PhysioQ Participant App Privacy Policy

-
Society places trust in researchers and scientists to pursue knowledge in a manner that respects the values of beneficence, freedom from exploitation, fairness, honesty, and justice. As a non-profit that facilitates access to physiological research, we believe it is also our responsibility to help promote and uphold these ethical values. We appreciate that you are trusting us with information that is important to you, and we want to be transparent about how we use it.
Here we describe the privacy practices for the Participant App. You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.
1. Preparing your Project
How we limit PHI (Personal Health Information)
Research participants have entrusted researchers with their data, and we believe in upholding that trust. We actively help researchers protect the confidentiality of participants, ensuring that all their data is anonymized before entering our system. Furthermore, no participant data is allowed to be collected without first having the researchers’ and participants’ consent.

PhysioQ does not save the participants’ personal details (ie. names, DOBs, emails, etc) and so on. Instead, we create identification codes for your participants, which can be defined by the researcher. These IDs are anonymous and unalterable. Along with further security protocols, we aim to ensure that participant information can never be traced back to a participant.
How we limit PHI (Personal Health Information)
Respect for human dignity extends not only to the person but also to his/her personal information. We believe that an individual’s personal health data, is just that - personal. Any non-identifiable information collected from the APP is only accessible by the project creator (ie. researcher). No participant data is able to be collected without first having both the researchers’ and participants’ consents. Furthermore, no one is able to use the PhysioQ App without first getting an invite code from a project owner. PhysioQ does not collect any identifiable information from anyone using the App. 

The App automatically collects any information you manually enter into the App or that is collected through a connected device or your phone (using accelerometers, gyroscope, barometer, etc). This data is directly uploaded into the project owner’s (ie. the researcher) account. 

We may also collect general-use data for the purpose of measuring and analyzing App usage and activity. We may use third-party service providers to help us analyze App interaction to improve the Service and help determine which features need improvement. We do not share any personal information about our users with these third party service providers, and these service providers do not collect such information on our behalf. Our third party service providers are required to comply fully with this Policy.
1. Preparing your Project
PhysioQ does not access any of the project data; only the project owner can access their datasets. Researchers have control over their datasets and what they do with it *(while abiding by all applicable laws). 

We are a nonprofit and have no commercial interest in your data. Our goal is to make health research more accessible. We know that for our platform to be instrumental in supporting this objective we must provide our users with full trust. If we jeopardize our reputation with users, we jeopardize our service and damage the potential progression of health research.

“Notifications” are messages that are sent to your phone to remind you of what you need to do in the research project.  These are sent by the project owner.
Promoting Safety & Security
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
3. How Information Is Shared
For legal reasons or to prevent harm
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
For external processing
We may transfer non-identifiable information to our service providers or partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys. For example, we may send a survey to ask what could be improved in the App, and the answers shared with the development team.
4. Your Rights To Access and Control Your Personal Data
Your rights as a participant
As is the case with all PhysioQ projects, all participants and researchers are required to sign consent forms prior to starting a project. These consent forms will be provided to you by the researcher and will explain in detail what your rights are as a participant in the project.

If you believe your project owner is not acting according to your agreed upon terms of consent that you signed prior to starting the project, please contact PhysioQ.
How to delete your data as a Participant?
You may stop all collection of information by the App at any time by uninstalling the App. If you uninstall the App, any data that was collected prior to that point will still be available to the project owner. If you wish for them to delete this data, please contact the project owner directly as stated in your consent forms prior to starting the project.
The right to see your data
As a participant, you are entitled to a copy of your data. Please contact your project owner to receive your dataset.
5. Data Retention
GCP prescribes that all medical data are stored for at least two years unless a longer period is required because of local regulations. PhysioQ stores all data for at least 3 years after your study finishes and allows you to easily export it at any time. If your local laws require longer storage, it is the project owner’s responsibility to let us know and we will make sure their study complies with your local laws. 
6. Our Policies for Children
Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to be invited to use the App unless their parent has consented in accordance with applicable law. If we learn that we have collected the information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. We have introduced various safeguard mechanisms in order to avoid such scenarios. (Ie. The App is only useable by direct invitation from a project owner, in which both parties must sign consent forms to start collecting data).
7. Information Security
We strive towards storing data as securely as possible. PhysioQ is secured according to the most recent standards in order to protect your data in the best possible way. View our Security Statement.
8. Our International Operations and Data Transfers
We may transfer information to our service providers or partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including customer support, information technology, payments, sales, marketing, data analysis, research, and surveys. These partners may be located outside the United States. PhysioQ will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

PhysioQ ensures strong encryption for your data while in transit and at rest. All data sent between PhysioQ users and the system is encrypted with the use of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) technologies. This keeps data secure while in transit and ensures it can only be interpreted by the intended parties.
9. Third-Party Compatible Devices
Some PhysioQ hardware partners may have differing views on data privacy and ownership. If this is ever the case, we will take all possible measures to ensure that you are aware of this. On the PhysioQ Compatible Devices page, we will also note any differences between PhysioQ and the third-party’s views on data privacy.  We strongly advise you to review the Privacy Policy of any device you plan on using. Project owners are also required to ensure participants are aware of the type of data their devices collect as well as their respective privacy policies.
10. Changes to This Policy
We may update our Participant App Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
11. Who We Are and How To Contact Us
If you have any questions about this Privacy Policy, please contact us at Email: info@physioq.com