Privacy Policy

This policy explains what information Probova (the "Service") collects, how it is used, and who can act on it. Because two very different groups of people interact with the Service, this policy names them explicitly instead of relying on an ambiguous "you".

1. Who this policy covers, and who does what

• Researchers are account holders who build and run surveys. For survey data, the researcher is the data controller, they decide what is collected and why, and they are responsible for any consents and approvals their data collection requires.
• Participants are people who answer a survey through a link a researcher shared. Participants do not need accounts. The answers a participant submits belong to the researcher's study; the Service processes that data on the researcher's behalf and does not use it for its own purposes.

The practical consequence, stated up front. Rights over survey answers are exercised through the researcher who runs the survey, not through the Service. If you answered someone's survey and want your answers corrected or deleted, the researcher is the right door to knock on, this is how data protection law allocates the duty when one party controls and another processes. Section 8 spells out what each group can do. Where we can reasonably assist a participant who cannot reach a researcher, we do, see Section 8.

2. Information collected, by audience

From researchers

• Account data. Username, email address, name, password (stored hashed), and, for Google sign-in, the identifiers Google shares for authentication.
• Content they create. Surveys, questions, uploaded files (public assets and private files), and settings.

From participants

• Survey responses. The answers, files, and timings a participant submits to a researcher's survey. How much identifying information a survey collects is the researcher's design decision; the Service itself does not require participants to identify themselves.
• Technical data. A session cookie that keeps an in-progress response attached to the participant's browser, and, where the researcher enabled bot protection, a reCAPTCHA verification (see Section 3).

From all visitors

• Logs. Standard web-server logs (IP address, user agent, request path, timestamp), retained for security and operations. Log content excludes survey answers.

3. Cookies

The Service sets only cookies necessary for it to work:

• Session cookie, keeps a researcher signed in, or keeps a participant's in-progress response attached to their browser.
• CSRF cookie, protects forms against cross-site request forgery.
• reCAPTCHA (only on surveys whose researcher enabled bot protection), Google reCAPTCHA v3 may set cookies and collects device signals to distinguish humans from bots, under Google's privacy policy.

There are no advertising, analytics, or cross-site tracking cookies. Because the cookies we set ourselves are strictly necessary, they do not require opt-in consent under EU law; a notice is shown for transparency.

4. How information is used

• To provide, operate, and secure the Service.
• To send researchers transactional email (email verification, password reset, collaboration invitations). No marketing email. Participants are never emailed by the Service.
• To prevent abuse and enforce the Terms of Use.

For people in the European Economic Area or UK, the legal bases are performance of a contract (operating researcher accounts and serving surveys), legitimate interests in securing and improving the Service, and compliance with legal obligations. For survey answers, the legal basis for collection is the researcher's to establish as controller.

5. Sharing

Personal information is shared only:

• with the researcher whose survey the participant answered, that is the purpose of a survey;
• with collaborators a researcher explicitly invited to a project;
• with service providers that host infrastructure or deliver email, bound to act only on instructions (the docs site lists them);
• when required by law, or to protect the rights, safety, or property of users or the Service.

The Service does not sell personal information and does not share it for cross-context behavioral advertising.

6. Retention and deletion

• Researcher account data and content are kept while the account exists.
• Researchers can delete individual responses and files at any time; deleted files are erased from storage, not just hidden.
• Account deletion is self-service and permanently removes the researcher's surveys, responses, uploaded files (including private files), and library content. Projects transferred to a collaborator during deletion survive under the new owner.
• Preview and test responses are purged automatically.
• Server logs rotate on a fixed schedule.

7. Security and international transfers

Passwords are stored hashed. Confidential uploads are kept outside the web-served file tree and are reachable only through permission-checked downloads by the survey's owner and invited collaborators. Transport is HTTPS only. No method of transmission or storage is perfectly secure, but appropriate technical measures protect the data, a fuller technical summary is published on the documentation site.

The Service is hosted in the United States; information is processed there. Where EU or UK law applies to a transfer, recognized safeguards such as standard contractual clauses with providers apply.

8. Rights, by audience

Researchers (account holders)

• Access and export everything they hold, surveys and responses export self-service from the Data page, account details are editable on the profile page.
• Correct account information at any time.
• Delete responses, files, projects, or the entire account, self-service.
• EEA and UK researchers additionally hold the GDPR rights of access, rectification, erasure, restriction, portability, and objection against the Service for the personal data it controls about them (their account data), and may lodge a complaint with a supervisory authority.
• California-resident researchers have the CCPA/CPRA rights to know, delete, and correct, and to opt out of sale or sharing. The Service does not sell or share personal information as the CCPA/CPRA defines those terms, so there is nothing to opt out of; sensitive personal information is not used for purposes requiring a right to limit; Global Privacy Control is honored by that same fact; and exercising rights never results in discrimination. Requests are made through the account (export, deletion) or the contact below, verified via the account email.

Participants

• Rights over submitted answers (access, correction, deletion, and similar) are exercised with the researcher who runs the survey, as Section 1 explains, the researcher controls that data and holds the corresponding legal duties, including under the GDPR and CCPA/CPRA where they apply.
• The Service holds no participant account to access, correct, or delete, participants do not have accounts.
• A participant who cannot reach or identify the researcher can use the contact below; where the Service can reasonably assist or relay a request to the responsible researcher, it does.

9. Age

Creating an account requires being at least 18 years old, and the Service and its website are not directed to anyone under 18. Participants in surveys may be younger only where the responsible researcher lawfully designed their study that way, including any parental-consent and review-board requirements, which are the researcher's obligations as controller. The Service does not knowingly collect personal information from children outside such researcher-controlled studies.

10. Changes to this policy

Material changes are announced on this page with an updated date and, where required by law, by additional notice.

11. Contact

Privacy questions and requests, from researchers or participants, go to support@probova.com.