Data protection & participant privacy

Last reviewed: July 13, 2026

ThisStudy is a survey platform for academic research. This page describes, in plain terms, what happens to the data participants provide — so researchers can describe it accurately in consent forms, and participants can check it for themselves. It is a factual description of how the platform works, not a legal document.

What is collected automatically

When someone takes a survey, the platform records:

The platform does not collect names, email addresses, location, or anything else from participants' devices. Participants never create accounts. Survey pages contain no analytics, advertising, or third-party tracking scripts.

Cookies

Survey pages set one cookie: a session cookie containing only a random identifier, used to keep a participant's place in the survey and to protect against request forgery. It is HTTPS-only, inaccessible to page scripts, and expires after one hour of inactivity. There are no third-party cookies.

Where data lives and how it moves

All traffic between participants and the platform is encrypted in transit (HTTPS, with HSTS enforced). Responses are stored in a PostgreSQL database hosted by Render, a cloud provider that encrypts data at rest and is SOC 2 Type II certified; Render's own security practices are documented on its Security and Trust page. Within that encrypted database, responses are stored in readable form — the platform does not add a second layer of application-level encryption. In practical terms: data is protected from interception and from unauthorized access, but someone with legitimate database access (see below) can read responses, as on virtually every survey platform.

Who can see responses

Only the researcher who created the study, and any collaborators that researcher has explicitly shared it with. Platform administrators can gain access to a study only through a time-limited grant that is recorded in an audit log, used for support and moderation. Data is never sold, shared with third parties, or used for any purpose other than running the study.

Deletion

Deletion is real and immediate. A researcher can permanently delete a single participant's data, all participants' data, or an entire study; the deletion removes all associated answers and timing data from the database at once — there is no soft-delete or retention copy kept by the platform. Render retains short-term database backups for disaster recovery for 3–7 days, after which deleted data is gone from backups as well.

If a study asks for identifying information

Researchers may choose to ask participants for identifying information (a name, an email address, a participant ID from a recruitment platform). The platform treats those answers like any other response: encrypted in transit, stored in the provider-encrypted database, visible only to the study's researchers, and permanently deletable. But no internet-based system can guarantee absolute security, and this page makes no such guarantee. If your study collects identifying information, describe the data as confidential, not anonymous.

For researchers: consent-form language

Sentences you can adapt, consistent with how the platform actually works:

For studies collecting no identifying information:

"Responses are collected anonymously through ThisStudy, a survey platform that does not record names, email addresses, or IP addresses (IP addresses are irreversibly hashed for duplicate detection only)."

For studies collecting identifying information:

"Your responses will be kept confidential. Data are transmitted over an encrypted connection and stored in an encrypted, access-controlled database, accessible only to the research team. As with any internet-based data collection, absolute security cannot be guaranteed."

Platform details: thisstudy.com/privacy