Security and Privacy by Design
Research-grade practices for pseudonymous, encrypted sessions.
What We Collect
- De-identified session transcripts
- Scenario metadata and timing
- PMTO-based scores and feedback
What We Do Not Collect
- Direct identifiers in BRAT chat transcripts
- Plaintext participant emails in BRAT invite records
- Participant contact details in BRAT exports
Data Handling Policy
- ✓Encrypted at rest and in transit
- ✓Access logged for research compliance
- ✓Data deletion available by study ID
- ✓Retention policy aligned to IRB requirements