Last updated: May 2, 2026 · Effective date: March 22, 2026
arXscope is a research discovery tool that helps academics find recent arXiv preprints related to their work.
Data controller: arXscope, Luxembourg, Luxembourg
Contact: [email protected]
When you create an account, we collect your email address and a hashed password (or a Google OAuth token if you sign in with Google).
Why: To identify you, allow you to log in, and associate your saved papers and bookmarks with your account.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
Your PDF is processed on our servers and deleted immediately after your results are ready. We do not store it, and nobody — including the arXscope team — can access it once the upload is complete.
Why: To perform the search that is the core function of the service.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
If you save a paper or create a bookmark, we store the arXiv paper ID, title, abstract, and any notes you add.
Why: To display your saved items when you return.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
Papers displayed in search results may include contact email addresses extracted from the corresponding arXiv PDF. These are publicly available on arXiv. We store them solely to display paper metadata. These emails are never used for marketing, outreach, or any purpose other than display.
Why: To help researchers identify and contact paper authors.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).
When you run a search, we create a temporary session containing the ranked list of result IDs. Sessions are automatically deleted after 24 hours.
Why: To allow pagination of search results without re-running the search on every page load.
Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
Your IP address is processed on each request for rate limiting to prevent abuse and ensure fair access for all users. We do not store IP addresses in our database beyond what is retained in server logs by our infrastructure providers.
Why: To protect the service from abuse.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).
If an unhandled error occurs, technical error data (stack trace, request path, HTTP status code) is sent to Sentry. We do not send your email address or IP address to Sentry.
Why: To detect and fix bugs.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).
We collect usage data including pages visited, features used, and session recordings to understand how the product is used and improve it. This data is processed by a third-party analytics provider on EU servers and retained for 1 year.
Why: To improve the service.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)).
If PDF extraction fails, you may choose to send us your file by email to help us improve. This is entirely optional and only happens if you click Share with us and send the email yourself. PDFs submitted this way are used solely to diagnose and fix extraction issues and are deleted after review. We will not share them with third parties or use them for any other purpose.
Why: To improve our PDF extraction for file formats that currently fail.
Legal basis: Consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time by emailing [email protected] and requesting deletion.
We use one type of cookie: an authentication session cookie set by Supabase when you log in. This cookie is strictly necessary to keep you logged in and cannot be opted out of while using an authenticated account.
We also use a cookie set by our analytics provider to maintain session continuity for usage tracking (Section 2.8). We do not use advertising cookies or tracking pixels.
We do not sell your data. We share data only with the following service providers to operate the service:
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase | Authentication and database | Email, credentials, saved papers, bookmarks | EU (AWS eu-west-1) |
| Vercel | Frontend hosting | IP address (request logs) | EU edge nodes |
| Render | Backend hosting | IP address (request logs) | EU (Frankfurt) |
| Sentry | Error monitoring | Stack traces, request paths (no email, no IP) | EU (de.sentry.io) |
| HuggingFace | Text embedding generation | Paper title and abstract | EU |
| Cloudflare R2 | Image storage | Paper images (no personal data) | EU |
| PostHog | Product analytics | Usage events, session recordings (no passwords) | EU |
| Brevo | Transactional email | Email address (for alerts and auth emails) | EU |
| Data | Retention period |
|---|---|
| Account (email, credentials) | Until you delete your account |
| Saved papers and bookmarks | Until you delete them or delete your account |
| Search sessions | 24 hours |
| arXiv papers (metadata) | 30 days (rolling window) |
| arXiv paper citation sentence data | 14 days |
| Server logs | As per Render and Vercel policies (typically 30 days) |
| Usage and analytics data | 1 year |
As a resident of the EU/EEA, you have the following rights:
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the Luxembourg data protection authority:
CNPD — Commission Nationale pour la Protection des Données
cnpd.public.lu
We may update this policy as the service evolves. We will update the "Last updated" date at the top and, for material changes, notify you by email. Continued use of the service after changes constitutes acceptance.
For any privacy-related questions or requests:
Email: [email protected]
Response time: Within 30 days