Privacy Policy

1. Introduction

Pierian Ltd ("we", "our", or "us"), the company behind Fontis, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with the General Data Protection Regulation (GDPR), UK GDPR, and other applicable data protection laws.

This Privacy Policy explains how and why we process your personal data under UK GDPR. Our legal bases for processing (contract, legitimate interests, and consent where applicable) are set out in Section 5.

2. Data Controller

The data controller responsible for your personal data is:

                    Pierian Ltd

                    Registered in the Isle of Man

                    ICO Registration: R761065

                    Product: Fontis

                    Email: privacy@pierian.uk

                    Website: pierian.uk

UK GDPR Representative

                    UK Representative: Pierian Ltd - UK Office

                    Email: privacy@pierian.uk (for UK GDPR matters)

                    UK residents may contact us regarding data protection matters at the above email address.

Note: While Pierian Ltd is registered in the Isle of Man, we comply with UK GDPR requirements and have appointed a UK representative as required by UK GDPR Article 27. We are registered with the Isle of Man Information Commissioner (Registration: R761065) and ensure the highest standards of data protection for all our users.

3. What Data We Collect

3.1 Beta Program Signup

When you sign up for our beta program, we collect:

Personal Information: Full name, email address
Academic Information: Institution/university name, field of study
Usage Information: Previous bibliography management tools used
Communication Preferences: Whether you wish to receive updates
Technical Information: Signup date and time

                    Beta Program Eligibility:
                    The current beta program is limited to students and researchers affiliated with
                    the University of Exeter. We collect institution information to verify eligibility
                    and ensure our beta testing is conducted with appropriate representation from our
                    target user community. Applicants from other institutions will be contacted if we
                    expand the beta program in the future.
                

3.2 Feedback Submissions

When you submit feedback, we collect:

Email address
Feedback type, subject, and details
Priority rating and satisfaction scores
Submission timestamp

3.3 Software Activation and Usage Data (Beta)

When you download, activate, and use the Fontis beta software, we collect:

Download Tracking:

Download date and time (first download only)
Number of downloads (for support purposes)

Note: We do not collect IP addresses, browser information, or detailed download history. We only track whether you downloaded the installer and how many times, to help with technical support if you encounter issues.

Activation Data:

Device Identifier: A randomly generated unique identifier (UUID) created by the application on first launch. This identifier is stored securely on your device using:
- Windows: Microsoft Credential Manager
- macOS: Keychain Access
The identifier does not contain any personal information or hardware details.
Activation date
Operating system version
License key used for activation

Purpose of Device Identifier: The device identifier is used solely to enforce license terms and prevent unauthorized distribution of beta software. This identifier is randomly generated on your device and cannot be used to identify you personally or access your hardware information. It remains on your device and is transmitted to our server only during activation and validation requests.

Usage Data:

Application usage statistics
Error reports and crash logs
Feature usage patterns
Performance metrics
System information (OS version, Microsoft Word version)

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Beta Program Administration

Processing your beta program application
Providing access to beta software
Sending confirmation and welcome emails
Communicating updates and important information

4.2 Product Development

Analyzing usage patterns to improve functionality
Identifying and fixing bugs
Developing new features
Understanding user needs and preferences

4.3 Communication

Responding to your inquiries and feedback
Sending product updates (if you opted in)
Providing technical support
Notifying you of changes to our services

4.4 Legal Compliance

Complying with legal obligations
Enforcing our terms and conditions
Protecting our rights and property

5. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

5.1 Contract (or Steps Prior to Entering into a Contract)

Processing is necessary to evaluate your beta application and fulfill our beta testing agreement. This legal basis applies to:

Evaluating your beta application (steps prior to contract)
Verifying your University of Exeter affiliation (eligibility requirement)
Providing beta access and download keys to approved testers
Administering the beta program (download tracking, activation, license enforcement)
Providing technical support
Collecting usage data and feedback necessary for beta testing purposes

5.2 Legitimate Interests

We have a legitimate interest in:

Improving our product through aggregated usage analytics
Preventing unauthorized software distribution
Ensuring security of our systems and preventing abuse
Understanding user needs for product development

We have assessed that these interests do not override your fundamental rights and freedoms.

5.3 Consent

We rely on your freely given, specific, and informed consent ONLY for:

Marketing communications: Sending you updates about Fontis development and public launch (you can withdraw consent and unsubscribe at any time)
Retaining rejected applicant data: If you are not accepted into the beta and you opted in to receive updates, we retain your email address and name for marketing purposes only (you can withdraw consent and unsubscribe at any time)

5.4 Legal Obligation

We must comply with applicable laws and regulations, including responding to lawful requests from authorities.

                    Important Distinction:

                    We do NOT rely on "consent" for beta program administration. The legal basis for evaluating applications,
                    providing beta access, and tracking usage is "contract" (or steps prior to entering into a contract).
                    This means that processing is necessary to provide you with the beta testing service you applied for.
                    
                    Consent is used ONLY for optional marketing communications.

6. Data Sharing

We do not sell your personal data. We may share your information with:

6.1 Service Providers

Third-party service providers who assist us with:

Email delivery services
Cloud hosting and storage
Analytics services
Customer support tools

All service providers are contractually bound to protect your data and use it only for specified purposes.

6.2 Legal Requirements

We may disclose your data if required by law, court order, or government regulation.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK and Isle of Man. We use the following service providers whose servers may be located internationally:

7.1 Data Transfer Locations

United States:
- Google Gmail (email relay services)
- GitHub (Microsoft) - hosts installer files only (no personal data)
European Economic Area:
- IONOS (web hosting) - stores beta signup data
- Microsoft 365 (email hosting) - receives admin notifications

7.2 Safeguards for International Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
Service providers with UK GDPR-compliant data protection commitments
Adequacy decisions for countries with equivalent data protection standards

7.3 Service Provider Commitments

Google (Gmail): Uses Standard Contractual Clauses and maintains robust data protection measures. View Google's Data Processing Terms

IONOS: Complies with UK GDPR through their Data Processing Agreement. View IONOS's DPA

Microsoft (Microsoft 365 & GitHub): Complies with UK GDPR through their Data Protection Addendum. View Microsoft's DPA

Note on GitHub: GitHub hosts only the installer file (software binary). No personal data is stored on or transmitted to GitHub servers. Users download the installer directly from GitHub after their download key is validated on our server.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Retention periods differ based on whether you are accepted into the beta program:

8.1 Rejected Beta Applications

If your beta application is not accepted:

Your data (name, email, institution, field of study, application date) is automatically deleted within 30 days of rejection
Exception: If you opted in to receive product updates (marketing communications), we will retain ONLY your email address and name until you unsubscribe

8.2 Approved Beta Testers

If you are accepted into the beta program:

Beta Program Data: Name, email, institution, application details, download key → Retained for the duration of the beta program plus 18 months for analysis, support, and potential future contact
Device Identifiers: The randomly generated UUID used for license enforcement → Retained for the duration of the beta program and deleted when your beta access expires or upon your request
Download Data: First download date and download count → Retained for the duration of the beta program plus 12 months for support purposes
Activation Data: Hardware ID, activation date, version information → Retained for the duration of the beta program plus 12 months
Feedback Data: Feedback and bug reports you submit → Retained for 3 years to track product improvements and development decisions
Usage Analytics: Aggregated and anonymized usage data → May be retained indefinitely for statistical and product development purposes (anonymized data is not personal data)

8.3 Marketing Communications

Email Communications: If you opted in to receive product updates, your email address and preferences are retained until you unsubscribe or request deletion

                    Early Deletion:

                    You may request earlier deletion of your data at any time by contacting us at privacy@pierian.uk.
                    We will process your request within 30 days.
                

9. Your Rights Under UK GDPR

As a data subject under GDPR, you have the following rights:

9.1 Right to Access

You can request a copy of the personal data we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data under certain conditions.

9.4 Right to Restrict Processing

You can request that we limit how we use your data.

9.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing.

9.7 Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

9.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority (UK ICO or Isle of Man ICO).

To exercise any of these rights:
• Submit a Data Subject Rights Request
• Or contact us at: privacy@pierian.uk

We will respond within 30 days of receiving your request.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest
Access Controls: Limited access to personal data on a need-to-know basis
Secure Storage: Data stored on secure servers with regular backups
Regular Audits: Security measures reviewed and updated regularly
Data Minimization: We collect only necessary data

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

11. Cookies

Our website currently does not use cookies. If we implement cookies in the future, we will:

Update this privacy policy
Obtain your consent where required
Provide clear information about cookie usage
Allow you to manage cookie preferences

12. Children's Privacy

Our services are intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@pierian.uk, and we will delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

Posting the updated policy on this page
Updating the "Last updated" date
Sending an email notification to beta program participants

Your continued use of our services after changes indicates acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: