PhysioQ Web App (NEO/LabFront Dashboard) Privacy Policy

Updated 8/1/2020
Society places trust in researchers and scientists to pursue knowledge in a manner that respects the values of beneficence, freedom from exploitation, fairness, honesty, and justice. As a non-profit that facilitates access to physiological research, we believe it is also our responsibility to help promote and uphold these ethical values. We appreciate that you are trusting us with information that is important to you, and we want to be transparent about how we use it.

Here we describe the privacy practices for our devices, applications, software, websites, APIs, products, and services (the “Services”). You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.
1. Information We Collect
How we limit PHI (Personal Health Information)
Research participants have entrusted researchers with their data, and we believe in upholding that trust. We actively help researchers protect the confidentiality of participants, ensuring that all their data is anonymized before entering our system. Furthermore, no participant data is allowed to be collected without first having the researchers’ and participants’ consent.

PhysioQ does not save the participants’ personal details (ie. names, DOBs, emails, etc) and so on. Instead, we create identification codes for your participants, which can be defined by the researcher. These IDs are anonymous and unalterable. Along with further security protocols, we aim to ensure that participant information can never be traced back to a participant.
Information we collect from participants using the PhysioQ Connect App
Respect for human dignity extends not only to the person but also to his/her personal information. We believe that an individual’s personal health data is just that—personal. Any non-identifiable information collected from the APP is only accessible by the project creator (ie. researcher). No participant data is able to be collected without first having both the researchers’ and participants’ consents. Furthermore, no one is able to use the PhysioQ App without first getting an invite code from a project owner. PhysioQ does not collect any identifiable information from anyone using the App. 

The App automatically collects any information you manually enter into the App or that is collected through a connected device or your phone (using accelerometers, gyroscope, barometer, etc). This data is directly uploaded into the project owner’s (ie. the researcher) account. 
Information we collect from project owners using the Researcher Dashboard
Some information is required to create an account on our Services, such as your name, email address, password (encrypted version, actual plain text is not recoverable), and your mobile telephone number (for two factor authentication). This is the only information you have to provide to create an account with us.
Payment Information
If you purchase a PhysioQ account on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code, and billing address. We do not store this payment information. We store your delivery address to fulfill your order. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service. We do not use cookies to upsell or track your behavior. PhysioQ Web App uses cookies purely to store session information and security information.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. 

Examples of Cookies we use:
- Session Cookies. We use Session Cookies to limit session time and for security authentication purposes.
- Security Cookies. We use Security Cookies for security authentication.
2. How We Use Information
PhysioQ does not access any of your project data; only the project owner can access their datasets (As well as any user the project owner chooses to share the data with). Your project data is yours, and yours only. Researchers have control over their datasets and what they do with it.*

We are a nonprofit and have no commercial interest in your data. Our goal is to make health research more accessible. We know that for our platform to be instrumental in supporting this objective we must provide our users with full trust. If we jeopardize our reputation with users, we jeopardize our service and damage the potential progression of health research.

*While abiding by all applicable laws
How do we use the limited data we collect on project owners
Communicating with project owners
We use your information when needed to send you Service notifications and respond to you when you contact us. Examples of service notifications include security notifications, invoices and billing receipts, updates to terms or privacy policy, etc. These are mandatory to protect user rights and keep you informed.

The only other type of communication will be for marketing-related emails. You are opted-in by default to receive notifications on new product launches and promotions. However, you can control these communications via the “Unsubscribe” link in an email.
Promoting Safety & Security
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
3. How Information Is Shared
For legal reasons or to prevent harm
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.

Please note: Our policy is to notify you of legal processes seeking access to your information, such as search warrants, court orders, or subpoenas unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
For external processing
We may transfer information to our service providers or partners who process it for us, based on our instructions, and in compliance with this policy and all other appropriate confidentiality and security measures (this information will be anonymized). These partners provide us with services globally, including customer support, information technology, payments, sales, marketing, data analysis, research, and surveys.
4. Your Rights To Access and Control Your Personal Data
Your rights as a participant
As is the case with all PhysioQ projects, all participants and researchers are required to sign consent forms prior to starting a project. These consent forms will be provided to you by the researcher and will explain in detail what your rights are as a participant in the project.

If you believe your project owner is not acting according to your agreed-upon terms of consent that you signed prior to starting the project, please contact PhysioQ.
How to delete your data as a Participant?
You may stop all collection of information by the App at any time by uninstalling the App. If you uninstall the App, any data that was collected prior to that point will still be available to the project owner. If you wish for them to delete this data, please contact the project owner directly as stated in your consent forms prior to starting the project.
Your rights as a Project Owner (Researcher)
Your project data is yours, and yours only. Researchers have control over their datasets and what they do with it.*

* While abiding by all applicable laws.
How to delete your data as a Project owner
If you would like to cancel your PhysioQ account you may do so by emailing our support. When you request the cancellation of your account, your personally identifiable information will be deleted, including but not limited to your email address and name. Archival copies of your account information that exist within our back-up system will be deleted in accordance with our normal back-up expiration schedule.
Using the audit trail as a researcher
The Audit Trail records and shows all changes made to your study, including any changes made to your study structure, data collection, and study management. This is often a requirement for clinical trials and many observational studies. If you have chosen to use an audit trail for your project, any information you update or delete, may be saved in your project records.
Intellectual Property
The project owner owns any IP that may result from their personal research project while using PhysioQ LabFront software.
5. Data Retention
GCP prescribes that all medical data be stored for at least two years unless a longer period is required because of local regulations. PhysioQ stores all data for at least 3 years after your study finishes and allows you to easily export it at any time. If your local laws require longer storage let us know and we will make sure your study complies with your local laws. 

As long as your account is active (usage within the last 3 years), your information will not be indiscriminately deleted. Inactive accounts will be deleted after repeated notifications.

We keep your project owner account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account.
6. Our Policies for Children
Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible.
7. Information Security
We strive towards storing data as securely as possible. PhysioQ is secured according to the most recent standards in order to protect your data in the best possible way. View our Security Statement.
8. Our International Operations and Data Transfers
We may transfer information to our service providers or partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys. These partners may be located outside the United States. PhysioQ will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

PhysioQ ensures strong encryption for your data while in transit and at rest. All data sent between PhysioQ users and the system is encrypted with the use of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) technologies. This keeps data secure while in transit and ensures it can only be interpreted by the intended parties.
9. Third-Party Compatible Devices
PhysioQ offers two types of 3rd party compatibility. Native support means we collect and handle all the data through PhysioQ’s own App and cloud (ie: direct). Regardless of the privacy policies of the third-party organizations, we will be following PhysioQ privacy policy.

The second type of compatibility is non-native support. This means that we will have to go through a third-party app and/or cloud. In these cases, the PhysioQ hardware partners may have differing views on data privacy and ownership. If this is ever the case, we will take all possible measures to ensure that you are aware of this. On the PhysioQ Compatible Devices page, we will also note any differences between PhysioQ and the 3rd party’s views on data privacy.  We strongly advise you to review the Privacy Policy of any device you plan on using.*

*As of this writing, we do not have any cases of this type of partnership/support. In an effort for optimum transparency, we leave this in the clause in the policy to ensure you understand the direction PhysioQ may take.
10. Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
11. Who We Are and How To Contact Us
If you have any questions about this Privacy Policy, please contact us.

Email: hello@physioq.org
Call: 617-221-6192