Privacy Policy
Effective Date: September 2, 2025
This Privacy Policy explains how MobLab Inc. and its affiliates and subsidiaries ("MobLab," "we," "our," or "us") collect, use, share, and protect Personal Information when you use MobLab Research ("Research Services"), including websites, applications, surveys, experiments, and related tools (collectively, "Services"). This Policy is part of our Terms of Use; capitalized terms not defined herein have the meanings given in those Terms.
Important legal note for internal reviewers: This draft provides operational detail and guidance about data practices. Where MobLab's legal team has not confirmed compliance with specific laws or certifications, the Policy avoids absolute compliance statements and instead specifies roles, responsibilities, and controls. Institutional customers and Researchers should consult their counsel for obligations that apply to specific studies or jurisdictions.
1. Scope & Key Definitions
Personal Information (or Personal Data): information that identifies or is reasonably capable of identifying an individual, including profile, contact, demographic, payment, and study response data.
Processing: any operation performed on Personal Information, including collection, storage, analysis, disclosure, or deletion.
Controller & Processor: MobLab acts as a Controller for platform-related data processing described here. Researchers may be Controllers or joint Controllers for study-specific processing; Researchers are responsible for lawful collection and use and use of Participant responses in their studies.
2. Information We Collect
We collect Personal Information in the following categories:
a. Registration & Profile Data: name, email, university affiliation, age or birth year, nationality, academic status, field of study, year of study, language, citizenship, first-generation status, and profile preferences.
b. Education & Institutional Data: institution names, degree levels, majors, enrollment dates, and GPA ranges when provided for study eligibility.
c. Study Responses & Research Data: survey answers, experiment outputs, task performance, timestamps, attention-check results, and other responses collected as part of studies. Study-specific metadata (e.g., session IDs, randomization seeds) may also be recorded.
d. Technical & Usage Data: IP address, device type, browser, operating system, log data, cookies and similar technologies, referrer information, and usage metrics.
e. Payment & Compensation Data: payment method information (e.g., PayPal), payout history, payout IDs, and tax information where required by law or account setup.
f. Communications & Support Data: messages with support, appeals, or dispute correspondence.
3. Legal Bases & Purposes for Processing (where applicable)
Where laws require a legal basis for processing (e.g., GDPR), MobLab relies on one or more of the following as appropriate:
Performance of a contract (to provide the Services and process payments).
Legitimate interests (platform operations, fraud prevention, improving Services) after balancing against user rights.
Consent (where required, e.g., optional marketing communications or certain cookies).
Legal obligations (to comply with court orders or reporting requirements).
Purposes include: providing and improving Services, matching Participants to studies, processing payments, research analysis and publication of de-identified results, fraud detection, legal compliance, and communications.
4. Sharing & Disclosure
MobLab shares Personal Information only as described below or with consent.
a. Researchers & Academic Partners: Study responses may be shared with Researchers as described in study consent. MobLab encourages de-identification and aggregation; where identifiable data is shared, Researchers must have lawful basis and appropriate safeguards.
b. Service Providers: We use subprocessors for payment processing, hosting, analytics, email and messaging, and security. These providers are contractually bound to process data only on MobLab’s instructions and to maintain confidentiality and security.
c. Legal & Safety Disclosures: We may disclose Personal Information to comply with law, respond to lawful requests, protect rights or safety, and for fraud prevention.
d. Business Transfers: Personal Information may be transferred in connection with mergers, acquisitions, or asset sales; we will notify affected individuals where required by law.
e. Public & Aggregate Research Outputs: Aggregate or de-identified datasets and publications may be shared or published for research and platform improvement.
5. International Transfers
Data collected via the Services may be stored, processed, and transferred to the United States and other jurisdictions. For transfers from the EEA, UK, or other regions with restrictions, MobLab will implement appropriate safeguards (such as Standard Contractual Clauses) where required. Where MobLab has not implemented a particular transfer mechanism for a given jurisdiction, we will take reasonable steps to protect data and will provide additional safeguards upon request when feasible.
6. Data Retention & Deletion
We retain Personal Information for as long as necessary to provide Services, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes (e.g., research archives). Specific retention schedules vary by data type and may be documented separately. Anonymized or aggregated data may be retained indefinitely.
Participants may request access, correction, deletion, or portability of their Personal Information by contacting support.research@moblab.com. MobLab will handle requests in accordance with applicable laws and will inform requesters if any legal or operational exception prevents full deletion (e.g., audit logs, litigation hold).
7. Security Measures
MobLab implements technical and organizational measures to protect Personal Information, including encryption in transit and at rest (where technically feasible), access controls, logging, monitoring, vulnerability management, and incident response procedures. We periodically evaluate security practices and may publish details of certifications and audits separately.
In the event of a data breach affecting Personal Information, MobLab will follow applicable breach-notification laws and will notify affected individuals and regulators when required.
8. Children & Vulnerable Populations
The Services are intended for users aged 18 and older (or the age of majority in the user’s jurisdiction). We do not knowingly collect Personal Information from children below applicable thresholds (e.g., 16 in the EEA or 13 in other jurisdictions). If we learn that we have collected personal data from a child in violation of applicable law, we will take steps to delete such data.
Research involving minors or vulnerable groups requires additional protections; Researchers must obtain appropriate ethics approvals and document parental/guardian consent as required.
9. Your Rights & Choices
Depending on your jurisdiction, you may have rights including:
Access to the Personal Information we hold about you.
Correction of inaccurate or incomplete data.
Deletion (subject to legal and operational exceptions).
Portability of data in a commonly-used electronic format.
Restriction of or objection to certain processing activities.
Opt-out of marketing communications.
To exercise rights, contact support.research@moblab.com. We will verify requests to protect privacy and security.
10. Cookies & Tracking
We use cookies, pixel tags, local storage, and similar technologies to provide and improve Services, remember preferences, secure the platform, and perform analytics. Participants may manage cookie preferences through the cookie banner or browser/device settings. Third-party analytics and advertising partners may set cookies; opt-out instructions are provided where applicable and industry opt-out portals (e.g., http://aboutads.info ) are referenced.
11. Data Processors & Subprocessors
A list of major subprocessors (e.g., hosting, payment, analytics providers) will be maintained and updated on our privacy portal. Subprocessors are contractually required to meet security and confidentiality obligations.
12. Automated Decision-Making & Profiling
MobLab may use automated processes to match Participants with studies, detect fraud, or optimize study routing. Where applicable law grants rights related to automated decision-making, Participants may request human review or other remedies by contacting support.research@moblab.com.
13. Cross-border & Local Law Considerations
This Policy is intended to describe general processing; local laws may grant additional rights or impose additional obligations. Nothing in this Policy should be interpreted as a promise that MobLab complies with every legal regime; MobLab will make reasonable efforts to comply and will work with institutional customers and Researchers to support lawful processing.
14. Changes to This Policy
We may update this Policy. Material changes will be posted with a new effective date and, where required, notice will be provided to affected users.
15. Contact Information
For all inquiries related to Data Protection / Privacy, Security Incident Reports, and Research Support, please contact us at support.research@moblab.com. Our dedicated team will review and address your request accordingly.
Mail:
MobLab Inc.
Attn: Privacy Office
380 N Halstead St.
Pasadena, CA 91107