Data Privacy

Protecting Your Data

In addition to ensuring that the research that runs on Volunteer Science follows the highest scientific and ethical standards, we also make sure that the data you volunteer remains private, you can inspect the data that is revealed to qualified researchers, and you can delete this data at any time.

You have the option of logging in via Facebook and making some of your Facebook data available to us. This data is transmitted to our server using OAuth 2.0, an industry standard for security authentication and the only method compliant with Facebook's methods for infomation retrieval. These data include your unique Facebook ID as well as self-reported name, email address, age, gender, and other information in your profile. These data are stored in an encrypted database separate from databases that power this website or the experiments. Only the Principal Investigator, Lead Engineer, and people they designate for system administration will have access to this data. Researchers will not have direct access to this raw Facebook data.

This website and the database which records both the Facebook data and experimental data are built using a platform called Django which uses industry-standard security and authentication procedures. In addition to built-in protection against common security mistakes and threats (e.g., SQL injection and cross site request forgery) when creating an interactive web framework, the project is compliant with the recommended Django security procedures.

Each experiment will have a designated investigator. These investigators only have access to a) the data gathered from their own experiments and b) the necessary relevant demographic data about only those individuals who participated in their experiments. Other investigators will only access anonymous ID of participants; they will not have access to names, email addresses or other identifiable information. For example, if a researcher is running an experiment, and they want additional demographic data on their participants that includes age, gender and number of Facebook friends. These values could be collected from the pre-existing Facebook database. However, the specific number of friends could be an identifiable feature. Therefore, the resolution of this feature would be thresholded or otherwise reduced to a level determined by the PI to be safe to qualify as deidentified. In this example, the exact number of Facebook friends (429) might be rounded to the nearest 50 (i.e., 400 friends) to de-identify the research participant. The researcher would only have access to this demographic data for the specific individuals who participated in their specific experiment. Each researcher would have to justify why they needed the demographic attributes captured from the Facebook profiles by our website for their analyses.