privacy policy

This page explains how uses the data you provide and how you can control that use. The open-source HotCRP software also runs on sites we don’t manage; this policy applies only to sites with domains ending in “”.

(Updated 2020-08-24)

What we store and why

The service handles the submission and review of artifacts, such as scientific and engineering publications. In most cases, does not own the data you provide. Rather, we broker that data on behalf of scholarly societies, such as ACM and USENIX; on behalf of conference review boards; and on behalf of other site managers. We store:

Controlling your information

Submission and review artifacts: When you submit artifacts to a site, you give that site’s managers (e.g., the program chairs) permission to store and view those artifacts indefinitely. You give the site managers permission to distribute the artifacts at their discretion, for review or other purposes. Finally, you give permission to process the artifacts and to store them indefinitely.

Site managers control who can access artifacts, and doesn’t share artifacts except as site managers allow. However, we may publicize aggregate information that cannot be traced to any site or user, such as total submission counts across all sites.

If an artifact was submitted in error, you can request its permanent deletion. Such requests should be directed to the relevant site managers (e.g., program chairs).

Configuration settings are stored by indefinitely. Site managers may request the deletion of a site, if allowed by their site agreements with This will delete all associated site data, including submission and review artifacts.

Profile data is stored in several ways.

Users can update their profiles at any time. A site manager can also create a profile for a user, for example by inviting them to join a conference program committee. Contact us if you want your global profile deleted and your site profiles disabled.

Demographic data is stored in user global profiles, and can only be modified by users themselves (never by site managers). Users control what demographic data is stored and how demographic data is shared using the Profile > Demographics tab on any site. Information shared only with scholarly societies is provided directly to those societies and cannot be accessed by site managers. Information that is explicitly shared with site managers may also be analyzed by, but will be published only in aggregate, such as in terms of percentages of active users.

Browsing data is stored for up to a month and per-user browsing data is never shared. We may store and share aggregate information such as total page loads. Misbehavior, such as denial-of-service attacks and attempts to crack a user’s password, may be publicized and may be preserved indefinitely.

Contact us

If you have any questions about our privacy policy, contact us.