Table of Contents

Zotero Privacy Policy

Overview

Zotero is an open-source project committed to providing the best tool for managing your research. Our philosophy is that what you put into Zotero is yours, and one of our founding principles is to make sure you remain in control of your data and can share it how you like — or choose not to share it at all.

We are an independent, nonprofit organization and have no financial interest in your private information. We fund further development by offering additional online storage space to people who find the software useful, not by selling data.

Data We Collect

Zotero is designed as a local program that saves data to your own computer by default, and it doesn’t require sharing any data with us to be usable. However, some of Zotero’s advanced features require you to supply us with information.

Library Statistics

Zotero anonymizes and aggregates synchronized user and group library data to generate statistics on readership. This anonymized and aggregated data only includes publicly available metadata (e.g., publication title and author). This data is never sold or made available in any forms other than ones offered publicly. We may also use this anonymized and aggregated user information for auditing, research, and analysis to operate and improve Zotero services.

Security of Stored Data

See Security of Zotero Data.

Disabling Automatic Requests

You can disable all automatic communication with Zotero servers from the Zotero and Zotero Connector preferences:

If automatic syncing or automatic translator/style updates are enabled, Zotero will maintain a persistent connection to Zotero servers when it is open in order to provide immediate updates. You can disable this connection by disabling both of those options or by setting extensions.zotero.streaming.enabled to false in the Config Editor.

If you use the Zotero Connector without having Zotero open, the Connector will make a daily request to Zotero servers for information on available site translators. It will then download translators for the sites you visit. For example, if you load a New York Times article, the Connector will download Zotero’s New York Times translator and cache it. If Zotero doesn’t have a translator for a specific site, no request will be made. No information on the specific pages you visit is transmitted, and subsequent requests won’t be made for the same translator until you restart your browser or the translator is updated. You can avoid these requests by keeping Zotero open while you browse the web.

Permissions Warnings

When using third-party platforms, we request the most restrictive permissions available that still allow Zotero to perform its advertised functions. In some cases, the necessary permissions can sound a bit scary, so we want to explain why they’re necessary.

Zotero Connector

When installing the Zotero Connector, your browser will warn you that the extension can “Read your browsing history”, “Access your data for all websites”, or similar. These different wordings all mean the same thing: that Zotero can interact with each page as you browse the web. This is the standard permission that browser extensions that run on all pages require. Zotero uses it to determine what content it can save on a given page and update the save button accordingly, as well as to provide advanced features such as automatic proxy redirection and automatic RIS/BibTeX import. Zotero in no way reads your previous browsing history, and no data about your browsing activity is stored except when you choose to save a page to either your local or online Zotero library.

Google Docs Integration

When you first use Google Docs integration, Google will ask you to grant Zotero Google Docs Integration permission to “See, edit, create, and delete all your Google Docs documents”. The plugin requires this permission to insert citations into your documents. The plugin doesn’t do anything else with your document content and doesn’t access documents other than the ones on which it’s triggered. The integration works entirely locally on your computer, so even when you trigger the plugin on a given document, nothing is sent to Zotero servers.

Storage Purchases

We send two pieces of personal data to our payment processor at the time of purchase:

Zotero does not collect or store your credit card, banking, or other payment information. When you enter your full name, billing address, and account numbers to complete a Zotero purchase, this information passes directly to our payment processor, and it never touches Zotero servers.

Support Interactions

Most Zotero support occurs in the public Zotero Forums. If you would like to remove forum posts you have made, you may clear them yourself at any time, though we encourage you to leave your posts up for the benefit of others. If you’d prefer your forum posts to appear under a different name, you can change your forums username from your account settings.

You may be asked to submit an error report or debug output to help us troubleshoot problems. These reports contain technical information about your computer, such as your operating system and installed browser extensions, and may include incidental personal information such as URLs of sites you visited before or while generating the report. You can review the output of these reports before submitting them. We don’t store any personal information (username, IP address) that links the report to you, and we generally don’t look at reports unless they are referenced by a Report ID or Debug ID in the Zotero Forums. Reports are stored for up to one year.

If you email us, we collect your email address and any other information you provide, and we may store your messages indefinitely to provide context for any future support requests you make.

Third-Party Services Used

Deleting Your Data

You may delete your Zotero account to remove information you voluntarily provided when you registered to use Zotero services and to remove the library data you provided if you chose to synchronize your library with Zotero servers. To delete your account, visit your Zotero settings and click “Permanently Delete Account”.

Backed-up Data

We make regular automated backups of data on our servers to protect against accidental loss of user data. These backups are intended for disaster recovery and would be accessed only in the event of significant data loss. Backups may be retained for up to 6 months.

Legally Compelled Disclosure

We may be legally required to comply with requests for data from law enforcement or government agencies.

Changes

We may update our privacy policies over time. Up-to-date information, including details of new features, will always be available from this page.

Questions

If you have any questions or concerns regarding Zotero’s privacy policies, please ask us in the Zotero Forums or email privacy@zotero.org.