This page explains how HotCRP.com uses the data you provide and how you can control that use. The open-source HotCRP software also runs on sites we don’t manage; this policy applies only to sites with domains ending in “.hotcrp.com”.
(Updated 2020-08-24)
The HotCRP.com service handles the submission and review of artifacts, such as scientific and engineering publications. In most cases, HotCRP.com does not own the data you provide. Rather, we broker that data on behalf of scholarly societies, such as ACM and USENIX; on behalf of conference review boards; and on behalf of other site managers. We store:
Submission artifacts, including submissions (such as PDFs), metadata (such as titles and author lists), and supplementary information (such as topics and other uploaded files).
Review artifacts, including reviews, discussions, and associated uploaded files.
Configuration settings used by site managers to configure a site.
Profile data, such as user names, affiliations, email addresses, topic interests, and review preferences.
Demographic data, such as user gender identity and approximate age.
Browsing data, such as logs of which sites a computer has accessed.
Submission and review artifacts: When you submit artifacts to a HotCRP.com site, you give that site’s managers (e.g., the program chairs) permission to store and view those artifacts indefinitely. You give the site managers permission to distribute the artifacts at their discretion, for review or other purposes. Finally, you give HotCRP.com permission to process the artifacts and to store them indefinitely.
Site managers control who can access artifacts, and HotCRP.com doesn’t share artifacts except as site managers allow. However, we may publicize aggregate information that cannot be traced to any site or user, such as total submission counts across all sites.
If an artifact was submitted in error, you can request its permanent deletion. Such requests should be directed to the relevant site managers (e.g., program chairs).
Configuration settings are stored by HotCRP.com indefinitely. Site managers may request the deletion of a HotCRP.com site, if allowed by their site agreements with HotCRP.com. This will delete all associated site data, including submission and review artifacts.
Profile data is stored in several ways.
Every HotCRP.com user has a global profile, which includes name, email, and affiliation, and other information.
Upon submitting an artifact to a HotCRP.com site, a user gains a site profile for that site. This generally contains the same information as the global profile, but it can differ. (For example, changes to a global user affiliation only affect future site profiles.)
Users can update their profiles at any time. A site manager can also create a profile for a user, for example by inviting them to join a conference program committee. Contact us if you want your global profile deleted and your site profiles disabled.
Demographic data is stored in user global profiles, and can only be modified by users themselves (never by site managers). Users control what demographic data is stored and how demographic data is shared using the Profile > Demographics tab on any HotCRP.com site. Information shared only with scholarly societies is provided directly to those societies and cannot be accessed by site managers. Information that is explicitly shared with site managers may also be analyzed by HotCRP.com, but will be published only in aggregate, such as in terms of percentages of active HotCRP.com users.
Browsing data is stored for up to a month and per-user browsing data is never shared. We may store and share aggregate information such as total page loads. Misbehavior, such as denial-of-service attacks and attempts to crack a user’s password, may be publicized and may be preserved indefinitely.
If you have any questions about our privacy policy, contact us.