Data Security & Privacy in Labvanced
Data privacy and security are key topics in the 21st century, whether you are running in-lab or online experiments. Being transparent about participant privacy and data security is both an ethical responsibility and a legal obligation to ensure the protection of participants. Below, we provide an overview of how Labvanced helps you meet data protection requirements and follow data security guidelines.
📌 Tip: Prepare in Advance
But first, keep in mind that before publishing your experiment and starting to collect data, your research must be approved by an internal review board and the ethics committee. A key topic that must be addressed is how you protect participants’ privacy.
By having the right documents prepared in advance and addressing data security and privacy from the very beginning, you can speed up the approval process for your study. When using Labvanced, you can request documents like customized data processing agreements to specify what kind of data is recorded and which party is responsible for what. So keep that in mind!
Participant Privacy
At Labvanced, participant privacy is a top priority. Our technology and advanced features were actually driven and developed with the core principle of maintaining subject data securely in mind. Below is an overview of the key points with how Labvanced approaches and ensures participant privacy and data protection in research.
Data Privacy / GDPR Compliance for Data Protection
All data is stored exclusively on our secure servers in the European Union and are in compliance with GDPR and EU privacy regulations. We also provide and sign customized Data Processing Agreements (DPAs) upon request, helping researchers be prepared for their internal review and ethics approval. This is a must-have for participant data protection in psychology experiments and research.
Webcam-based Eye Tracking & Participant Privacy
Labvanced’s webcam-based eye tracking technology was designed with privacy in mind. No video data, or face images, are ever sent to our servers or to the experimenters’.
Instead, Labvanced captures and stores only the numeric gaze data points (like x and y coordinates) which are participant-agnostic. This is accomplished by running the neural network on the participant’s device and then recording only the gaze coordinates, i. e. The points on the screen where the participant’s gaze is. Thus, no personal identifying data is ever transmitted beyond the participant’s device, ensuring the privacy and protection of participants.
For more information about this real-time gaze analysis and how it is set up to protect participant privacy , please refer to our peer-reviewed publication.
No Personalized Data Saved
Labvanced does not track participants, perform fingerprinting nor collects any data from the participants behind the scenes. Labvanced has a strict no tracking policy for sensitive information like data recordings. The type of data that is recorded is the researchers’ choosing, according to their experimental decision and data collection plan.
Advanced Privacy for Media Files
For research groups, PGP encryption is available for binary data. This ensures that only those with the corresponding private key can access sensitive data like any audio or video recordings, if they were collected.
Data Security
Your data is protected by multiple layers of cutting-edge security technology. Below is an overview of the key mechanisms Labvanced has in place for ensuring data security for its users.
SSL Encryption
Our entire website is SSL encrypted and uses a reverse proxy alongside other advanced measures to keep server and user data safe.
Data Backups
To prevent data loss, we back up all information to our own redundant servers. We also provide a 7-day data backup in case of accidental deletion.
ISO-Certified Data Centers
All data is securely stored on servers located in ISO/IEC 27001-certified data centers within the European Union. These servers are operated by Hetzner GmbH, with a main server and a backup server in separate buildings, ensuring operational continuity. Access is restricted to highly trained professionals.
VAPT Certificate
Our security is validated through a third-party audit, including a Vulnerability Assessment and Penetration Testing (VAPT).
Technical & Organizational Measures (TOM)
The securities and precautionary procedures we have in place to minimize risks and ensure compliance with GDPR are described in this document which can also be submitted to your internal review board.
Webhook API Data Transmission
For researchers who do not wish to store their data on the Labvanced servers, there is also a solution for that. This approach is typically chosen by researchers who are conducting clinical trials and need to follow data security guidelines by storing the data directly on their own servers.
Using the Webhook API, you can send your experiment data directly to the data center or server approved by your university or company. This ensures no participant data passes through our servers, only minimal meta-data is transmitted for balancing purposes, if required. Using the Webhook API for data transmission and storing is a key point of interest for companies that are required to be FDA-compliant and wish to integrate our system into their workflows.
Working with Labvanced
Upon adopting Labvanced in your research or in your lab, we are often asked by users to provide data processing agreements or any official documents. So, if your university or company requires these from you, please let us know and we will provide you with the necessary certificates and agreements!
Labvanced’s Commitment to Data Privacy & Security
At Labvanced, we take data privacy and security seriously so you can focus on what truly matters—your research. Labvanced, at its core, values protecting participant data in order to maintain trust and compliance with international regulations like GDPR. Our commitment to trust, transparency, and compliance with the highest standards of privacy ensures that both you and your participants are protected.