Privacy Policy by posting a new Policy on our Websites. Please review any posted changes to our Privacy Policy carefully. If you agree to the terms, simply continue to use our Websites and Services. If you object to any of the changes to our Privacy Policy, please do not continue to access our Websites or use our Services, as your continued use of our Websites and Services after we have posted a notice of changes to the Privacy Policy shall constitute your consent to the changed terms or practices. Note that any personal data we collect about you is subject to the privacy policy in effect at the time of its collection. And, further, that you have certain rights with respect to that personal data, as described in this Privacy Policy.
COS is committed to protecting the privacy needs of children. COS does not intentionally collect information from children under the age of 16, and COS does not target its sites to children. Only persons who are more than 18 years-old or an emancipated minor may use our Websites and Services. By accessing our Websites and Services, you are legally acknowledging that you are over the age of 18 or an emancipated minor. If you are under the age of 18, you don't have the legal right to access our Websites and Services.
California residents who provide personal information in obtaining products or services for personal, family or household use are entitled to request and obtain from us, once per calendar year, information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information, please email us at contact@cos.io with the subject line "Request for California Privacy Information", we will send you a reply e-mail containing the requested information. Not all information sharing is covered by the "Shine the Light" requirements and only information on covered sharing will be included in our response.
We have implemented industry-standard security safeguards designed to protect the personal information that you may provide. We also periodically monitor our system for possible vulnerabilities and attacks, consistent with industry standards. You should be aware, however, that since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you submit to the site. There's also no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It's your responsibility to protect the security and integrity of your account details, including your username and password. To maintain the security of your information (or another user's personal information that you are authorized to manage as an Administrator), you must keep your username(s) and password(s) strictly confidential and not disclose them to anyone. You will be solely responsible for any action, activities, and access to our Websites and Services that are taken using your username and password and that occurred before you notified us of their loss. If you become aware of any security breach of your password or of the security of the Websites or Services, you must contact us as soon as possible at security@osf.io.
(a) Registration
Unless you are a member of the general public with limited viewing rights, in order to fully use the COS Websites and Services, you will need to create an account by providing us with at least your name, email address, and a password. You can choose to provide other information about yourself in your account profile during the registration process (for example, your organizational or company affiliation, your level of education, location, your job title, professional experience, professional affiliations and memberships, etc.). This information that you voluntarily provide may be seen by other users who view your profile. We collect this information only with your consent.
We use this additional information to customize your experience on this website, and this information may be viewable by others. You understand that, by creating or claiming an account, COS and others within your Project's level of access will be able to identify you by your profile, and you agree to allow COS to use this information in accordance with this Privacy Policy and our Terms of Use. You must follow this link to our Terms of Use in order to understand the terms of your relationship with COS. On some pages of our Websites, you may be able to request information, subscribe to mailing lists, participate in online discussions, collaborate on documents, provide feedback, submit information into registries, register for events, apply for membership, or join committees or working groups. The types of personal information you provide to us on these pages may include your name, address, phone number, e-mail address, user IDs, passwords, or other information that relates to you personally.
(b) Group Participation
We may collect information when you use our Websites, such as when you join and participate in any group, participate in any polls or surveys, or otherwise interact with other users within the community.
(c) Non-Personal Information
Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity COS may collect, analyze, and share aggregated non-personal information to evaluate how visitors use our Websites and Services.
(d) Aggregate Information
COS may collect aggregate information, which refers to information your computer automatically provides us and that cannot be tied back to you as a specific individual. This information can be shared with third parties without restriction. Examples include referral data (the sites you visited just before and just after our site), the pages viewed, the date of your visit, and time spent at our Websites.
(e) Log Files and IP Addresses
We may collect information from the devices and networks that you use to visit the Websites in order to help improve the services we provide, including your Internet Protocol Address (IP Address). An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from one of our sites, our servers log your IP address to create aggregate reports on user demographics, traffic patterns, metascience, and for purposes of system administration. Every time you request or download a file from the site, COS may store data about these events and your IP address in a log file. We may use this information to analyze trends, administer the site, track users' movements, and gather broad demographic information for aggregate use or for other business purposes. When you access or leave our Websites by clicking on a hyperlink, we receive the URL from the site from which you last visited or the one to which you're directed. We may receive the Internet Protocol ("IP") address of your computer or proxy server used to access the site, your operating system, the type of browser you used, and the type of device you use, the Application Programming Interface ("API") you use, or your mobile device carrier or your ISP. We also may receive location data passed to us from third-party services or GPS-enabled devices that you have set up in order to customize your experience based on location information.
(f) Cookies
We use cookies and similar technologies, including mobile device identifiers, to help us recognize you when you log into our Websites and Services. By accessing our Websites, you are consenting to the placement of cookies and other similar technologies in your browser in accordance with this Privacy Policy and our Terms of Use.
Cookies are small packets of information that a site's computer stores on your computer. COS can then read the cookies whenever you visit our Websites. We may use cookies in a number of ways, such as to save the fact that you are logged into the system so you don't have to relogin each time you visit our Websites, to deliver content specific to your interests, and to track the pages you've visited. These cookies allow us to use the information we collect to customize your experience so that your visit to our Websites and your use of our Services are as relevant and as valuable to you as possible. You may modify and control how and when cookies are set through your browser settings. Most browsers offer instructions on how to reset the browser to control or reject cookies in the "Help" section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission.
(g) Web Beacons
Our Websites also may use web beacons and other technologies, such as pixels and javascript tags, to collect non-personal information about your use of our site and the sites you visit, your use of special announcements or newsletters, and other activities. The information collected by web beacons allows us, for example, to statistically monitor how many people are using our Websites; how many people open our emails; and for what purposes these actions are being taken. We do not share personally identifiable information with any third-party advertisers, but we may show you sponsored content from our members and affiliates.
(h) New Technologies
As new technologies emerge, COS may be able to improve our services or provide you with new ones, which means that COS may create new ways to collect information on our Websites. If we offer a new service or new features to our existing Websites, for example, these changes may result in our collecting new information in order to improve your user experience.
If you contact COS, we collect information that helps us categorize your question or report, respond to it, and, if applicable, investigate any breach of our Terms of Use or this Privacy Policy. We also may use this information to track potential problems and trends in order to improve our services to you and to the community as a whole.
Our Websites and Services may provide links to third-party sites for the convenience of our users. If you access those links or third-party add-ons, you will leave our Websites or use the services of another Website. COS does not control these third-party sites and cannot represent that their policies and practices will be consistent with this Privacy Policy or our Terms of Use. For example, other sites may collect or use personal information about you in a manner different from that described in this document. You should be aware that materials available through third-party sites may be protected from unauthorized copying and dissemination by U.S. copyright law, trademark law, international conventions, and other intellectual property laws, and the usage of such materials may be subject to limitations that are more or less restrictive than those expressed herein. Therefore, you should use other sites with caution, and you do so at your own risk. We encourage you to review the privacy policy of any site before submitting personal information.
We may receive information when you use your account to log into a third-party site or application in order to recommend tailored information to you and to improve your user experience on our Websites. We may provide reports containing aggregated impression information to third parties to measure Internet traffic and usage patterns.
In our Privacy Policy and Terms of Use, we use "you" to refer to researchers and other users of the Websites and OSF. We also use the following defined terms:
Project. A "Project" is an individual or collaborative enterprise that also may have embedded within it subproject(s) or "Project components" or "component(s)" of the Project.
Preprint. A “Preprint” is a publicly shared document and associated metadata. Preprints cannot be deleted, but can be withdrawn, leaving behind metadata about the resource.
Registration. A “Registration” is a frozen (uneditable), timestamped version of a Project and/or its Components. Registrations cannot be deleted, but can be withdrawn, leaving behind basic metadata about the resource.
Content. As used in these Terms of Use, "content" means, but is not limited to, any research, data, text, images, software and software code, data sets, information or other materials.
Collection. A “Collection” is a group of content hosted on OSF. Examples include OSF Preprints, OSF Registries, OSF Meetings, and branded community-organized services utilizing OSF infrastructure.
Users. All Users must accept the COS Terms of Use and Privacy Policy.
Administrator. An administrator on a Project or a component is an individual who has full rights to control all aspects of a Project, Preprint, or Registration. An Administrator may create a Project, components of a Project, or Preprint, create and change contributor permissions, identify the legal terms that govern the ownership of the intellectual property in Content deposited into a Project, a Project component, or Preprint or identify the license restrictions governing the use of the intellectual property incorporated into the Project, Project component, or Preprint, control and modify access and privacy settings for the Project and its components, modify license terms for the use of Content, invite other users to contribute to a Project, component of a project, or Preprint, authorize add-ons, namely, software designed to increase the capability of OSF, remove Projects or Project Components from the Websites and Services, create Registrations (i.e. freeze and uniquely identify) of Projects or Project Components, submit content to a third party for review or moderation, and register DOIs (share persistent metadata with a third party). Administrators must have the authority to bind the individual Administrator's business, organization or institution to the COS's Terms of Use and Privacy Policy.
Proxy. A Proxy is a person to whom the Administrator has granted the authority to manage a Project or Project component on his or her behalf, which may include setting and modifying user access, privacy settings, license terms, and editing and depositing Content.
Contributing User. A Contributing User may access, deposit, and edit Content to a Project, Project component, or Preprint.
Active User. An Active User may have select interactive use of the Websites and Services, subject to restrictions imposed by the Administrator.
Passive User. A passive user, including journal editors/reviewers, other scientists, and members of the general public, may use the Websites and Services solely as an information resource without any ability to change or modify any Project content.
Collection Admin. A Collection Admin is an individual who determines content requirements and moderation settings for a Collection and assigns Reviewers.
Reviewer. A reviewer may use the Website and Services to review content submitted to a Collection, provide comment on it, accept or reject its submission to the Collection, and update its metadata as it relates to the Collection.
Public API. An application program interface available to the public to facilitate computer communication with the OSF. Parts or all of the Websites and Services are accessible via various Public APIs, including but not limited to, GitHub, Twitter, Facebook, YouTube, Google Scholar and Google Groups, and LinkedIn.
Privacy Settings. Privacy Settings define whether Project Content may be publicly displayed, displayed with restricted access to a limited group, or private.
Trusted Party. A Trusted Party is an individual or organization to which the Administrator has given the right to view, edit, and/or deposit specific data within a Project or Project component.
Projects, Project components, Preprints, and Registrations can be created by an Administrator. The Administrator may choose whether to designate and make Content public, limited access or private. If an Administrator wishes to send you an invitation to participate in a Project, Project component, Preprint, or Registration, the Administrator or COS will send you an email. Once you accept the invitation, your personal profile information may be made available to others collaborating on the Project, Preprint, or Registration, subject to the specific privacy access restrictions imposed by the Administrator of your Project, Preprint, or Registration.
Public. Content marked as "Public" will be available to the public for viewing and commercial and non-commercial use under the terms of the license identified by the Administrator.
Private. Content marked as "Private" may be viewed through the OSF or Public API only by the Administrator(s), a Contributing User of that Project or Component, anyone with a view-only link created by an Administrator, or any designated Proxy. Private data are not shared with the public, Trusted Parties, or other members of the COS. Only the COS employees and our authorized agents' or contractors' staff, with a "need to know" access to manage the Websites and Services and process data for the COS are able to view Private Access Data.
Embargoed. Content marked as “Embargoed” may be viewed through the OSF or Public API only by the Administrator(s), a Contributing User of that Project or Component, anyone with a view-only link created by an Administrator, or any designated Proxy ("Private"), until the Embargo date has passed, at which time the content will be made Public automatically.
Limited Access. Content marked as "Limited Access" may be viewed through our Websites and Services by the Project Administrator, a Proxy, a Contributing User, an Active or Passive User, and a Trusted Party, subject to the restrictions imposed by the Administrator.
Under Review. Content submitted to services using OSF Reviews may be “Private,” yet available to designated Reviewers of the service for viewing and accepting or rejecting.
If an Administrator changes the privacy settings of a Project, those changes will be applied prospectively. For example, if an Administrator changes a privacy setting from "Public" to "Private" or "Limited Access", there is no way for COS to restrict people who have previously viewed or downloaded the previously publicly accessible Content from using it.
When you register with COS, you acknowledge that information you provide on your membership profile may be seen by others and used by COS as described in this Privacy Policy and our Terms of Use.
(a) Consent to COS to Use Personal Information
COS may use personal information you supply to provide services that support the activities of the organization, its members, and their collaboration on Projects: contacting users, understanding aggregate usage of the site, and tailoring services. When accessing the Websites, your personal user information may be tracked by COS in order to support collaboration, ensure authorized access, and enable communication between collaborators.
The personal information you may provide to COS may reveal or allow others to discern aspects of your life that are not expressly stated in your profile (for example, your picture or your name may reveal your gender). By consenting to provide personal information to us when you create or update your account and profile, you accept and agree to our processing of your personal information in ways set out by this Privacy Policy. Supplying information to us, including any information deemed "sensitive" by applicable law, is entirely voluntary on your part. You may withdraw your consent to COS's collection and processing of your information by changing or closing your account, as more fully described in this Privacy Policy.
(b) Communications from COS
We use the information you provide to customize your experience on the site. We may communicate with you using email or other means available to us regarding the availability of services, service-related issues, or announcements that we believe may be of interest to you. We may, for example, send you welcome messages and emails regarding new features or services, and promotional information from COS. You may opt out of receiving promotional messages from COS by following the instructions contained in the email. As long as you're a registered user, however, you can't opt out of receiving service messages from us. COS may also use personal information in order to customize content on the site to you, such as news relevant to you or to your industry or company.
(c) Communications from Others
Personal contact information may be provided to other members of a Project on a secure site to encourage and facilitate collaboration, research, and the free exchange of information. Please remember that any information (including personal information) that you disclose on the public sections of our Websites, such as forums, message boards, and news groups, becomes public information that others may collect, circulate, and use. Because we cannot and do not control the acts of others, you should exercise caution when deciding to disclose information about yourself or others in public forums such as these.
(d) Sharing Information with Third Parties
COS may share your personal information with our vendors, agents or contractors, such as a vendor that may host COS's servers, but only on a "need to know" basis to help us operate our Websites and Services. You can read a list of these third parties here. By providing us with your personal information during the user registration process and by agreeing to the terms of this Privacy Policy, you expressly consent to our storing, processing, and distributing your information for these purposes.
Information you put on your profile and any messages or comments you post on the public areas of our Websites may be seen by others. In keeping with our open process, COS may maintain publicly accessible archives of Projects for which the privacy level is designated as or amended to "Public" by the Administrator. In addition, should you post a comment or send an email to any of COS's hosted mail lists or discussion forums, subscribe to one of our newsletters or register for one of our public meetings, your email address may become part of the publicly accessible archives.
Information on our Websites may result in display of some of your personal information outside of COS. For example, when you post messages or comments that are open for public review and/or discussion, your profile information, including your name as the contributor and your email address, may be displayed in public search-engine results. Similarly, if you post to public areas of our Websites using a Public API such as Twitter, Facebook, or Google Groups, your account profiles associated with these third-party products may be displayed to the public. Your public profile also may be indexed and displayed through public search engines when someone searches for your name on our Websites.
You are responsible for any information you post on our Websites, and, subject to our Terms of Use and Privacy Policy, this information may be accessible to others. Accordingly, you should be aware that any information you choose to disclose on our Websites or Services may be read, collected, and used by other users within COS, and in the case of Projects and forums open to the public, by third parties. COS is not responsible for the information you choose to submit on our Websites.
COS does not rent or sell or otherwise distribute personal information that you have shared with us, except as permitted in this Privacy Policy and our Terms of Use. We will not disclose personal information that is associated with your profile unless COS has a good-faith belief that disclosure is permitted by law or is reasonably necessary to: (1) comply with a legal requirement or process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (2) investigate and enforce this Privacy Policy or our Terms of Use; (3) respond to claims of a violation of the rights of third parties; (4) respond to member service inquiries; (5) protect the rights, property, or safety of COS, our users, or the public; or (6) as part of the sale of the assets of COS or as a change in control of the organization or one of its affiliates or in preparation for any of these events. COS reserves the right to supply any such information to any organization into which COS may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of the organization's mission. Any third party to which COS transfers or sells its assets will have the right to use the personal and other information that you provide in the manner set out in this Privacy Policy.
COS may store and process personal information on servers or on a cloud located outside of the country where you originally deposited data. The data-protection laws of the country or countries where this personal information will be stored or processed might not be as comprehensive as those in your country. If you are unsure whether this Privacy Policy is in conflict with applicable local rules, you should not submit your information. If you are located within the European Union, you should note that your information will be transferred to the United States, which is deemed by the European Union to have inadequate data protection. By using our Websites and/or directly providing personal information to us, you hereby agree to and acknowledge your understanding of the terms of this Privacy Policy, and consent to have your personal data transferred to and processed in the United States and/or in other jurisdictions as determined by COS, notwithstanding your country of origin, or country, state, and/or province of residence.
This Privacy Policy is governed in all respects by the laws of the Commonwealth of Virginia, excluding that state's conflicts of laws provisions. Any action or proceeding arising out of or related to this Policy or your use of the Websites or Services must be brought in the state or federal courts of the Commonwealth of Virginia, and you consent to the exclusive personal jurisdiction and venue of such courts. Any cause of action you may have with respect to this Policy or your use of the Websites or Services must be commenced within one (1) year after the claim or cause of action arises.
You may access, modify, correct, or delete your personal information controlled by COS regarding your profile, and you may close your account. You can also contact us for any account information which is not on your profile or readily accessible to you. If you close your account, some or all of your profile information may continue to remain visible on the Websites.
You should be aware that information that you've shared with others or that others have copied may also remain visible after you have closed your account or deleted the information from your own profile. In addition, you may not be able to access, correct, or eliminate any information about you that other users have copied or exported out of the Websites, because this information may not be in our organization's control. Your public profile may be displayed in search engine results.
From time to time COS may email you electronic newsletters, announcements, surveys, or other information unrelated to any Project. If you prefer not to receive any or all of these communications, you may opt out by following the directions provided within the electronic newsletters and announcements. COS also may conduct polls and surveys of our users, and your participation in this type of research is at your sole discretion. COS may follow up with you regarding your participation in this research. You may at any time opt out of participating in these polls and surveys.
Further, COS may send you occasional Service-related emails that you may not opt-out of (e.g. changes or updates to features of our Services that have security or privacy implications, technical and security notices, account verification).
We will keep your personal information for as long as your account is active or as needed to comply with our legal obligations, even after you've closed your account, such as to meet regulatory requirements, resolve disputes between users, to prevent fraud and abuse, or to enforce this Privacy Policy and our Terms of Use. We may be required to retain personal information for a limited period of time if requested by law enforcement. We also may retain indefinitely non-personally identifiable, aggregate data to facilitate our ongoing operations.
If you are a resident of or are located in the European Economic Area (“EEA”), you may have certain rights under the General Data Protection Regulation (“GDPR”). Personal data you provide is only collected with your consent, and may be transmitted outside of the EEA to COS (or computer servers maintained for the benefit of COS) pursuant to that consent.
In general, under the GDPR you may:
- request access to your personal data
- have incomplete or incorrect data corrected
- have your personal data deleted
- suspend or restrict our use of your personal data, or withdraw your consent
- request a copy of your personal data
- complain to a supervisory authority if you believe your rights under the GDPR are not being respected
Should you request a copy of your personal data, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. Should you request the deletion of your personal data, COS will generally do so as soon as practicable, although your right to have your personal data deleted is subject to exceptions, such as, for example, compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
If you consider that our processing of your personal information infringes data-protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Contact COS at support@osf.io if you have concerns regarding your personal data, or wish to exercise any of these listed rights.
Note that, if you are in the EEA, we may transfer your personal data outside of the EEA, including to the United States. By way of example, this may happen if your personal data is transferred to our servers located in a country outside of the EEA. These countries may not have similar data-protection laws to the EEA. By submitting your personal data, you’re agreeing to this transfer, storing, or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
Questions about this Privacy Policy can be directed to support@osf.io. Support is provided in English only.
This Privacy Policy was last updated on May 24, 2018.