arbiter
JournalsFor lecturersFor business schoolsFor procurement

Privacy Notice — last updated April 2026

What Arbiter collects — and what we do with it.

Arbiter is a pre-launch beta. This notice describes what data we collect, why, and how long we keep it. It is written for the small group of people testing the product right now, not for a GDPR-certified production service. If you have questions, email privacy@arbiter.ac.

What we collect

Account email. Used to send your sign-in code and, if you upgrade, billing receipts. Never sold or shared with marketers.

Query text. The research questions you type. Stored so you can revisit them and so we can improve search quality. Query text is never sent to Sentry (our error-monitoring service) — error reports are scrubbed before they leave your browser or our servers.

Search results and opened papers. The list of paper IDs returned for each search, plus the paper IDs you open from that search. Stored alongside your query for permalinks, search history, and account replay.

Behavioral events. Structured records of actions you take: starting a search, sharing a link, saving a search. Each record includes a timestamp, your session ID, and an anonymised IP hash. These power the product-fit signals we use to decide whether to open the product more broadly.

IP hash. A one-way hash of your IP address, used only to enforce the daily search limit for signed-out users. We store the hash, not the raw IP. We do not use it to identify you.

Why we collect it

  • To deliver the product — sign-in, search history, permalinks.
  • To improve search quality — understanding what queries fail or produce thin results.
  • To measure product fit — the four signals that tell us whether the product is working well enough to open to more people.
  • To enforce fair-use limits — daily search quota and rate limiting.
  • Security — detecting abuse and protecting other testers.

How long we keep it

Behavioral events: 90 days. Automatically and permanently deleted by a daily job.

Search rows (query text + result IDs): indefinite by default, anonymised after 180 days — meaning the link between a query and your account is removed, but the query text itself is retained for corpus analysis. You can request earlier deletion.

Account data (email, tier, saved searches): until you delete your account or request deletion via email.

Permalinks are public

When you use the share button, Arbiter copies a URL to your clipboard. That URL is readable by anyone who has it — they don’t need an Arbiter account. Don’t share queries you wouldn’t want a stranger to see. This is how permalinks work everywhere, but we want you to know it explicitly.

Who we share it with

No third-party analytics. Behavioral events are stored in our own database — not sent to PostHog, Mixpanel, Google Analytics, or any other analytics vendor.

Sentry (error monitoring): error reports may include page URLs and browser metadata. Query text, email addresses, and auth tokens are stripped before any error report is sent.

Resend (transactional email): your email address is shared with Resend to deliver sign-in codes and billing receipts. Resend does not use your address for marketing.

Stripe (payments, if you upgrade): name and payment information. Arbiter does not store card numbers.

Supabase (infrastructure): all data at rest is stored on Supabase-managed Postgres. Supabase is a sub-processor under standard data-processing terms.

Your rights

You can request deletion, export, or correction of any data we hold about you. In v1.0 this is a manual process — email privacy@arbiter.ac with your account email address in the subject line. We will respond within 5 business days.

Deletion cascades across searches, saved searches, behavioral events, and beta grant records. Account email is removed last, after we confirm the request.

A note on jurisdiction

Arbiter is a pre-launch beta operated by Opus Vita. It is not a GDPR-certified production service. Testers in the EU or UK should use their own judgment about what research questions they submit during the beta period. We take data minimisation seriously regardless of regulatory jurisdiction.

Questions? privacy@arbiter.ac · Methodology · Coverage