Security & Data Privacy
These questions are related to how data is stored in Labvanced and the steps we take to ensure participant privacy.
How secure is Labvanced?
Our entire website is SSL encrypted and uses a reverse proxy plus several other state of the art security measures to make sure our server and user data are safe. In addition, we backup all data to our own redundant sever/database so that in case of system or hardware failure, no data will be lost.
Does Labvanced save any personalized data of the participants?
We do NOT save any personalized data of the participants (i.e. no IP address, no email, no real name). Email addresses are only requested in case of repeated measures experiments (to remind participants to start a new session), but even then these are not shared with anyone (not even the experimenter).
Are there specific privacy settings related to eyetracking?
By default, no video data is transmitted to our servers or to the experimenters. The only data received from eyetracking is numeric gaze data (the x and y coordinates of where the participant looked on the frame). This ensures privacy of the participant, as their physical video feed is not shared and is not saved.
However, if you select the option in Study Settings to share calibration data with Labvanced to improve eyetracking, then different settings will apply. Snapshots (not full videos) of the participants' eyes (not their full face) will be transferred to our servers and stored pseudonymously to protect the identity of participants. There is no way to associate the cropped eye images with specific participants.
Does Labvanced support the use of PGP keys?
Yes, this option is available for users holding a Group license. It can be enabled in the Study Settings tab, in the Experiment Features column. We recommend this feature for studies involving audio/video recordings of the participant or their screen to increase privacy.
If I deleted some data accidentally, does Labvanced have a copy saved?
For the safety of our users and their participants, we do not store any long-term copies of data. We do keep a 7-day data backup in case of accidental deletion, but after the 7 day period, the data is deleted permanently. This is to ensure the safety and privacy of your participants.
Is the Labvanced data policy in congruence with latest EU data/privacy regulations (GDPR)?
Yes. We do not save any personalized data from the participants. If a participant wants his/her data to be removed from the database, the experimenters can do that completely by themselves. All the data is safely stored only on our own servers, which are located in Falkenstein, Germany.
Where is the data on the Labvanced servers stored?
All data is only stored on our own servers in Falkenstein, Germany. They are located in data centers with ISO/IEC 27001 certification operated by Hetzner GmbH and can be accessed only by highly trained and confidential professionals. There is a main server and a backup server, located in two different buildings to ensure our systems will always operate correctly. See https://en.wikipedia.org/wiki/ISO/IEC_27001 for information regarding this certifiation.