1. Help Center
  2. Legal and Security

Labfront Privacy Policy

Effective August 5, 2022

This Kiipo Co. Privacy Policy (“Privacy Policy”) describes the privacy and data collection practices of Kiipo Co. (d/b/a/ Labfront) and our subsidiaries and affiliates (collectively, “Labfront,” “we,” “us,” or “our”) in connection with our websites, including not limited to https://kiipo.com, https://labfront.com and https://physioq.org, and any other website (“Sites”) or mobile applications (“App”) that we own or control and which posts or links to this Privacy Policy (collectively, the “Service”) and the rights and choices available to individuals with respect to their information. 

We provide important information for individuals located in the European Union, European Economic Area, and United Kingdom (collectively, “Europe” or “European”) below.


Table Of Contents 

 

Personal Information We Collect

  • Information you provide to us.  Personal information you provide to us through the Service or otherwise. With respect to researchers who use our Service (each, a “Researcher”), this includes
  • Business and personal contact information, such as your first and last name, email and mailing addresses, phone number, professional title and company name.
  • Content you choose to upload to the Service, such as text, images, audio, and video, along with the metadata associated with the files you upload.
  • Registration information, such as information that may be related to a service, an account or an event you register for.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Demographic Information, such as your city, state, country of residence, postal code, and age.
  • Precise geolocation information, such as when you authorize our mobile application to access your location.
  • Transaction information, such as information about payments to and from you and other details of products or services you have purchased from us.
  • Usage information, such as information about how you use the Service and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Service.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

With respect to participants who participate in studies, experiment and projects (collectively, “Experiments”) hosted, sponsored or conducted by Researchers (each, a “Participant”), this includes
  • Content you choose to upload to the Service, such as text, images, audio, and video, along with the metadata associated with the files you upload.
  • Experiment Data, such as information collected from you during your participation in an Experiment, including your data collected through a wearable device (e.g. physiological data such as heart rate, activity, sleep quality, etc.), demographic data, performance data, and responses to Experiment questions.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Usage information, such as information about how you use the Service and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Service.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Cookies and Other Information Collected by Automated Means  

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.  Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications. 

On our webpages, this information is collected using cookies and similar technologies, and our emails may also contain web beacons. A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites. Web browsers may offer users of our websites or mobile apps the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.


We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Service and third party websites. Most browsers let you remove or reject cookies.  To do this, follow the instructions in your browser settings.  Many browsers accept cookies by default until you change your settings.  Please note that if you set your browser to disable cookies, the Sites may not work properly.  Similarly, your browser settings may allow you to clear your browser web storage. 


How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:


To operate the Service. 
We use your personal information to:

  • provide, operate and improve the Service, including by using data to train our machine learning models
  • provide information about our products and services
  • establish and maintain your user profile on the Service
  • enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in
  • communicate with you about the Service, including by sending you announcements, updates, security alerts, and support and administrative messages
  • communicate with Researchers about events or and seminars in which they participate or have enrolled in
  • understand your needs and interests, and personalize your experience with the Service and our communications
  • provide support and maintenance for the Service
  • respond to your requests, questions and feedback

For research and development.  We analyze use of the Service to analyze and improve the Service and to develop new products and services. We also use data to train and improve our machine learning models. 


To send you marketing and promotional communications. 
We may send you Labfront-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Your Choices section below. 


To comply with law.
We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.


For compliance, fraud prevention, and safety. 
We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.


With your consent. 
In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.  


To create anonymous, aggregated or de-identified data. 
We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect.  We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you.  We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.  


How We Share your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as described in this Privacy Policy:


Affiliates. 
We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.


Service providers.
  We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as hosting, analytics, email delivery, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and they are prohibited from using or disclosing your information for any other purpose.


Researchers.
If you are a Participant, we may share your personal information with Researchers who have procured your access to our Services on your behalf, or enable such Researchers to collect information directly via our Service. 


Professional advisors.
We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.


For compliance, fraud prevention and safety.
We may share your personal information for the compliance, fraud prevention and safety purposes described above.  


Business transfers.
  We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. 


Your Choices
 

In this section, we describe the rights and choices available to all users. Users who are located within the European Union can find additional information about their rights below.


Access or Update Your Information.
If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account.


Cookies & Browser Web Storage. 
We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Service and third-party websites. 


Privacy settings and location data.
Users of our mobile application also have the choice whether to allow us to access your precise location data. Your device settings may provide the ability for you to revoke our ability to access location data.


Do Not Track. 
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit.  We currently do not respond to “Do Not Track” or similar signals.  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.


Choosing not to share your personal information.
Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services.  We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.


Other sites, mobile applications and services

The Service may contain links to other websites, mobile applications, and other online services operated by third parties.  These links are not an endorsement of, or representation that we are affiliated with, any third party.  In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions.  Other websites and services follow different rules regarding the collection, use and sharing of your personal information.  We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.


Security practices

We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect.  However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. 


International data transfers

We are headquartered in the United States and Taiwan and have service providers in multiple countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.  


European Union users should read the important information provided below about transfer of personal information outside of the European Union. 


Children  

As a general rule, children are not allowed to use the Service, and we do not collect personal information from them. We define “children” as follows:

  • Residents outside of Europe: anyone under 13 years old; and
  • Residents of Europe: anyone under 16 years old, or the age needed to consent to the processing of personal information in your country of residence.

If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it.  We encourage parents with concerns to contact us.


Changes to this Privacy Policy 

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Service.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Service after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.


How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to support@labfront.com. You may also write to us via postal mail at:

Kiipo, Co.

Attn: Legal – Privacy

40 Spring Ln, Sharon, MA, 02067, USA 

 


 

Labfront Data Privacy Framework Statement

Updated: July 2, 2024

1. Introduction

Labfront complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Labfront has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Labfront has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit the Data Privacy Framework website.

2. Scope

This Data Privacy Framework Statement applies to all personal data received by Labfront in the United States from the European Union, the United Kingdom (and Gibraltar), and Switzerland, in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. This includes personal data collected through our websites, mobile applications, and services related to research projects, data collection, and user communications. The Statement supplements our Privacy Policy.

3. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • Data Subject: An individual who is the subject of personal data.

4. Processing of Personal Data

As outlined in our Privacy Policy, Labfront’s services enable researchers to collect, aggregate, and analyze data from participants using various devices and platforms. We gather certain information directly from researchers, including details necessary to create and manage their accounts, such as email addresses, names, and organizational affiliations if applicable. With participants’ consent, Labfront also receives personal data directly from their devices, such as physiological metrics (e.g., heart rate, activity levels, sleep patterns, and other biometric data). This personal data, along with analytical tools provided by Labfront, is made accessible to researchers through our services. For a comprehensive overview of the personal data processed by Labfront and the third parties with whom it may be shared, please refer to our main Privacy Policy.

5. Privacy Principles

A detailed description of the Privacy Framework Principles can be found on the website of the US Department of Commerce.

6. Notice

Labfront ensures that individuals are informed about the purposes for which we collect and use personal data, the categories or identities of third parties who act as controllers or agents and to whom Labfront may disclose personal data, and the purposes for such disclosures. Additionally, we explain the options and methods available to individuals for restricting the use and sharing of their personal data, as well as their rights to access this data. This information is provided to researchers at the time they are first requested to submit personal data to Labfront, or as soon as feasible thereafter. While Labfront does not have a direct relationship with participants, researchers are required to share Labfront’s Terms of Use and Privacy Policy with participants before transferring their personal data to Labfront’s services.

7. Choice

As outlined in our Privacy Policy, the personal data of Labfront users and participants is treated with strict confidentiality and is not shared or sold to third parties except as necessary to provide Labfront’s services. If it becomes necessary to share personal data beyond our standard services, we will offer individuals the opportunity to choose (opt-out) whether their personal data is to be (a) disclosed to a third party acting as a controller, or (b) used for a purpose that is materially different from the purpose for which it was originally collected or subsequently authorized by the individual. For sensitive data, Labfront will obtain explicit consent (opt-in) from individuals before sharing the data with third parties or using it for purposes other than those for which it was originally collected or subsequently authorized. Researchers are responsible for ensuring participants are informed about and consent to any potential future uses of their personal data at the beginning of their respective projects.

8. Accountability for Onward Transfer

Labfront complies with the Data Privacy Framework Principles for all onward transfers of personal data from the EU, UK, and Switzerland. This means that we ensure any third parties to whom we transfer personal data are obligated to provide at least the same level of privacy protection as required by these principles. Labfront requires third-party service providers to sign data processing agreements that stipulate their obligations to protect personal data and to only process it for specified purposes. We conduct due diligence on our third-party data processors to verify their compliance with these standards. In the event that a third party fails to uphold their data protection obligations, Labfront will take appropriate steps to remedy the situation, including potentially terminating the relationship. Additionally, Labfront can provide a Data Processing Agreement (DPA) for specific customers upon request to further ensure compliance with data protection requirements. Our commitment to these principles ensures that personal data is handled responsibly and securely throughout its lifecycle, even when transferred to third parties.

9. Security

At Labfront, safeguarding your personal data is our top priority. We implement and uphold a comprehensive set of technological and organizational measures designed to protect your personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Our security measures include, but are not limited to:

  • Encryption: We use industry-standard encryption protocols to protect data in transit and at rest.
  • Access Controls: Strict access controls are in place to ensure that only authorized personnel have access to sensitive data.
  • Regular Audits: We conduct regular security audits and assessments to identify and mitigate potential vulnerabilities.
  • Incident Response: We have established protocols for responding to data breaches and other security incidents to minimize impact and restore security swiftly.

For more detailed information on our security practices, please visit our Security Practices page.

10. Data Integrity and Purpose Limitation

We process personal data in a way that is consistent with the purposes for which it was collected or subsequently authorized by the individual. We take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current. For more detailed information, please refer to our Privacy Policy.

11. Access

Labfront grants individuals the ability to access their personal data held by us upon request. We are committed to enabling individuals to correct, update, or delete their personal data that is proven to be incorrect, incomplete, or processed in violation of the Data Privacy Framework Principles. In some cases, Labfront may limit access if the burden or cost of providing access is disproportionate to the privacy risk to the individual or if it would compromise the rights of others. Additionally, to maintain the integrity of ongoing research, there may be situations where access to certain personal data is restricted. For further details on accessing your personal data and our related procedures, please visit our Privacy Policy.

12. Recourse, Enforcement, and Liability

Labfront is committed to ensuring compliance with the Data Privacy Framework Principles through established mechanisms for addressing and resolving complaints and verifying our adherence to privacy commitments. If individuals from the European Union, United Kingdom, or Switzerland have inquiries or complaints regarding our DPF policy, they should first contact Labfront at support@labfront.com. Labfront has further committed to refer unresolved complaints to an independent dispute resolution mechanism provided by JAMS. If you do not receive a timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, you can submit your complaint to JAMS for resolution. For more information and to file a complaint, please visit the JAMS DPF Dispute Resolution website. Under certain conditions, as described on the DPF website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. These mechanisms ensure that individuals' rights are protected and that Labfront remains accountable for its data protection practices. Labfront also conducts periodic internal and third-party reviews to verify our compliance with the DPF principles. Additionally, we provide regular training and awareness programs for our employees to ensure they understand and comply with our data protection obligations.

13. Contact Information

For any questions or concerns regarding this Data Privacy Framework Statement, please contact us at:

Kiipo, Co. 

Attn: Legal – Privacy 

40 Spring Ln, Sharon, MA, 02067, USA 

Email: support@labfront.com 

 

📝 Completing an IRB application?

You can our supporting documentation here