Privacy and Data Protection Statement for researchers and students

PsyToolkit stores study data on the server chosen by the researcher. If the European server is used, data are stored in Europe. If the US server is used, data are stored in the US.

Data transmission uses HTTPS, meaning that communication between the participant’s browser and the server is encrypted in transit.

By default, participant IP addresses are not stored in the researcher’s data files unless the researcher explicitly enables that option. The researcher remains the owner of the data collected in their own study.

In rare cases, the PsyToolkit server administrator may access user data when necessary for technical maintenance or troubleshooting. PsyToolkit is designed so that researchers can avoid collecting directly identifying personal data unless they explicitly choose to do so in their survey design.

Researchers are responsible for ensuring that their own study design, consent materials, and data collection practices comply with the requirements of their institution and jurisdiction.

The following wording may be useful for researchers when describing PsyToolkit in ethics or IRB applications:

“Data collected in this study will be stored on the PsyToolkit server selected by the researcher, either in the US or in Europe. Data transmission is encrypted via HTTPS. By default, IP addresses are not stored unless this option has been explicitly enabled by the researcher. The researcher retains ownership of the collected data. Limited access by the platform administrator may occur when necessary for technical maintenance or troubleshooting. For a complete privacy and data protection statement see: https://www.psytoolkit.org/privacy_statement.html”

Optionally copy this QR code to your ethics/IRB application so that reviewers can easily access it on printout-documents.