Literia Privacy Policy
Last Updated: July 1, 2026 Effective Date: July 1, 2026
Overview
Literia is a research paper management platform with an associated browser extension, the Literia Web Importer, that helps researchers discover, save, and read academic papers. Our philosophy is simple: what you put into Literia is yours. We built the extension to do one thing — import academic papers into your library — and to collect only what that job requires.
We have no financial interest in your private information. The extension contains no advertising, analytics, telemetry, or tracking of any kind, and we never sell or rent your data. It activates only on academic publisher websites; everywhere else on the web, it stays inert and reads nothing.
This policy describes what the extension and the Literia web application collect, how we use and protect it, and how you stay in control. It lives at a public, persistent URL and is linked from both the Chrome Web Store listing and the extension itself. The data categories below match those declared on the extension's Privacy Practices tab in the Chrome Web Store Developer Dashboard.
Single Purpose
The single purpose of the Literia Web Importer is to let signed-in Literia users import academic papers — their metadata and PDFs — from supported publisher websites into their Literia library. Every permission we request and every piece of data we handle exists to serve that purpose.
Limited Use
Our use of data received through the extension, including any Google APIs, adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements. We use data only to provide the single purpose above. We do not transfer, use, or sell user data for advertising or personalized ads, to data brokers or resellers, or to determine creditworthiness or for lending. We transfer data only as needed to deliver the extension's core function, or where required for security or to comply with law.
Data We Collect
Literia is designed so that most data stays local to your browser, and the extension only communicates with our servers when you actively import a paper. Using Google's data-category vocabulary, the extension handles:
Authentication information. The extension reads a single authentication cookie (auth_token), and only from the Literia domain, to authenticate requests on your behalf. After you sign in, we retrieve your user ID, email, name, and role from the Literia backend to personalize the extension. Your email and name are personally identifiable information.
Website content, on academic pages only. When you visit a supported publisher site — such as arXiv, IEEE, ACM, Springer, Elsevier, or PubMed — the extension extracts the page HTML and URL and sends them to our self-hosted metadata extraction service (a Zotero Translator Server) solely to resolve the paper's title, authors, abstract, and identifiers. The content script includes an early-abort mechanism and only runs on URLs matching known academic domains. On every other website, it reads nothing.
Paper metadata. Bibliographic details — title, authors, abstract, DOI, and other identifiers — are processed and stored to catalog papers in your library. A content-derived paper ID (a hash of title and authors) uniquely identifies papers across the platform.
File content. When you import a paper, the extension may download its PDF from the publisher, hold it briefly in the browser's Cache Storage API for transfer between components, then upload it to the Literia backend for processing and storage.
Locally cached data. Authentication status and profile data are cached in Chrome session storage (cleared when the browser closes; 5-minute and 2-minute TTLs respectively). Resolved paper metadata is cached via Chrome local storage and an in-memory cache (2-minute TTL), with a garbage-collection routine that runs every 24 hours to remove stale entries.
Diagnostic data, kept local. The extension writes execution logs to the browser developer console for debugging. These logs never leave your browser and are never transmitted to us.
What We Do Not Collect
We do not collect your general browsing history or web activity — the extension only ever acts on supported academic domains. We do not read your emails, messages, or other communications; collect payment or financial information; record keystrokes or form inputs; or touch any data on non-academic websites.
Permissions Warnings
Browser extensions sometimes request permissions whose wording sounds alarming. Because we want you to understand exactly why each one is needed, here is a plain-language explanation.
When you install the extension, your browser may warn that it can "read your data on all websites" (the https://*/* host permission). Academic publishers span a huge and constantly changing set of domains that can't be captured in a fixed list, so the extension needs the ability to run on any page. In practice, it checks the URL and immediately stops on anything that isn't a recognized academic publisher — it reads page content only on those sites, and only to identify the paper you're importing. No browsing activity is stored except when you choose to save a paper.
The extension also requests permission to observe and modify network requests (webRequest, declarativeNetRequest) and, in some cases, to use Chrome's DevTools Protocol (debugger). These exist for one reason: some publishers block ordinary download methods with bot-detection, and these mechanisms let the extension capture a PDF you're importing and set the correct request headers (like Referer) so the download succeeds. They are not used to inspect, block, or alter your general browsing.
The remaining permissions are narrow and purpose-specific: cookies reads the Literia auth cookie; storage caches metadata locally; activeTab and scripting extract HTML from the page you're on; downloads enables PDF saving; webNavigation detects in-page navigation on academic sites; tabs supports the PDF fallback window; alarms schedules cache cleanup; and contextMenus adds a right-click "Add to Library" option.
How We Store and Protect Your Data
In your browser, caches live in Chrome session storage (cleared when the session ends), Chrome local storage (garbage-collected every 24 hours), the Cache Storage API (PDFs consumed and removed after transfer), and volatile in-memory caches (cleared when the service worker stops).
On our servers, metadata is stored in PostgreSQL and PDFs in S3-compatible object storage, protected by access controls and encrypted in transit via HTTPS/TLS using modern cryptography. Authentication uses JWT-based tokens, with cookies scoped to the Literia domain under a SameSite=Lax policy. API keys, passwords, and secrets are managed through environment variables and are never embedded in the extension.
Third-Party Services Used
The extension sends data only to services we operate ourselves, on our own infrastructure — never to external third parties. Your paper metadata, PDFs, and auth tokens go to the Literia Backend API for matching, library management, and PDF processing. Page HTML and URLs from academic pages go to our self-hosted Zotero Translator Server for metadata extraction. That's the full list.
Data Retention
Session and profile caches persist only until your browser session ends (5-minute and 2-minute maximums). Locally cached paper metadata is retained for 24 hours before automatic garbage collection. PDF transfer caches are consumed immediately after use, with any residue cleaned on the next cycle. On the server side, your paper data is kept in your account until you delete it, and auth tokens are subject to a token-expiration policy.
Deleting Your Data
You stay in control of your data. You can view your entire library in the Literia web application, delete individual papers, or permanently delete your account and its server-side data. To clear locally cached extension data, remove the extension or clear Chrome's storage for it. Uninstalling the extension via chrome://extensions/ stops all data collection by the extension immediately, and signing out of the web application prevents the extension from accessing your account.
Your Rights
If you are in the European Economic Area, you have the right to access, correct, erase, restrict processing of, and port your personal data, and to object to processing. If you are a California resident, you have the right to know what personal information we collect and how it's used, to delete it, to opt out of its sale (we do not sell personal information), and to non-discrimination for exercising these rights. To exercise any of these rights, contact us at the address below.
Children's Privacy
Literia is not intended for children under 13, and we do not knowingly collect personal information from them. If we learn we have, we will delete it promptly.
Legally Compelled Disclosure
We may be legally required to comply with requests for data from law enforcement or government agencies.
Changes
We may update this policy over time. When we make significant changes, we will update the "Last Updated" date above and, where appropriate, notify you through the extension or the web application. Up-to-date information will always be available on this page.
Questions
If you have any questions or concerns about this policy or your data, email us at manhdung.nguyen@cazoodle.com.
This Privacy Policy applies to the Literia Web Importer Chrome Extension (version 1.0.0 and later) and the Literia web application.