1. Help Center
  2. Legal and Security

Privacy and Security FAQs

Frequently asked questions about privacy and security

Who owns the physiological data collected from participants?

You own your data and we do not access it. Our privacy and security policies are very strict (including not accessing your project data), these standard policies are usually enough to support grant applications, but we can provide additional guidance or information if needed.


Can you provide more information about your privacy and security policies?

You may refer to our security and privacy policies which are available below:

1. Labfront Privacy Policy

2. Labfront Terms of Service

3. Security Statement

To give further confidence to our strict policies, we have successfully supported IRB applications with Labfront as part of the study.  In fact, we've passed all IRBs since we've been active 🙌🏻.  You can find our IRB support documentation here.

Furthermore, Labfront intentionally does not have access to your project’s data or ask participants for their personal information.  Instead, we use a unique invite code to connect participants to the platform and your project.


My institution uses HECVAT (The Higher Education Community Vendor Assessment Tool). Do you have this documentation available?

Yes, we have completed the HECVAT form that many higher institutions use. You can contact us at support@labfront.com to request the documentation.


My institution has requested Labfront's EULA (End User License Agreement), what do I provide?

Since the Labfront service include a variety of applications (eg. mobile App, web dashboard), we provide all-encompassing Terms of Service instead of a simple EULA. If your institution asks for a EULA, you can link them directly to Labfront's Terms of Service.


How long is the data going to be saved on the Labfront server?
We typically save research data for 3 years after study completion, following the write-up of the results. For relevant studies, Labfront will also be compliant with the NIH Data Management and Sharing (DMS) Policy, effective January 25, 2023. We also provide the ability to delete all data if requested by the researcher.
My institution has requested a Data Use Agreement (DUA), what do I provide?
Typically most institutions don't use DUAs with Labfront since everything is automatically covered in our Terms of Service and Data Privacy Policies (Labfront Terms of ServiceLabfront Privacy PolicySecurity Statement).
However, if it is a specific requirement for your institution, you can contact support@labfront.com for a DUA template.
Do you offer any privacy and security information for IRBs?
Yes, we sure do. You can find our supporting documentation for IRB in this article