Last updated: June 5, 2026
BioPilot is a browser extension that lets researchers read biomedical papers with reagent risk flags and contribute structured, verified comments. This policy explains what we collect, why, and how we protect it.
What we collect
| Data | When | How it's stored |
|---|---|---|
| Email address | When you register | Stored only as a SHA-256 hash on our server โ never in plaintext. Used solely to send your sign-in (magic) link and recognize returning users. |
| Display name | When you register | Shown next to your non-anonymous comments. |
| ORCID iD & public profile | Only if you link ORCID | Your ORCID iD, public name, and current institution, fetched from ORCID's public API. Used to display verified authorship. |
| Comments, replies, votes | When you post | The content you submit, associated with your account ID. |
| Session token | After sign-in | A signed token kept in your browser's local extension storage to keep you signed in. |
We do not collect your browsing history, the contents of papers you read, or any data from pages where you do not actively contribute.
How we use it
- To authenticate you (passwordless magic-link sign-in).
- To display your comments and, if linked, your verified ORCID identity.
- To prevent spam and abuse through verified, accountable identities.
We do not sell your data, show ads, or use third-party trackers or analytics.
Anonymous commenting
You may post any comment anonymously. When you do, your identity (name, ORCID, institution) is hidden from other users. Your account is still recorded server-side so you can edit or delete your own posts and so we can address abuse โ but it is never displayed publicly.
Data sharing
- ORCID: When you link ORCID, you authenticate directly with ORCID via OAuth. We read only your public record (name, institution).
- No other third parties receive your personal data.
Data retention & deletion
- You can delete your own comments at any time from the extension.
- To delete your account and all associated data, contact us at the email below.
Permissions we request
- storage / alarms โ keep you signed in and complete sign-in in the background.
- identity โ open the ORCID sign-in window (only when you click "Connect ORCID").
- Access to supported journal sites โ to display comments and reagent flags on the paper you're reading. The extension only acts on these sites.
Contact
Questions or deletion requests: fuweiqiang68@gmail.com