Privacy Policy

Introduction

Welcome to Evalora. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our psychological research platform.

What Information We Collect

1. Information You Provide Directly

• Google Account Information: Email address, name, and profile picture (via Google OAuth)
• Study Year: Your academic level (optional, collected during onboarding)
• Research Studies: Study names, research goals, questions, hypotheses, and instrument selections
• Payment Information: Processed securely through PayPal (we never store your payment details)

2. Information Automatically Collected

• Usage Data: Login timestamps, features accessed, and general platform usage
• Device Information: Browser type, operating system, IP address (for security)
• Google Drive Metadata: References to files and folders created in your Google Drive

3. What We DO NOT Collect

How We Use Your Information

• Account Management: To create and manage your Evalora account
• Service Delivery: To provide research creation, data collection, and analysis features
• Google Drive Integration: To create and manage encrypted folders and files in your Drive
• Communication: To send important updates, notifications, and support responses
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Improvement: To analyze usage patterns and improve our platform (anonymized data only)
• Compliance: To comply with legal obligations and enforce our Terms of Service

Data Storage & Security

Where Your Data Lives

• Our Servers: Account information, study metadata, subscription status (encrypted)
• Your Google Drive: All participant responses, research data, and study files (encrypted)
• Google's Infrastructure: OAuth tokens and Drive API access (industry-standard security)

Security Measures

• Encryption: All sensitive data encrypted with AES-256-CBC before storage
• OAuth 2.0: Secure authentication via Google (no passwords stored by us)
• HTTPS: All data transmission secured with SSL/TLS certificates
• Access Controls: Hidden Drive folders accessible only via Evalora's authenticated API
• Regular Audits: Ongoing security reviews and updates

Google Drive Integration

Evalora uses Google Drive to store your research data securely. Here's how we use Google APIs:

Scopes We Request

• drive.file: Access only to files created by Evalora (not your entire Drive)
• drive.appdata: Store hidden configuration files
• spreadsheets: Create and read Google Sheets for participant responses
• script.projects: Deploy Apps Script for automatic data processing
• userinfo.email & userinfo.profile: Basic account information for authentication

What We Create in Your Drive

• A hidden folder named .evalora_data (not visible in normal Drive view)
• Encrypted metadata files (study configurations)
• Google Sheets for each research study
• Apps Script projects for data collection

You can revoke access anytime by visiting Google Account Permissions.

Data Sharing & Third Parties

We May Share Data With:

• Google (Infrastructure): For authentication and Drive storage (per your consent)
• PayPal (Payments): For subscription processing (only necessary transaction data)
• Email Providers: For sending notifications (via SMTP)
• Legal Authorities: If required by law or to protect rights and safety

We DO NOT Share:

• Participant research responses (we don't have access to them)
• Your personal information with advertisers
• Any data for profiling or targeted advertising

Your Rights & Choices

You Have the Right To:

• Access: Request a copy of all data we have about you
• Correction: Update or correct your personal information
• Deletion: Request deletion of your account and associated data
• Export: Download all your research data at any time
• Revoke Access: Remove Evalora's access to your Google Drive
• Opt-Out: Unsubscribe from marketing emails (service emails still sent)
• Data Portability: Export data in standard formats (CSV, JSON, etc.)

How to Exercise Your Rights:

Contact us at privacy@evalora.org with your request. We will respond within 30 days.

Cookies & Tracking

We use minimal cookies and tracking technologies:

Essential Cookies

• Session Cookie (EVALORA_SESSION): Required for authentication and security
• Duration: Until you log out or browser closes
• Purpose: Maintain your logged-in state

We DO NOT Use:

• Third-party advertising cookies
• Cross-site tracking
• Behavioral profiling cookies
• Social media tracking pixels

Children's Privacy

Evalora is intended for use by researchers and students in higher education (typically 18+ years old). We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately at privacy@evalora.org.

International Data Transfers

Evalora operates globally using Google's infrastructure. Your data may be processed in countries outside your residence. We ensure adequate safeguards are in place through:

• Google's global infrastructure and security standards
• Standard contractual clauses (SCCs) where applicable
• Compliance with GDPR, CCPA, and other privacy regulations

Changes to This Policy

We may update this Privacy Policy periodically. When we make significant changes, we will:

• Update the "Last Updated" date at the top
• Notify you via email (for material changes)
• Display a notice on the platform

Continued use of Evalora after changes constitutes acceptance of the updated policy.