Skip to content

Security and Privacy

Can I trust FindingFive with my research data?

Yes you can!

FindingFive follows strict security and privacy practices to keep your research data safe. Your data are redundantly stored, encrypted where appropriate, and regularly backed up to prevent loss.

As a nonprofit for behavioral research, we don’t make money by selling data to third parties. We hold ourselves to the highest standards to protect user privacy and comply with all relevant laws and regulations.

How secure is data collection on FindingFive?

All data transmission on FindingFive is encrypted using HTTPS, also known as HTTP over SSL. This ensures that participant responses and other data are securely transmitted over the Internet using state-of-the-art encryption methods, minimizing any risk of data leaks.

Where are participant data stored?

When it comes to data storage, FindingFive separates participant data into two categories: profile data, and experiment data (i.e., participant data collected in an experiment).

Profile data are stored with our cloud provider MongoDB Atlas. For participant profiles created on our EU servers, their data are stored in a Frankfurt-based (Germany) data center offered by MongoDB Atlas. For participant profiles created on our US servers, their data are stored in a Virginia-based data center (US) offered by MongoDB Atlas.

Experiment data are stored with our cloud provider Cloudflare (specifically, their R2 service). Such data are generally de-identified in the sense that they are stored without any direct link to the participant profile data. For EU researchers, we enforce Cloudflare storage options to ensure experiment data are strictly stored within EU jurisdictions. For all other researchers, such data are stored in Cloudflare's US-based data centers.

Are experiment data stored in an encrypted form?

That depends.

By default, participant data are encrypted while being transmitted but are stored as plain text once they reach our servers. However, researchers can enable encryption at rest, meaning the data stay encrypted even when stored. If your study collects sensitive personally identifiable data, be sure to check whether encryption at rest is required under your local laws.

Can FindingFive access my experiments?

Yes, but only in limited ways.

If you add a FindingFive staff member as a collaborator, we can access your experiment just like you can. Our data team also has access to the database, so they can view experimental data as raw records when needed. In either case, we won’t modify your data without your permission, and we don’t share your data with anyone outside FindingFive.

Can other researchers see my experiments?

Nope!

Other researchers can’t access your experiments unless you explicitly add them as collaborators.

What data does FindingFive collect, and will it ever be sold?

FindingFive collects usage data from all users—both participants and researchers—to help us improve the platform. You can find details on our Privacy Policy page.

One thing you don’t have to worry about: we never sell data to third parties for revenue. Your data stays private, always.