UbiWell Lab Logo.

Privacy Policy

Our privacy policy for data collected using our research and study apps

The UbiWell Lab and its collaborators understand the importance of protecting the privacy of personal information. Our research team conducts scientific research projects related to personal health informatics using mobile technologies such as mobile phones and smartwatches. The scientific research projects require recruiting human subject volunteers and collecting and analyzing data collected while those individuals use the mobile devices and our custom software. All projects are approved by an institutional review board (IRB) at Northeastern and/or our collaborating institutions, and participants in the experiments must provide informed consent. The IRB is responsible for the protection of the rights and privacy of human subjects who participate in experiments.

Our Privacy Policy explains:

  • What personal data we collect and why we collect it.
  • How we use personal data collected.
  • How we secure data.

Information we collect

We collect the information required to achieve our research goals. The details of exactly what data are collected are described in the informed consent document that study participants must read and acknowledge before using our software.

The specific information collected by our application is described on a per-project basis, but all our research projects using this application could collect the following information.

  1. Device usage information, such as when a user interacts with a device, when calls are made/received, when WiFi is switched on and off, and when the mobile device is charged or discharged.
  2. Device-specific information (such as the phone’s hardware model, operating system version, unique device identifiers, WiFi status, Bluetooth status, data network usage and carrier, remaining battery and mobile network information).
  3. App log information. The deployed devices will automatically collect and store study-specific information from the installed research application or the operating system in log files. This includes:
    1. Details of how the application was used, such as when the app was running and not running, and when user data was uploaded to our research server by the app.
    2. Device event information such as app crashes and system activity.
  4. Sensor information. Depending on the specific study, internal sensor readings from the smartphone and/or smartwatch may be collected and uploaded. These data may include,
    1. Location. The application will request location information from ios, which may provide the app with information about current and past longitude and latitude, nearby devices, Wi-Fi access points and cell towers.
    2. Inertial sensors, such as accelerometer and gyroscope.
    3. Environmental sensors, such as light, sound (audio amplitude) and proximity sensors.
    4. Physiological signals: We might also collect physiological signals like heart rate and accelerometer data from wearables.
  5. Survey information. For some projects, the app will prompt the user to fill out surveys on the mobile device that relate to the goals of the study.
  6. Location data. Some apps collect location data in the background to enable delivery of timely notifications and health interventions. This consists of latitude and longitude, and is encrypted and stored on our servers.

How we use information we collect

We will use the collected information for scientific research purposes only, which are described in the informed consent document that all people using the software must agree to.

This app was created by non-profit institutions for non-profit research purposes.

The data collected are strictly controlled and limited to trained personnel on the research teams, all of whom have undergone special research training in the protection of human subjects and their data.

Actual latitude and longitude associated with location data is never accessible to anyone outside of the research team.

Contact information accessed by messaging applications is not stored and is only used to find and connect with other individuals on the app.

The data collected are analyzed using various research methodologies, and the results of our work will eventually be published in scientific presentations and papers.

Data are always deidentified before presentation.

Transparency and choice

All users of this application must consent to the use of the application. Those consent forms are study-specific and overseen by our institutional review board (IRB). The consent forms provide additional detail about the nature of data collected and how it is used.

Although typically a protocol does not change during a study, if the protocol does change, it is only with additional approval from the IRB and re-consenting of the users of the application. At that time, they can choose whether to continue participating in the study or not.

All collected user data are stored as encrypted files on the phone. Consent forms specify the rights of subjects with regard to data access. Participants always have the right to have their data deleted, should they change their mind about participation in a study.

Information we share

Data are not shared with anyone outside of the trained research team, unless those data are completely deidentified, in compliance with procedures mandated by our IRB.

Aggregated, de-identified data will be presented in research publications in scientific journals and conferences.

Information security

We work hard to protect the users of this app from unauthorized access to or use of the data collected as directed by approved protocol from Northeastern University’s IRB. In particular:

  • We use https for data uploading.
  • We use our own secure server (operated by Northeastern university) to store uploaded files; identifiable information is always stored in an encrypted format.
  • We review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to our systems and the data stored on them.
  • We restrict access to personal information to the core research team, all of whom are trained in the protection of human subjects in experiments. These individuals are trained and certified to be able to understand the sensitivity of personal information.

When this Privacy Policy applies

Our Privacy Policy applies to all of the apps offered by the Ubiwell Lab and used in their scientific experiments.

Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without a user’s explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

If you have questions or concerns about this Privacy Policy, please contact us.