BookLens is an experimental platform for studying recommender systems, interface design, and online community design and theory. GroupLens Research has created this privacy statement to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for this site.
Personal information - When you directly create a BookLens account, you provide us an account name, password, and email address. Your password and email address are never shared with anyone, including our Partners. We use your email to help you recover your account and to conduct research. You may always opt out from these research opportunities.
Ratings - We store ratings you have provided for books and other items in a library catalog. BookLens uses these ratings to compute predictions and recommendations. BookLens will share your ratings with our Partners if you give us permission.
Additionally, we may provide anonymized rating data sets to the recommender research community to improve the state of recommender systems. You may opt out of having your data included in these data sets.
Logs - To help provide a better service, we log your interactions with BookLens. When using our service directly or through a Partner, we may collect your Internet Protocol ("IP") address, browser type, the web page visited before you came to our web site, and any Partner you were interacting with.
The primary means of using the BookLens is through authorized Partners. Partners are third-party web sites and applications that have worked with us to combine their service with BookLens so that you can take advantage of BookLens's personalization features while using their service or product.
We work closely with our Partners to ensure a satisfactory and safe interaction with both our services for you. If we feel that a Partner is not meeting our privacy standards, we will work with them to improve service or terminate the relationship to protect your data.
Single sign-on - BookLens supports Partners creating and managing BookLens user accounts associated with their own account system. This allows them to automatically activate a BookLens account attached to their account (such as a patron record). The BookLens service cannot and does not receive any Partner specific data when accounts are created, with the possible exception of assigning a user name based on the account name used with the Partner.
Using BookLens with a user account created by a Partner implicitly grants that Partner permission to use our APIs to display your ratings and personalized predictions. However, before they must present a notice and opt-in request before creating ratings and reviews on your behalf.
Access to user data - Except for the case described above for BookLens accounts managed by Partners, Partners cannot access any of your personal information without you granting permission first. The permission is temporary and will expire after a period of time less than a day, after which you will have to grant permission again.
While a Partner is authorized to access your information, they can view your ratings, your predicted rating for any book, and book recommendations. They will not be given access to your password or email, and you will not have to give them your password when granting them access. See our FAQ for more on how Partner authorization works.
Cookies - Partners may use "cookies" or other tokens to track when you have given them access to your account. A "cookie" is a small data file stored on your computer by your browser to store session data for a web site. Partners will likely need to store a temporary authentication token in a cookie. This token will grant them access to your personal data after you've authorized their access. The BookLens service will automatically invalidate temporary tokens when they have expired, preventing Partners from accessing your data.
Logs - BookLens is not responsible for the data logged by the Partner while you are using the BookLens service via a Partner.
The security of your information is important to us. When you enter sensitive information, such as your password, we encrypt the transmission of that information using secure socket layer technology ("SSL"). Additionally, all data transmission between a Partner and our service using our core API is encrypted by SSL.
We provide no guarantees on the security of the connection between you and a Partner, although we recommend that Partners use SSL technology.