Prolific's privacy notices
Prolific's full privacy notices can be found and downloaded from here. This Help Centre article is a summary only.
Prolific empowers great research. 🚀 We enable fast, reliable, and high quality data collection by connecting diverse people around the world. Our mission is to make trustworthy data more accessible in order to help improve human knowledge and decision-making.
Prolific is committed to safeguarding the privacy of our website visitors, service users, and other individuals with whom we deal. As part of this commitment, we've ensured that we provide full privacy notices meeting the high standards of the European and UK data protection law (the General Data Protection Regulation (GDPR), which was transposed into UK law as the UK GDPR). This summary gives you an overview, but you should read those notices (and the explanatory content linked in those notices) for fuller information.
Please feel free to contact us using the button at the bottom of this page if you have any questions.
Below we will summarise the key points about how Prolific treats your data.
All users of Prolific
The GDPR provides certain rights for individuals in relation to their personal data, and you can exercise those rights by contacting us.
You can read guidance from the Information Commissioner’s Office at www.ico.org.uk for a fuller explanation of your rights.
When you use the site, it will store data on your device by two methods: web storage and cookies.
We may process the account data ("account data") you provide to us, which may include your name, email address, phone, and address, and we may also process any correspondence between you and us and associated contact details (“correspondence data”). The account data and correspondence data may be processed for the purposes of operating our website and business, providing our services, ensuring the security of our website and services, and communicating with you.
In some cases we use other companies and products as processors to handle your data, and some of the third parties to whom we may transfer your personal data may be located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully.
We won’t keep your data for longer than necessary.
We will not contact you for marketing purposes unless you have explicitly opted in to receiving marketing communications.
We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is ZA317731. Our data Protection Officer's contact details are: email@example.com
In addition to the information described above, we may handle records relating to your use of Prolific (like payment records) and also certain check information (we might need to verify your ID or run checks for anti money laundering purposes)
If you are a researcher, then it is your responsibility to ensure that you comply with your legal obligations as data controller in relation to any personal data you may receive, and in particular, to ensure that you have provided your own privacy notices to participants in studies you launch through the Prolific platform.
We will not identify participants to you, but will refer only to Prolific IDs which are a string of numbers and letters. You must not attempt to re-identify participants or ask them for any direct identifiers - more information can be found here: Can I ask participants for their personal information / identifiers?
In addition to the information described above, we may process your information included by you in your personal profile on our website ("profile data"). The profile data may include your gender, date of birth, relationship status, interests and hobbies, educational details, employment details, and other information depending on the "About You" questions you have chosen to answer. We process profile data for the purpose of demographic screening.
The profile data which we process may also include special categories of data. This data may include data about race, ethnic origin, politics, religion, health, sex life or sexual orientation. We process this data only with your consent. You can withdraw that consent and remove that data by deleting the relevant screening questions at any time.
We'll also handle personal data relating to your use of Prolific (like payment records and account details to pay rewards to you) and also certain check information (we might verify your ID).
We will not identify you to any researchers, but will only provide them with demographic, screener or performance data which will be associated with your Prolific ID and will not include direct identifiers like your name or address. This can still constitute personal data for the purposes of applicable law, and we require researchers to comply with that law.
If you are a participant and you agree to participate in any study posted by a researcher, then any personal data you disclose to the researcher (whether through Prolific or otherwise) will be used by that researcher as a data controller in its own right. We are not responsible for researchers, but we do prohibit them from asking for certain personal information like direct identifiers and require them to commit to complying with applicable law and with our user guidelines.
Studies are launched outside our platform, so when you participate in a researcher's study we won't see your study responses. Sometimes we run our own studies (e.g. for user research purposes) and then of course we will see your responses. It will be clear when a study is hosted by Prolific.
We’re currently trialling a short survey feature to allow researchers to ask a small number of questions through studies hosted on our platform. In the context of those short studies we will handle your responses, but only on the researchers’ behalf (so we won’t review them or use them for our own purposes). No special category data can be collected using this feature.
Prolific's security systems
Prolific's security systems protect participant data and confidentiality in the following ways:
- Prolific uses encrypted HTTPS connections, secured by Transport Layer Security (TLS).
- Participants are fully anonymized. They are assigned a unique participant ID (24 character alphanumeric).
- Prolific provides an anonymized internal messaging service, which allows participants to message researchers (and vice versa) with any concerns.
- Researchers cannot access participants’ identifiable information. Clear guidance is provided on what information researchers cannot request. See Can I ask participants for their person information / identifiers? for further guidance.
- User data is stored within secure Google Cloud Platform servers located in Belgium.
- Passwords are hashed using industry approved technologies. They are stored securely and can not be viewed by Prolific.
- We do not store any data provided within studies. These are carried out on external survey software/platforms.
- In accordance with GDPR requirements, participants are free to amend or remove their personal data at any time, and personal data is deleted within a reason period after account closure as well.