FREQUENTLY ASKED QUESTIONS
Is it safe to use this website?
The code that we use is available on Github and everyone is free to inspect it. We encourage users to inform us of any bugs, and we are open to contributions that will improve the functionality of the application.
Are anonymous signatures secure?
All signatures to a campaign, both public and anonymous, are stored in a database on the server. The only people who can access this database are the administrators of the application and any system administrators that have root access to the server. Editors who create a campaign and users who sign a campaign cannot access the identity of anonymous signatories.
The act of authenticating with ORCID does not prove in any way that a campaign was signed. Authentication occurs before the user decides to submit their signature, and the user could authenticate with ORCID just to test the example petitions that are on the server.
Are any data stored with ORCID?
No. Authenticating with ORCID is used only to ensure that each signatory is associated with an ORCID account and to obtain the name associated with the account. No data are stored on ORCID servers and ORCID can not access the signatories database.
What information do you store?
For each signature, we store the user ORCID, the user name as obtained from ORCID, the user affiliation (if provided), the campaign name, and whether the signature is public or anonymous. No other information is stored. Signatories to a campaign may delete their signature at any time, and deleting a signature removes the information from the database.