🔒 Privacy Policy¶

ECF Compass Data Protection and Privacy Practices¶

Effective Date: November 16, 2025
Last Updated: November 16, 2025
Version: 1.0

Our Commitment¶

ECF Compass is committed to protecting your privacy and maintaining the confidentiality of your personal information. This Privacy Policy explains what data we collect (very little!), how we use it, and your rights regarding your information.

Core Principles¶

✅ Privacy by Default - Most data stays on your device
✅ Minimal Collection - We collect only what's necessary
✅ User Control - You decide what to share
✅ Transparency - Clear explanation of all practices
✅ Security - Industry-standard protection measures
✅ Open Science - Ethical research practices

What Data We Collect¶

Assessment Data (Local Storage by Default)¶

When you use ECF Compass, the following data is stored on your device in your browser's local storage:

Always Collected Locally¶

Assessment responses - Your answers to SOG Framework questions
Timestamps - When assessments were completed
Scores - Your calculated S-O-G scores
Profile type - Your archetype classification
Assessment history - Previous assessments for comparison

Important: This data never leaves your device unless you explicitly choose to share it.

If you choose to create an account or participate in research:

Demographics (Optional)¶

Age range (e.g., 25-34, not exact age)
General occupation category (e.g., "technology professional")
Country or region (for cross-cultural research)
Language preference

Contextual Information (Optional)¶

Types of AI tools you use (e.g., "chatbots, writing assistants")
Frequency of AI use (e.g., "daily, several times a day")
Primary use cases (e.g., "work, learning, personal")

Qualitative Responses (Optional)¶

Open-ended reflections in Deep Dive assessments
Anonymized comments or feedback

Technical Data (Automatically Collected, Anonymous)¶

For website functionality only: - Browser type and version - Operating system - Screen resolution - Language preference - General geographic location (country level only)

We do NOT collect: - ❌ IP addresses (anonymized immediately) - ❌ Unique identifiers beyond session - ❌ Precise geolocation - ❌ Device fingerprinting data

How We Use Your Data¶

Primary Uses¶

1. Providing the Service¶

Calculate your SOG scores
Generate personalized recommendations
Track your progress over time
Display your assessment history

Basis: Necessary for service delivery

2. Improving the Tool¶

Identify technical issues
Understand user experience
Optimize assessment flow
Fix bugs

Basis: Legitimate interest in service improvement

Validate assessment methodology
Study patterns in human-AI relationships
Contribute to open science
Publish aggregated findings

Basis: Explicit, informed consent

What We DON'T Do¶

❌ No Selling: We never sell your data to third parties
❌ No Advertising: We don't use your data for targeted ads
❌ No Profiling: We don't create marketing profiles
❌ No Sharing Without Consent: Your data stays private unless you choose otherwise

Data Storage¶

Local Storage (Default)¶

Where: Your device's browser storage
Duration: Until you clear it or delete the app data
Access: Only you have access
Security: Protected by your device security

Advantages: - ✅ Complete privacy - ✅ No server vulnerabilities - ✅ Works offline (after initial load) - ✅ Instant deletion possible

Limitation: - ⚠️ Lost if browser data cleared - ⚠️ Not accessible across devices

Cloud Storage (Optional)¶

If you create an account for multi-device sync or research participation:

Where: Encrypted cloud storage (AWS/EU servers)
Duration: Until you delete your account
Access: Only you + anonymized research team (if consented)
Security: AES-256 encryption at rest, TLS in transit

Advantages: - ✅ Access from multiple devices - ✅ Automatic backup - ✅ Contribute to research (optional)

Requirements: - ✅ Explicit account creation - ✅ Separate consent for research use - ✅ Can be deleted anytime

We may share anonymized data only with your explicit permission:

Research Partners¶

Academic institutions conducting validation studies
Peer reviewers for scientific publications
Open science repositories (Zenodo, OSF)

Safeguards: - All data fully anonymized (no personal identifiers) - Aggregated statistics only (no individual records) - Ethical review board approval required - You can opt out anytime

Community Contributions¶

If you choose to share your progress story
Anonymous case studies (with your permission)
Community-submitted insights

Your control: - You decide what to share - You can remain anonymous - You can request removal

We never share identifiable data without consent, except:

Legal Obligations¶

In rare cases, we may be required by law to disclose information: - Valid court order or subpoena - Protection against legal liability - Preventing imminent harm

Even then: - We notify you when legally permitted - We share only minimum required - We challenge overly broad requests

Service Providers¶

We use minimal third-party services:

Hosting (ReadTheDocs)¶

Purpose: Host documentation
Data: Anonymous page views
Location: EU servers
Privacy Policy: ReadTheDocs Privacy

Version Control (GitHub)¶

Purpose: Open-source development
Data: Public code, issues, discussions
Location: Global
Privacy Policy: GitHub Privacy

Research Archive (Zenodo)¶

Purpose: Permanent DOIs for research
Data: Only data you explicitly submit
Location: EU (CERN)
Privacy Policy: Zenodo Privacy

Your Rights¶

Access and Control¶

You have complete control over your data:

Right to Access¶

View: See all data we have about you
Download: Export in JSON/CSV format
Request: Ask for specific information

Right to Correction¶

Edit: Update your demographic information
Correct: Fix inaccurate assessment records
Clarify: Provide additional context

Right to Deletion¶

Local Data: Clear browser storage anytime
Account Data: Delete account and all associated data
Research Data: Withdraw consent and remove your data
Timeline: Immediate for local, within 30 days for cloud

Right to Portability¶

Export: Download all your data
Format: Machine-readable (JSON/CSV)
Transfer: Move to another service

Right to Object¶

Research Use: Opt out of any research participation
Analytics: Disable usage analytics
Communications: Unsubscribe from updates

Anytime: Withdraw research consent without penalty
Effect: Your data removed from future analyses
Published Research: Cannot remove already-published aggregated statistics

How to Exercise Your Rights¶

For local data: Use browser tools or app settings

For account/cloud data: 1. Log into your account → Privacy Settings 2. Contact us via GitHub Issues 3. Email: See ORCID profile for contact

Security Measures¶

Technical Safeguards¶

Encryption¶

In Transit: TLS 1.3 for all connections
At Rest: AES-256 for stored data
Backups: Encrypted with separate keys

Access Control¶

Authentication: Secure password requirements
Authorization: Role-based access
Audit Logs: All access logged and monitored

Data Minimization¶

Collection: Only essential data collected
Retention: Automatic deletion of old data
Anonymization: Immediate for research use

Organizational Safeguards¶

Staff Training¶

Privacy awareness training
Data handling protocols
Incident response procedures

Regular Audits¶

Security assessments
Privacy impact reviews
Compliance checks

Incident Response¶

Defined protocols for data breaches
User notification within 72 hours
Transparent reporting

Research Use¶

Open Science Principles¶

ECF Compass follows strict ethical guidelines for research:

Clear explanation of research purposes
Voluntary participation (opt-in, not opt-out)
Right to withdraw anytime
No penalties for declining

Anonymization¶

No personal identifiers in research data
Aggregated statistics only
K-anonymity standards (minimum group size)
Differential privacy techniques when possible

Transparency¶

Pre-registration of research protocols
Open data (anonymized) when possible
Open access publications
Reproducible methods

Ethical Review¶

Institutional review board approval for formal studies
Community review for protocol changes
Continuous ethical monitoring

What Research Data Includes¶

If you consent to research participation:

✅ Included: - Anonymized assessment scores - Demographic categories (broad) - Usage patterns (aggregated) - Qualitative responses (anonymized)

❌ Excluded: - Your name or contact information - Exact timestamps - IP addresses or device IDs - Any personally identifiable information

Published Research¶

Research findings may be published in: - Peer-reviewed journals - Pre-print servers (e.g., PsyArXiv) - Conference proceedings - Open-access repositories (Zenodo)

All publications: - Use aggregated data only - Cannot identify individuals - Include methodology transparency - Provide data access (when ethical)

Cookies and Tracking¶

What We Use¶

Essential Cookies (Required)¶

Session management: Keep you logged in
Preferences: Remember your language choice
Security: Prevent CSRF attacks

Duration: Session or as needed
Can be disabled: No (breaks functionality)

Analytics Cookies (Optional)¶

Usage patterns: Understand how people use the tool
Performance: Identify slow pages
Errors: Catch technical issues

Duration: Up to 1 year
Can be disabled: Yes (via cookie banner)

What We DON'T Use¶

❌ Advertising cookies
❌ Social media tracking pixels
❌ Cross-site tracking
❌ Fingerprinting techniques
❌ Third-party marketing tools

Your Control¶

Cookie Preferences: - Manage via cookie banner (first visit) - Update in Privacy Settings - Clear via browser settings

Browser Options: - Most browsers allow cookie blocking - Private/Incognito mode limits tracking - Extensions like Privacy Badger add protection

Third-Party Services¶

We minimize third-party dependencies. Current integrations:

ReadTheDocs (Documentation Hosting)¶

Purpose: Host this documentation
Data: Anonymous page views
Privacy: ReadTheDocs Policy

GitHub (Development Platform)¶

Purpose: Open-source collaboration
Data: Public contributions, issues
Privacy: GitHub Policy

Zenodo (Research Archive)¶

Purpose: Permanent research DOIs
Data: Only submitted publications
Privacy: Zenodo Policy

Note: Each service has its own privacy policy. We encourage you to review them.

Children's Privacy¶

Age Requirements¶

ECF Compass is intended for users 18 years and older.

We do not knowingly collect data from children under 18.

If we discover we've inadvertently collected such data: 1. We delete it immediately 2. We notify relevant authorities if required 3. We prevent future collection

Parents/Guardians: If you believe your child has provided data to us, please contact us immediately for removal.

International Users¶

Data Location¶

Primary servers: European Union (GDPR-compliant)
Backup servers: EU and US (Privacy Shield certified)

Legal Framework¶

We comply with: - GDPR (EU General Data Protection Regulation) - CCPA (California Consumer Privacy Act) - PIPEDA (Canadian privacy law) - Local laws where applicable

Cross-Border Transfers¶

If you access ECF Compass from outside the EU: - Data may be transferred internationally - Standard contractual clauses used - Adequate protection ensured - Same privacy rights apply

Changes to This Policy¶

Notification Process¶

We may update this Privacy Policy to reflect: - Changes in legal requirements - New features or services - Improved privacy practices

When we update: 1. Version number incremented 2. "Last Updated" date changed 3. Notification banner on website (30 days) 4. Email notification to account holders (if applicable)

Significant changes: - Require renewed consent for research participation - Announced in GitHub Discussions - Documented in changelog

Your Options¶

After a policy update: - Review changes via changelog - Accept to continue using service - Decline and delete your data - Contact us with questions

Contact Information¶

Privacy Inquiries¶

GitHub Issues: Report privacy concerns
GitHub Discussions: Ask privacy questions
Email: See ORCID profile for contact

Response Time¶

We aim to respond to privacy requests within: - Technical issues: 48 hours - Data access/deletion: 30 days (often faster) - General questions: 7 days

Data Protection Officer¶

Rite of Renaissance Research Foundation
Samir Baladi, Principal Researcher
Contact via ORCID profile: 0009-0003-8903-0029

Summary: Your Privacy at a Glance¶

What We Do ✅¶

✅ Store most data locally on your device
✅ Collect minimal information
✅ Use strong encryption
✅ Give you complete control
✅ Support open science ethically
✅ Comply with all privacy laws

What We DON'T Do ❌¶

❌ Sell your data
❌ Use data for advertising
❌ Track you across websites
❌ Share data without consent
❌ Collect unnecessary information
❌ Keep data longer than needed

Your Rights 🔒¶

🔒 Access your data anytime
🔒 Download or delete it
🔒 Withdraw research consent
🔒 Opt out of analytics
🔒 Request corrections
🔒 File complaints

Additional Resources¶

Terms of Service - Conditions of use
Code of Conduct - Community guidelines
Research Ethics - Scientific standards

External Resources¶

GDPR Information - EU privacy law
CCPA Guide - California privacy rights
Open Science - Research transparency

Your privacy is fundamental. We're committed to protecting it while advancing open science and human flourishing.

Questions? Contact us anytime.

Version: 1.0
Effective Date: November 16, 2025
Last Updated: November 16, 2025
License: CC BY 4.0 (this policy itself)

← Back to Index | User Guide | FAQ