Privacy Policy

Last Updated: January 28, 2026

1. Introduction

PEBL Hub ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our online cognitive testing platform.

PEBL Hub is a research platform designed for researchers to collect cognitive testing data from participants. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union.

2. Information We Collect

2.1 Researcher Account Information

When you register as a researcher, we collect:

• Account Information: Username, full name, email address, password (encrypted)
• Account Type: Free, Student, Instructor, or Researcher tier
• Institution Information: Optional affiliation and department
• Payment Information: For paid accounts, processed securely through Stripe (we do not store credit card numbers)

2.2 Participant Data

When participants complete cognitive tests through PEBL Hub, we collect:

• Participant IDs: Pseudonymized identifiers provided by researchers (not real names)
• Test Performance Data: Cognitive test results, response times, accuracy scores
• Session Metadata: Browser fingerprint (for duplicate detection), timestamps, test completion status
• Technical Data: Browser type, screen resolution (for test compatibility only)

Important: We do not collect participants' real names, email addresses, or other personally identifiable information unless the researcher explicitly chooses to include this in their participant ID scheme. Participants remain pseudonymous to PEBL Hub.

2.3 Automatically Collected Information

• Log Data: IP addresses, access times, pages visited (retained for 30 days for security purposes)
• Usage Analytics: Aggregate statistics about platform usage (number of studies, tests administered, etc.)
• Cookies: Session cookies for authentication and preference storage

3. How We Use Your Information

3.1 Researcher Accounts

• Provide access to the PEBL Hub platform and its features
• Manage your account, billing, and subscription
• Send account-related notifications (password resets, billing updates, system announcements)
• Provide technical support and respond to inquiries
• Improve our services and develop new features
• Enforce our Terms of Service and prevent fraud

3.2 Participant Data

• Store test results for researchers to download and analyze
• Detect duplicate participants using browser fingerprinting
• Generate aggregate statistics for researchers (e.g., completion rates)

We do not:

• Use participant data for our own research purposes
• Sell or share participant data with third parties
• Use participant data for advertising or marketing
• Attempt to re-identify pseudonymized participants

4. Data Sharing and Disclosure

4.1 Researchers Only

Participant test data is only accessible to the researcher who created the study. We do not share participant data with other researchers, administrators, or third parties.

4.2 Service Providers

We share information with trusted third-party service providers who assist in operating our platform:

• Hosting Provider: Linode/Akamai (server infrastructure in US-East datacenter)
• Payment Processor: Stripe (for paid subscriptions - governed by Stripe's Privacy Policy)
• Email Service: Hover SMTP (for transactional emails only)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.3 Legal Compliance

We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Respond to emergency situations

5. Data Storage and Security

5.1 Storage Location

All data is stored on secure servers located in the United States (Linode US-East datacenter, Newark, NJ).

5.2 Security Measures

• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS 1.3
• Password Protection: Passwords are hashed using industry-standard bcrypt encryption
• Access Controls: Researchers can only access their own studies and data
• Database Security: SQLite databases are not web-accessible and have restricted file permissions
• Firewalls: Server-level firewalls restrict unauthorized access
• Regular Backups: Daily encrypted backups with 30-day retention
• Security Updates: Regular updates to server software and security patches

5.3 Data Breach Notification

In the unlikely event of a data breach affecting your information, we will notify you via email within 72 hours of becoming aware of the breach, as required by GDPR.

6. Data Retention

6.1 Researcher Accounts

• Active Accounts: Retained as long as your account is active
• Inactive Accounts: Account data retained indefinitely unless you request deletion
• Deleted Accounts: Permanently deleted within 30 days of deletion request

6.2 Participant Data

• Active Studies: Retained until the researcher deletes the study
• Researcher Responsibility: Researchers are responsible for complying with their own data retention requirements and deleting studies when no longer needed
• Account Deletion: All participant data is deleted when a researcher account is deleted

6.3 Backup Retention

• Daily backups retained for 30 days, then automatically deleted
• Deleted data may persist in backups for up to 30 days

7. Your Rights (GDPR)

If you are in the European Union, you have the following rights under GDPR:

7.1 Right to Access

You can request a copy of all personal data we hold about you. Log in to your account to download your data, or contact us for assistance.

7.2 Right to Rectification

You can update your account information at any time through your account settings.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and all associated data. Contact us or use the account deletion feature in your settings.

7.4 Right to Restrict Processing

You can request that we limit how we use your data. Contact us to discuss your specific needs.

7.5 Right to Data Portability

You can download your data in machine-readable CSV format from your account dashboard.

7.6 Right to Object

You can object to our processing of your data for specific purposes. Contact us to discuss.

7.7 Right to Withdraw Consent

You can withdraw consent for data processing at any time by deleting your account.

7.8 Right to Lodge a Complaint

You have the right to file a complaint with your national data protection authority if you believe we have violated GDPR.

8. Cookies and Tracking

8.1 Essential Cookies

We use session cookies to:

• Keep you logged in while using the platform
• Remember your preferences (language, settings)
• Prevent cross-site request forgery (CSRF) attacks

These cookies are essential for the platform to function and cannot be disabled.

8.2 Analytics Cookies

We do not currently use third-party analytics services (Google Analytics, etc.). We only collect aggregate usage statistics from our own server logs.

8.3 Browser Fingerprinting

For participant testing only, we create a non-identifying browser fingerprint (based on browser type, screen size, timezone) to detect duplicate test submissions. This fingerprint cannot identify individuals and is only used for fraud prevention.

9. Third-Party Links

PEBL Hub may contain links to third-party websites (e.g., institutional review board resources, documentation). We are not responsible for the privacy practices of these external sites. Please review their privacy policies separately.

10. Children's Privacy

PEBL Hub is designed for research purposes. While participants may include minors, researchers are responsible for obtaining appropriate consent (parental/guardian consent for minors) as required by their institutional review board (IRB).

We do not knowingly collect personal information from children without proper research ethics approval and consent.

11. International Data Transfers

11.1 Server Location

Your data is stored on servers located in the United States (Linode US-East datacenter, Newark, NJ). By using our service, you consent to this transfer.

11.2 GDPR Compliance

For EU users, we implement appropriate safeguards for international data transfers including:

• Encryption in transit and at rest (HTTPS/TLS 1.3)
• Strict access controls (researchers can only access their own data)
• Data processing agreements with service providers
• Your GDPR rights (see Section 7) remain fully enforceable
• Data breach notification within 72 hours
• Right to lodge complaints with your data protection authority

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending email notification for significant changes

Your continued use of PEBL Hub after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: pebl@peblhub.online
Website: peblhub.online
Data Controller: PEBL Hub

Data Protection Officer (DPO)

For GDPR-related inquiries, you can contact our Data Protection Officer at: pebl@peblhub.online

14. Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on the following legal grounds:

14.1 Consent

You consent to data processing by creating an account and using our services.

14.2 Contractual Necessity

Processing is necessary to provide the services you've subscribed to (account management, data storage, test administration).

14.3 Legitimate Interests

We have legitimate interests in:

• Preventing fraud and ensuring platform security
• Improving our services based on usage patterns
• Communicating important service updates

14.4 Legal Obligations

We may process data to comply with legal requirements (e.g., tax records, law enforcement requests).

---

Summary

Back to Home Terms of Service