SCC Privacy Policy

system · July 9, 2025, 5:43pm

Privacy Policy

Effective Date: July 9, 2025

Specify Collections Consortium (“SCC”, “we”, “us” or “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard data when you:

Visit our main website (https://www.specifysoftware.org)
Use the Specify 7 web application
Subscribe to our Specify Cloud hosting service
Explore the Specify Web Portal(s)
Participate on our Discourse forum (https://discourse.specifysoftware.org)

This policy applies to all these services collectively (“Services”).

1. Information We Collect

When you interact with our Services, we may collect:

Account information you provide, such as name, email address, institution name, and login credentials when you register or subscribe.
Usage data, including pages or screens viewed, feature usage in the Specify application, and timestamps.
Technical data, such as IP address, browser or device type, operating system, referring pages, and error logs.

We never collect protected health information (PHI), payment card data (PCI DSS), or other highly sensitive personal data.

2. Cookies and Similar Technologies

To improve your experience, we use cookies and similar technologies:

Session cookies to keep you logged in during a visit.
Preference cookies to remember settings like language or display options.

You may disable or delete cookies via your browser settings, though some features of our Services may no longer function as intended.

3. No Advertising and No Data Sharing

We do not display any advertisements on our Services. We do not sell, rent, or otherwise share your personal information with third parties for marketing or advertising purposes. Your data belongs to you—SCC makes no claim on content you enter into our applications or hosting platforms.

4. Service Providers and Third-Party Hosting

To deliver and maintain our Services, we rely on trusted third-party providers:

Amazon Web Services (AWS) is the primary host of our databases and application servers. AWS complies with numerous international security standards (SOC 2 Type 2, ISO 27001).
Discourse.org provides our forum platform; their privacy policy governs their handling of your forum activity.
Any other integrations (e.g., SSO or external identity providers) are used only at your direction and under their respective privacy policies.

While these providers process data on our behalf, they do so only to enable the Services we offer and under strict confidentiality agreements. We have no advertising relationships or data-sharing partnerships with them beyond necessary service delivery.

5. Links to Other Websites

Our Services may link to external websites (e.g., GitHub). We are not responsible for the privacy practices of those sites. Please review their privacy policies before providing any personal information.

6. Security

We implement administrative, technical, and physical safeguards—built on AWS’s security infrastructure—to protect your data from unauthorized access, disclosure, alteration, or destruction. All network traffic to and from our Services is encrypted via HTTPS/TLS. However, no system can guarantee absolute security; we encourage you to use strong, unique passwords and keep your contact information up to date.

7. Data Ownership and Access

We recognize that every specimen record, metadata field, user comment, and image you upload is your institution’s intellectual property. SCC does not assert any ownership or license rights over your data—whether it resides in your on-premises database, in our Specify Cloud servers, on a Web Portal export, or within our user forum.

7.1 Data Ownership

All collection data—including specimen information, localities, taxonomic hierarchies, images, attachments, and annotations—remains the sole property of the institution or individual user who creates it. SCC’s role is strictly custodial: we store and serve your data but never repurpose it for analytics, research publications, marketing, or any other use outside the scope of the support and hosting services you subscribe to.

7.2 Export and Portability

You may export your data at any time, for any reason, in multiple formats:

CSV spreadsheets via the Specify Query Builder
JSON-formatted records through the Specify 7 REST API
Full SQL dumps of your database (including schema and data)

If you need assistance scheduling automated nightly or monthly exports—pushed to an SFTP endpoint you control—our support team is happy to help configure that workflow.

7.3 Backups and Recovery

For our Specify Cloud customers, SCC maintains a multi-tiered backup strategy:

Nightly database snapshots retained for 7 days
Weekly full backups retained for 30 days
Monthly full backups retained for 12 months
Annual backups retained for the duration of your hosting contract

You may request a one-time or recurring transfer of any backup to your own AWS account or on-premises server. In the event of accidental deletion or data corruption, SCC support can restore a prior snapshot to your live environment.

7.4 Retention and Deletion

You determine how long you wish to retain historical data. If you decide to close your Specify Cloud account or discontinue support, SCC will, upon your request, provide a complete data export and subsequently purge your data from our systems. For compliance with institutional or legal requirements, you may also request early deletion of specific datasets or personally identifiable user accounts; we will promptly honor and document such requests.

7.5 Administrative Access and Audit Logging

SCC staff do not alter production data without your explicit permission. All administrative actions—whether executed by your institution’s Specify administrators or by SCC staff—are fully audited. Logs capture user IDs, timestamps, and detailed action descriptions. You can review these audit logs at any time via the Audit Log tool.

Your collections data is always under your control—backed up, accessible, and removable on your terms—while benefitting from SCC’s secure managed infrastructure.

8. Changes to This Privacy Policy

We may update this policy at any time. The “Effective Date” at the top will reflect the last revision. We encourage you to review this page periodically. If we make material changes affecting your rights or how we use your information, we will notify you by posting a prominent notice.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at support@specifysoftware.org.

Topic		Replies	Views
Terms of Service Welcome Specify Members	2	198	March 3, 2022
Privacy Policy Welcome Specify Members	0	207	May 8, 2020
Specify Cloud Documentation	0	319	June 6, 2025
About Specify Documentation Specify-7 , Specify-6	0	1067	September 8, 2023
Transitioning from Specify Cloud to a Self-Hosted Specify 7 Environment Policies	0	26	June 12, 2025

Related topics