Privacy and Security
Your identity is yours and will always be. Your data are yours and will always be.
Effective: 1st of February, 2018
1. VISITORS, USERS AND PARTICIPANTS
We consider three types of interaction with Sprockler . First there are people that visit our website but do not register. These will be referred to as "Visitors". Then we will have people that register and create an account. These will be referred to as "Users". Finally, we will have people that partake in responding to inquiries after being invited to do so by our users. These will be referred to as "Participants" (and sometimes as Respondents). Hence, we refer to our consumers as “Visitors” and “Users”.
2. EMAIL ADDRESSES
(a) Anonymity: In contrast to many “modern” organizations, Sprockler as an organization is not interested in the identity and personal details of your Participants. Instead, we consider our emphasis on guarding their anonymity as a crucial trait in relation to our product. Not only do we not store email addresses from your Participants, we don’t even want them. Not having them is the best way to maintain anonymity.
(b) Storage: We do not store email addresses from the Participants that you invite. Sometimes, we need these email addresses to individually invite Participants with individual codes, but even then, we will not store them. Instead, we will store a hash from which email addresses cannot be retrieved. The hash enables us to know that a set of responses comes from the same Participant. We don't know who this person is and we cannot retrieve his email address. In fact, we don’t want to know. The Participants are not only anonymous to us, but also to our Users, as we will not provide information that is needed to couple email addresses to individual responses.
(c) Tracking: As we don't store email addresses of Participants that you invite, we cannot use this information in any way. In particular, we cannot contact your Participants or sell their email addresses to third parties. Our hashing system allows us to track whether a particular Participant, known by his hash that is obtained from his email address, has already responded or not. This can be used for future reference without compromising anonymity. It does in no way allow us to retrieve his/her email address. This ensures that responses remain completely anonymous, even when using personal codes, while still allowing to match responses of different inquiries over time, like in cohort studies. This also enables us to send reminder emails on behalf of the User to invited Participants that have not yet responded. Because we do not store email addresses, we nor the User is able to know who will be reminded.
(d) Breaking anonymity: There are legitimate situations where anonymity is not desirable. While even in such situations Sprockler will not facilitate in breaking anonymity, the inquirer is free to include questions that ask Participants to share personal details like an email address. Only the Participant himself can decide to offer these details and knowingly break his anonymity.
2. GENERAL / PERSONAL INFORMATION
(a) Required info: To register to use some parts of the Service, Users must provide a full name and email address only. To purchase service, we also require legitimate payment/invoicing information. Sprockler only collects this personal information if a Visitor chooses to register with the Service to become a User.
(b) Contacting you: SSprockler may use your registration information to contact you to:
- Deliver the Service
- Improve our Site, Service, features and content
- Provide customer service and personalize your experience
- Administer and enable your use, enjoyment and navigation of our Site, Service, and mobile Site
- Improve our understanding of your needs and interests
- Fulfil requests you make
3. ACCESS TO INQUIRIES AND RESPONSES
If you are an authorized User you can administer and control your own inquiries. We only function as a Service provider. Only you, and the people who are invited by you can access the inquiry details. Third parties cannot, although Participants can of course access the inquiry in data-collection mode.
At Sprockler, inquiries are open to persons from organizations. Upon registration, you need to provide both a user name and an organization name. Typically, you will be the only person that can access the inquiries, add, change or delete questions, and to see, download and work with the responses. It is up to you if you want to share your account to allow someone else to help you in this process. Larger organizations can benefit from the fact that we do allow other users to join your organization, and as such obtain access the same set of inquiries. Such organization-members can be granted limited rights. As such, someone may only be able to provide translations, or to use our Visualizer. The first person from a new organization will be granted administration rights. He/she can create other accounts and set their rights.
You own your inquiry data. The inquiries you design are private and you decide who gets to see them. We do not use your data, unless when you request us to do so, like for technical support. Besides allowing you to download your data, we will also remove your data from our servers upon your request. We may also do so after due notification in case of irregularities.
4. DATA SECURITY
(a) TLS: Data security is very important to us. To that end, communications with our servers use of Transport Layer Security (TLS). This also holds for communications between the Android app and the server (uploading of responses). TLS disallows others from reading and modifying the communication (probably with an exception of top intelligence and secret agencies like NSA). As TLS 1.0 is compromised, we use TLS 1.2 for which no security breaks are publicly known. However, part of TLS 1.2 is a fallback mechanism to support less secure communication in case the client software does not support TLS 1.2. Such a fallback is usually fully transparent and invisible. Visitors should keep their browsers updated; all modern browsers support TLS 1.2. We take security serious, but this is also a responsibility of our Visitors.
(b) Encryption on mobile: The Collector app also encrypts data that are temporarily stored on mobile devices (during off-line usage). They are removed from the device after the server confirms their receipt.
(b) Secure server: We at Sprockler value service and security. For that, we outsourced hosting and maintenance to renowned hosting and service providers. Our cloudlinux-based server is located in Amsterdam. Our providers are particularly keen on keeping the sytem up to date and updating the systems with security patches. Systems are back upped daily. By outsourcing this to renowned parties, we can offer better security.
5. LINKS TO OTHER SITES OR SERVICES