Privacy Policy and Data Governance Statement
Effective Date: June 12, 2026
Platform: Hed-Core Academic Commons
The Independent Academic Commons is committed to protecting the privacy, identity, and intellectual safety of our global scholarly community. This policy explains how we collect, handle, and secure your personal data in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
- Data Controller & Governance Contact
For the purposes of data protection regulations, the platform infrastructure is managed by the network administrative team. For any data inquiries, erasure requests, or compliance questions, please contact our Data Privacy Liaison via text at: privacy@[yourdomain.com]. - Information We Collect and How We Use It
We limit data collection to the minimum required to verify professional academic credentials and maintain platform security.
2.1 Information You Provide to Us:
Account Basics (All Users): Display name, account username, and professional email address.
Academic Verification Footprints: ORCID iD numbers, external Google Scholar URLs, professional titles, institutional/organizational affiliations, and research fields.
User-Generated Metadata: Text-based abstracts, citation records, and reference keys linked to your repository uploads.
2.2 Information Collected Automatically (System Protection):
Security Logs: IP addresses and basic browser metadata are collected at login. This data is strictly used by our security firewalls (Cloudflare/Akismet) to block malicious traffic, bots, and brute-force attacks from crashing our shared hosting environment. - Data Storage, Security, and Cloud Offloading
To ensure high performance on our server infrastructure, we use a decentralized data pipeline:
Database Isolation: Profile information, forum text posts, and membership registries are stored securely in local, optimized MySQL tables on our host.
Asset Offloading: Any research documents, preprints, or briefs you upload bypass our primary server and are immediately stored in an encrypted external cloud storage bucket.
No Commercial Data Processing: We do not track your browsing history across the web. We do not use third-party marketing trackers or ad pixels. - Data Retention & The 72-Hour Purge Rule
Verified Accounts: We store your profile data for as long as your account remains active on the network.
Unverified/Incomplete Accounts: To keep our databases lean and prevent data hoarding, any registration profile that fails to verify or remains in “Pending” status will be permanently purged from our database after 72 hours. - Your Global Rights (GDPR & CCPA Compliance)
Regardless of your geographic location, the platform extends the following data protections to all registered scholars:
The Right to Know / Access: You can request a clear, text-only export of all personal data points currently linked to your WordPress user profile.
The Right to Correction / Rectification: You can update, change, or clear any custom profile metadata at any time through your account settings dashboard.
The Right to Erasure (“Right to be Forgotten”): Upon receiving a deletion request from your verified account email, we will permanently purge your database records, forum profiles, and delete your associated repository uploads within 14 business days.
Non-Discrimination: We do not, and will never, sell or monetize your professional data. Access to all open research tiers remains equal and free. - Third-Party Links & Integrations
Our network connects directly with trusted academic infrastructure APIs, such as the ORCID Registry and the Zotero Reference Manager. When pulling data from these platforms, your access tokens are handled using industry-standard OAuth protocols and are never stored as raw text in our backend.
If you want to finish the data workflow setup, let me know:
Would you like me to draft the Submission Guidelines and disclaimer text that scholars see right before uploading files?