- We added more detail about data we collect when you use single sign in systems to access your ORCID account, such as Facebook, Google, or institutional federated identity providers.
- We improved transparency about our audit trail, which is composed of raw server and application logs which can be analyzed and interpreted if necessary.
- We updated the definition of ‘Only Me Data’ to summarize behavior that was previously only described in other sections of the policy.
- We provided further reasoning for retaining a cryptographically hashed form of your email address, explaining that this is part of our obligation to keep a record of data erasure requests.
- We clarified that we may use information we collect about your use of our websites for the purpose of maintaining information security.
- We confirmed that although we post restrictions on commercial use of Registry data, ORCID does not undertake the responsibility to police third party uses of data.
- We made various other minor changes to improve clarity and readability, without changing the underlying meaning.