About

Privacy information notice

Protecting your privacy and personal data is important to us. Please take a few moments to review this Policy.

(Last reviewed and updated: April 2026)

Summary

The Directory of Open Access Journals ("DOAJ"), managed independently by DOAJ Fonden, a not-for-profit foundation registered in Denmark, is an open online directory that contains lists of peer-reviewed, open access journals and their article metadata.

To ensure that every journal application and eventual journal record in DOAJ can be vouched for by a representative of that journal and to maintain a high level of recency and accuracy, the DOAJ collects the name and email address in our User database of the account holder. We also create other accounts that contain names and email addresses, usually of our teams, our volunteers, our Ambassadors, Premium Metadata Service users and our open metadata service users. DOAJ does not share names or email addresses with anyone outside the organisation, unless explicit permission has been sought.

You may access, review and edit your account details by logging into your DOAJ account.

To ensure that we can maintain good customer relations with our supporters, we also store details in a Customer Relationship Manager (CRM).

Who to contact at DOAJ about protecting your privacy

The DOAJ Deputy Director, Dominic Mitchell, has assumed responsibility for the DOAJ data policy and implementing the changes required by the GDPR, which came into effect on 25th May 2018. If you have any questions or concerns about the information in this Notice or any other questions about how DOAJ protects or uses your data, please email Dominic. Alternatively, you can write to him: Dominic Mitchell, DOAJ Fonden, c/o Joanna Ball, Bøgevej 33, DK-4000 Roskilde, DENMARK.

The policy

This is the website for the Directory of Open Access Journals, which is managed by DOAJ Fonden, a non-profit foundation registered in Denmark. The DOAJ does not have an app. The DOAJ uses WordPress for its blog, DOAJ Blog. This Privacy Information Notice pertains to this website (https://doaj.org) and the DOAJ blog only.

1) The information we collect and how we use it

1a Journal applications, journal records, and updates

Before you submit an application, you must register for an account or sign in to your account. Your account stores:

  • Your name
  • Your email address
  • Your DOAJ account ID
  • Your password
  • Your API key

An account is created and stored in our User database. We need these details to process your application. If your application is accepted, your journal record is created. In all cases, you are the account holder. We use the email address you provide:

  1. to let you know that your application has been received, rejected or accepted
  2. to ask you questions about your application or update
  3. to ask you about an update to the information we hold about the journal(s)
  4. to inform you that we have changed the status of the journal in DOAJ
  5. to inform you of any major changes that will affect how you carry out your tasks on the Publisher dashboard
  6. to send you occasional DOAJ marketing emails*
  7. to contact you regarding a question on article metadata, which is linked to your journal in DOAJ

*see section 7 below.

It is only technically possible for some emails, generated as part of the review process, to be sent to Applicants by the DOAJ system. Therefore, it is sometimes necessary for your email address and names to be copied into an email in an external email programme. DOAJ Team members use a dedicated DOAJ.org email address and the email client is Gmail. Volunteers do not have access to a DOAJ.org email address and therefore use their own email addresses.

Gmail automatically saves copies of all emails that we send. Our use of Gmail and the protection of your personal data within it is governed by Google's Privacy Policy, Data Processing Amendment for G Suite, and Data Processing and Security Terms for Google Cloud Platform.

We will never discuss the details of your journal applications with anyone apart from you or someone that we can easily verify is connected to your journal or to your journal's publisher.

1b Volunteer applications

When someone applies to be a volunteer for DOAJ, we collect, via a Google Form:

Your name Your email address Name and email address of your reference(s)

We use this information to contact you or your references regarding your application. If your application is successful, we will create an account for you in our User database. This allows applications to be assigned to you for review and to log in to your DOAJ workspace. You may access, review and edit these details by logging into your DOAJ account at any time. We need to retain your email address to keep you up to date on your volunteer work.

We will also use your email address to add you to our Volunteer group in Slack. Your personal data in Slack is governed by Slack's privacy policy and commitment.

1c Via cookies

We collect some information automatically via cookies used on this site. See Section 3 below for full details.

1d A record in Less Annoying CRM

Sometimes, we store your name, email address and the organisation where you work in Less Annoying, our customer relationship manager. Your data in Less Annoying is protected by their privacy policy.

1e A record in our finance systems

Sometimes, we store your name, email address and the organisation where you work in Billy, our accounting software. Your data in Billy is protected by their Privacy Policy.

We are migrating all our financial administration from Billy to E-conomic. We store email addresses and sometimes a name and a phone number for our contact person. We also store our supplier's name, which, for some team members, is their personal name. Your data in E-conomic is protected by their privacy policy.

1f A user account in Slack

Sometimes, we store your name and email address in Slack. Your personal data in Slack is governed by Slack's privacy policy and commitment.

2) Why DOAJ needs to collect personal data

DOAJ has a duty to its stakeholder groups to maintain the quality, security, and recency of its index. It also has a duty to keep its users informed of updates concerning user accounts, features and functionality, policy changes, or changes in support levels. This is our legitimate business interest and why we need to collect a name and email address for all account holders, and the name, email address and organisation of our supporters. We use other platforms to inform users and stakeholder groups of our updates, such as WordPress and Billy.

We hardly ever send marketing emails, but you may opt out of them at any time by logging in to your DOAJ account.

2a Journals and uploading article metadata

Anything to do with a journal or uploading article metadata must be linked to an individual account holder. All journals indexed and publicly available in the DOAJ database (i.e., they have not been withdrawn) are managed via your Publisher dashboard. This dashboard is linked to your user account. The Publisher dashboard allows you to maintain journal information and upload article metadata.

2b Journal applications

The name and email address of the account holder are collected upon registration. We use this information to process the application effectively: we use the email addresses to contact you as part of the standard review process and to fulfil our obligation to you to process your application in an unbiased and timely manner.

2c Volunteers

Volunteer user accounts include a name and an email address so we can assign applications to you, email you about changes to the Admin system where you do your work or other changes.

You may opt out of marketing emails by logging into your DOAJ account.

3) Which cookies are in use on this site and why

When you use DOAJ, cookies are set on your machine. The cookies we set are:

  • jquery - we use jquery.com to load the javascript framework.
  • doaj.org - a small number of required cookies for the application to function, for example, when you log in and click away the cookie consent banner.
  • schema - if you upload article metadata to us via the Upload Article XML tab, we place a cookie on your machine which allows us to remember which XSD schema you used the last time you uploaded XML to us: doaj or Crossref
  • hotjar - we sometimes use Hotjar to do unmoderated monitoring of user journeys through our site. We look at where they click on a page and where they stop in a process. This is only occasional. We always use a Hotjar widget to collect feedback on individual journal pages.

You can disable these cookies at any time by using the privacy settings in your browser. However, the performance and some functions of the site may be affected.

4) How we store personal data

4a In journal applications

The journal applications are stored in an index in the DOAJ Admin system, which is accessible only by the DOAJ Team, the DOAJ Ambassadors, the DOAJ Volunteers (collectively the DOAJ representatives) and our technical partners in site development and hosting, Cottage Labs. Different groups of DOAJ representatives have different levels of access to the index. The main reason and objective for accessing the index is to review journal records and applications.

4b In journal records

Your account holder details are linked to journal and application records. Journal records are searchable and displayed on our website; account holder details are never displayed publicly and are not searchable.

4c In user accounts

Account holder details are stored in a separate database, the User database, within the DOAJ Admin system. Sometimes, the DOAJ Team and Cottage Labs will access user accounts to make updates, reset passwords, reset an API key or delete the user account entirely. Neither DOAJ representatives nor Cottage Labs have access to users' passwords, which are encrypted. All personal data is encrypted when imported into a DOAJ test site or onto a developer's machine for development or testing.

4e In volunteer applications

Volunteer applications are collected in a Google Sheet and are stored securely in the DOAJ's Google workspace. The Sheet is only accessible by the DOAJ Team.

4f As the DOAJ team

The DOAJ User database contains the personal information of all users of the DOAJ Admin system. This includes the DOAJ Team. The personal data of DOAJ Team members is also stored in contracts and role profiles on Google Drive. DOAJ Team's banking details are held in Billy, our accounting software, to make payments.

4g in Less Annoying and Billy

If the journal contact is the same contact to whom we issue invoices, a name, email address, and organisation will be stored in Less Annoying CRM and Billy. Their privacy policies govern the protection of your data. Less Annoying Billy

5) How we process personal data

5a Account holders

DOAJ sometimes extracts account holders' email addresses in a report generated from the DOAJ Admin system. We use this information to contact you about your journals in DOAJ. An example would be a list of all email addresses from accounts that have at least one journal indexed in DOAJ. We would use this list to contact Account holders with important information about changes and updates to the DOAJ Publisher Area, which may affect their experience.

5b Volunteers

DOAJ maintains a list in Google Drive of all the active volunteers' names and email addresses. We use this list to coordinate volunteer activities, ensure that each Editorial Group has enough volunteers, and ensure a smooth flow of applications through the DOAJ workflow. DOAJ also sends out a volunteer newsletter: the recipient list for this is manually created in Gmail using the list in Google Drive. This newsletter contains important updates which help the volunteers carry out their work effectively.

6) How long do we store personal data and when do we delete data

6a Journal applications

DOAJ stores the personal data associated with a journal application and a journal record for as long as the journal is in DOAJ. If/when an application is rejected or a journal is removed from DOAJ, we usually delete the data after seven years. However, we do not delete personal data embedded in these records or delete the user's account from the User database if we need to refer to them to provide the history of a journal and DOAJ. We record notes in all our applications, and these Notes provide valuable information over time and help us to continue to meet high levels of quality.

6b User accounts

Users may request at any time that we delete all their personal data from our systems by submitting a Subject Access Request to us**. The last major overhaul of the DOAJ User database occurred when DOAJ migrated to its current platform at the end of 2013; we still have active user accounts predating that time that were migrated to the new platform.

6c Volunteer applications

DOAJ stores the personal data of applicants in a Google Sheet until we have finished assessing the candidates. Old applications are struck through and archived in a secure Google Drive folder only accessible by the Executive Team. Old applications are deleted after two months. Volunteer applicants may request at any time that we delete all their personal data from Google Drive by submitting a Subject Access Request (SAR) to us**.

**see section 9 below.

7) Who do we share data with

DOAJ does not share personal data with any organisation or individual outside the immediate DOAJ organisation, nor will it grant requests from industry organisations for access to user data.

7a Data transfer to another organisation

If the current incarnation of DOAJ must wind down, the whole operation will be transferred to another organisation. This is described in full in our POSI statement. The transfer of your user data will be necessary in order for you to continue to use the site. Before any transfer occurs, all email addresses in our user database will receive an email from us that describes:

  • the reason for the transfer
  • the data being transferred
  • the recipient of the data
  • the recipient's commitment to store user data securely and under the conditions laid out by GDPR
  • what to do if you do not want your data transferred and what it will mean for your use of the site
  • details on how to contact someone with questions or concerns

8) How to delete your account and request that personal data be deleted

8a How to delete your account

Account holders may request that DOAJ delete their account from the DOAJ Admin system at any time. Do this by emailing Dominic Mitchell. Please note that it is not possible for journals to be indexed in DOAJ without being linked to a User account. If you want us to delete your account and it is linked to a journal or journals indexed in DOAJ, then you must provide the details for a replacement account.

8b How to request that all personal data be deleted

To request that DOAJ delete all personal data we hold about you, please email the Deputy Director, Dominic Mitchell, at dominic@doaj.org.

9) Subject access request (SAR)

9a What is a subject access request (SAR)?

An SAR is the name given to the process by which a user can request to know details of a site's information about them and how it is being used. A useful tool on how to make a SAR is available here: https://ico.org.uk/for-the-public/make-a-subject-access-request/. In summary: 'an individual who makes a written request and pays a fee is entitled to be: told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available)'. According to UK law, the recipient organisation of a SAR must respond within 40 calendar days.

9b How to make a SAR to DOAJ

You may submit a SAR to DOAJ by contacting the Deputy Director, Dominic Mitchell, directly: dominic@doaj.org. Any written request will be considered valid, regardless of format.

As stated in Sections 7 and 8 above, you can withdraw your consent for us to store and process your personal data at any time by submitting an email to Dominic Mitchell.

You may also explicitly indicate that you do not want DOAJ to use your email address for marketing purposes. We have added consent checkboxes to all user accounts, where you can opt in or out of these emails.

11) How to complain

If you need to complain about how DOAJ has handled an SAR or your request to withdraw consent, or any other aspect related to the information detailed in this Privacy Information Notice, please send an email to the DOAJ Deputy Director, Dominic Mitchell: dominic@doaj.org