Privacy Policy

The controllers within the meaning of Art. 4(7) GDPR are:

Dr. Jan Philip Wahle and Lars Kaesberg
Siedlungsweg 24, 37124 Rosdorf, Germany
Email: [email protected]

We are not required to appoint a Data Protection Officer under Art. 37 GDPR and Section 38 BDSG.

We process personal data only to the extent necessary to provide a functional website and the services you request. We do not sell personal data. The following sections describe each processing activity, its purpose, legal basis, and retention period.

Our website and backend services are hosted on servers located in Germany. When you access our site, your browser automatically transmits certain technical data that our web server records in log files:

• IP address of the requesting device
• Date and time of the request
• URL and HTTP method of the request
• HTTP status code returned
• Browser type and version, operating system
• Referrer URL (previously visited page)

Purpose: Ensuring stable operation, security, and abuse prevention.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and reliable operation of the website).
Retention: Server log files are deleted after 14 days unless further retention is required to investigate a specific security incident.

When you use the Citation Verifier or Citation Updater, you may upload PDF files or paste citation text and BibTeX entries. We process the following data:

• Uploaded PDF files, pasted citation text, and BibTeX content
• Extracted bibliographic metadata (titles, authors, DOIs, arXiv IDs, venue information)
• Processing job status, verification results, and generated exports

PDF files are parsed locally using GROBID, which runs on our own servers and does not transmit your data to any external service.

To verify citations, extracted bibliographic metadata (not the full PDF) is sent to external academic data providers (see Section 6 below).

Purpose: Providing the citation checking and updating service you requested.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures at your request).
Retention: Processing jobs and results are stored in our database for 90 days so that result pages and exports remain accessible, after which they are automatically deleted.

The BibTeX Formatter runs entirely in your browser. No data you enter into the formatter is transmitted to our servers.

To verify and enrich citation data, our backend queries the following external services:

• Semantic Scholar (Allen Institute for AI, Seattle, USA)
• OpenAlex (OurResearch, USA)
• Crossref (Crossref, USA/UK)
• PubMed / NCBI (National Institutes of Health, Bethesda, USA)
• arXiv (Cornell University, Ithaca, USA)

Only extracted bibliographic metadata (e.g., paper titles, author names, DOIs, arXiv IDs) is sent to these services. We do not intentionally send full uploaded PDFs or personal data of users to these APIs.

Legal basis: Art. 6(1)(b) GDPR (necessary to provide the service you requested).

The external academic data providers listed in Section 6 are based in the United States. When our backend queries these APIs, our server communicates with servers located in the USA. The transferred data consists of bibliographic metadata, not personal data of users.

To the extent that any personal data is transferred in this process, the transfer to the United States is covered by the EU–US Data Privacy Framework (DPF) adequacy decision of the European Commission of 10 July 2023 (C(2023) 4745). For providers not certified under the DPF, we rely on Art. 49(1)(b) GDPR (transfer necessary for the performance of a contract between the data subject and the controller).

This website stores the following item in your browser's local storage:

• cookie-consent — remembers whether you accepted or declined analytics cookies. This value is set only when you interact with the cookie banner.

This storage is technically necessary to honour the consent choice you expressly made and is exempt from consent under Section 25(2) No. 2 TDDDG.

In addition, if you consent via the cookie banner, Google Analytics sets analytics cookies (see Section 9 below). We do not use advertising or marketing cookies. For details, see our Cookie Policy.

Legal basis (GDPR): Art. 6(1)(f) GDPR (legitimate interest in providing a user-friendly interface) for the consent record; Art. 6(1)(a) GDPR (consent) for analytics cookies.

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics helps us understand how visitors use our website so we can improve its content and usability.

Google Analytics uses cookies and similar identifiers (for example _ga and _ga_<container-id>) to collect information such as:

• Pages visited and actions taken on the site
• Approximate location derived from a truncated IP address
• Device, browser, and operating system information
• Referring URL and session duration

We have enabled IP anonymisation so that IP addresses are truncated within the EU/EEA before being stored, and we have concluded a data processing agreement with Google pursuant to Art. 28 GDPR. Google may transfer data to servers located in the United States.

Purpose: Analysis of website use to improve our services.
Legal basis: Your consent under Section 25(1) TDDDG and Art. 6(1)(a) GDPR. No analytics cookies are set before you accept them in the cookie banner.
Retention: Event and user data retention is set to 14 months in Google Analytics; you can clear the cookies from your browser at any time.
Withdrawal of consent: You can withdraw consent at any time by clearing your browser storage or by using the cookie banner again. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

Third-country transfer: To the extent that personal data is transferred to Google LLC in the United States, the transfer is based on the EU–US Data Privacy Framework adequacy decision of the European Commission of 10 July 2023 (C(2023) 4745), under which Google LLC is certified.

You can prevent Google from collecting and processing this data by installing the Google Analytics opt-out browser add-on available at tools.google.com/dlpage/gaoptout.

If you contact us by email, we process your email address, name (if provided), and the content of your message to handle your inquiry.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures at your request) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).
Retention: Correspondence is deleted once the inquiry is fully resolved, unless longer retention is required by law.

Under the GDPR you have the following rights with respect to your personal data. To exercise any of these rights, contact us at [email protected].

• Right of access (Art. 15 GDPR) — You may request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to rectification (Art. 16 GDPR) — You may request correction of inaccurate personal data.
• Right to erasure (Art. 17 GDPR) — You may request deletion of your personal data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18 GDPR) — You may request that we restrict the processing of your data in certain circumstances.
• Right to data portability (Art. 20 GDPR) — You may request to receive your personal data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR) — You may object to processing based on Art. 6(1)(f) GDPR at any time for reasons relating to your particular situation.
• Right to withdraw consent (Art. 7(3) GDPR) — Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The competent supervisory authority for our operations is:

Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5, 30159 Hannover, Germany
Phone: +49 511 120-4500
Email: [email protected]
Website: www.lfd.niedersachsen.de

You are not legally or contractually obligated to provide personal data to us. However, if you do not provide technical request data (which your browser transmits automatically), you cannot use the website. If you do not submit citation data, you cannot use the Citation Verifier or Citation Updater.

Our citation checking tools use automated processing to parse, verify, and compare bibliographic references. This processing does not constitute automated decision-making within the meaning of Art. 22 GDPR. The results are purely informational and do not produce legal effects or similarly significantly affect you.

We use industry-standard technical and organisational measures pursuant to Art. 32 GDPR to protect your data, including TLS-encrypted connections (HTTPS) for all data in transit, access controls on our servers, and regular security updates.

We may update this privacy policy when our processing activities, infrastructure, or legal requirements change. The current version is always available at this URL. Material changes will be noted with an updated date at the top of this page.