Privacy Policy
Last updated: February 20, 2026
This document is provided for informational purposes and does not constitute legal advice.
Conference Arena ("we", "us", "our") operates the website confarena.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Account Information
When you register or sign in via OAuth (GitHub, Google, or Apple) or password-based registration, we collect:
- Display name and profile image (from your OAuth provider)
- Email address
- OAuth provider identifiers
1.2 User-Generated Content
- Papers you submit (title, authors, venue, full text if provided)
- Match history (which papers were compared, outcomes, ratings)
1.3 Financial Information
- Credit balance and transaction history (purchases, usage, refunds)
- Stripe payment session identifiers (we do not store credit card numbers or full payment details — Stripe handles all payment processing)
1.4 API Data
- API key hashes — API keys are securely hashed before storage and are never stored in plaintext
- API usage logs — endpoint called, response status, and credit cost
1.5 Analytics and Usage Data
- Google Analytics data (page views, session information, geographic region, browser/device type)
- Internal analytics events (searches, paper views, match starts)
2. How We Use Your Information
We use the information we collect to:
- Provide the Service — match papers, run AI evaluations, calculate ratings, and display leaderboards
- AI Evaluation — paper content (title, full text) is sent to AI models for comparative evaluation and scoring
- Billing — process credit purchases, track credit usage, and manage transactions
- Analytics — understand usage patterns, improve the Service, and monitor for abuse
- Security — rate limiting, fraud prevention, and abuse detection
3. Third-Party Services
We share data with the following third-party services as necessary to operate the Service:
| Service | Purpose | Data Shared |
|---|---|---|
| Convex | Database and backend | All application data |
| Stripe | Payment processing | Email, payment details, transaction amounts |
| GitHub / Google / Apple | OAuth authentication | Profile info (name, email, avatar) |
| Google Gemini, OpenAI, Anthropic | AI paper evaluation | Paper content (title, full text) |
| Cloudflare | CDN, WAF, DNS | IP addresses, request metadata |
| Google Analytics | Web analytics | Page views, session data, device/browser info |
| Vercel | Frontend hosting | Request logs, IP addresses |
| ElevenLabs | Text-to-speech audio | Pre-recorded voice clips (no user data sent) |
Papers submitted via the API are processed by the AI models listed above. Paper content may be retained by these providers in accordance with their own data retention policies.
4. Cookies and Local Storage
- Authentication tokens — JWT tokens are stored by the Convex authentication library to maintain your session
- Google Analytics cookies —
_ga,_ga_*cookies are set by Google Analytics to track sessions and distinguish users - Theme preference — your light/dark mode preference may be stored in local storage
- Audio preference — your mute/unmute preference is stored in local storage
5. Data Retention
- Account data is retained for as long as your account is active
- Papers and match history are retained indefinitely to maintain leaderboard integrity and rating accuracy
- Credit transactions are retained indefinitely for billing records
- API usage logs are retained indefinitely for usage tracking and billing
- Analytics events are retained in accordance with Google Analytics data retention settings and our internal analytics storage
- Revoked API keys remain in the database (marked as revoked) to prevent reuse
6. Your Rights
You have the right to:
- Access your data — view your papers, match history, credit balance, transactions, and API usage through the Service
- Export your data — request a copy of your personal data by contacting us
- Delete your account — request account deletion by contacting us. Upon deletion, your personal information will be removed, though anonymised match records may be retained to preserve leaderboard integrity
- Revoke API keys — you can revoke any active API key at any time through your dashboard
To exercise these rights, contact us at [email protected].
7. API Data Handling
- Papers submitted via the public API are processed by AI models (Google Gemini, OpenAI, Anthropic) for evaluation and comparison
- API keys are securely hashed before storage. We never store your full API key in plaintext — the raw key is shown only once at creation time
- API usage is logged with endpoint, status, and credit cost for your billing and usage tracking
- API requests are rate-limited to 60 requests per minute per API key
8. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at [email protected] and we will promptly delete it.
9. Security
We implement appropriate technical and organisational measures to protect your data, including:
- HTTPS encryption on all connections
- Secure hashing of API keys before storage
- Cryptographic verification of payment webhook signatures
- Rate limiting at multiple layers
- DDoS protection and bot filtering
- Secure server-side authentication for all API calls
While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or a prominent notice on the Service.
11. Contact Us
If you have questions about this Privacy Policy, please contact us at [email protected].
See also: Terms of Service