Privacy and Confidentiality

The use of the PIEL Survey app for research and therapeutic purposes has been approved by many institutions in the U.S, Europe and the Asia-Pacific region. The following information is to assist users in providing appropriate information to their institutions and ensuring compliance to any regulatory requirements.

In this summary, we use the term 'Researcher' for the person who is primarily responsible for conducting the survey project. We recognise that this person may in fact be a therapist but the term 'Researcher' is used for convenience. A 'Participant' is the research subject or patient, the person who responds to the surveys. Institutions will have a process for approval of research or therapeutic projects. This will often include an Institutional Review Board (IRB) or Ethics Committee. We will use the term 'IRB' to refer to these approval processes.

The requirements of IRBs will differ based on the sensitivity of the data collected, whether the subject is identifiable, the effectiveness of informed consent and whether there is potential harm to the subject. Furthermore, there is often a layer of government legislation and regulation which may need to be followed. This will differ in each country.

Please contact us if you need further information.

Data Collected

The Researcher fully controls the type of data collected by the PIEL Survey app by providing survey metadata and survey questions in a Control File. The one exception is timestamp data (see below). The Control File is provided to Participants using email, file sharing or through a web link.

We can provide the following assurances.

  1. The metadata collected and saved in the data file are; Survey Name, Survey Author, Survey Version and Subject ID. These are all set by the Researcher and are optional. All of them, apart from Subject ID, can be omitted without impacting the function of the app.
  2. If the Researcher does not provide a Subject ID in the Control File, the PIEL Survey app will ask the user for a Subject ID. This functionality is designed for a situation where a user conducts surveys with multiple people on the same device. Generally, for Ecological Momentary Assessment (or Experience Sampling Method) style studies, we expect that the Researcher will provide an ID.
  3. The only data that the PIEL Survey app collects apart from that required in the Control File are timestamps (time and date data). The Data File will include a timestamp for the beginning and ending of each survey and the time that each question is answered.
  4. Some applications gather other data from the device such as geolocation, device information and contacts. The PIEL Survey collects no data from the device apart from the data specified in the Control File and timestamps. More specifically, no data is collected from the device that may have a link to the specific device or user.

Data Storage

Many questions relating to storage of data (such as location of the database, security and encryption) do not apply to the PIEL Survey app since the data management of the PIEL Survey app is based on a direct transaction between Participant and Researcher.

  1. The PIEL Survey app does not use a remote server or database. In fact, the app can be used without an internet connection unless Researchers and Participants decide to use the email function.
  2. All data is stored on the Participant's device in one or more Data Files until sent by email or transferred by file sharing.
  3. All data can be deleted by the Participant at any time, using commands within the app or by deleting the app from the device.
  4. The user interface makes it clear when there is data stored on the device. The 'action arrow' is enabled and the user can choose to email or delete the data.

Data Transmission

A key feature of the PIEL Survey app is that the Participant has complete control over when and if data is transmitted or transferred.

  1. No data is transmitted or transferred from the device unless the Participant emails it or connects the device to a computer for file-sharing. In both cases, the active cooperation of the Participant will be required. The PIEL Survey app does not upload or backup of data to a remote server or to a cloud service.
  2. The Data File is encrypted by the operating system and can only be exported once the device is unlocked.
  3. If the Participant chooses to email the Data File, the device's email application is opened and a draft email is shown with the Data File attached. The Participant can then cancel the email, send the email or modify the email. In the latter case, the participant can change the recipient, remove the data file or add content to the email.
  4. In the less common case where file sharing is used, only the person who has access to the device and knows the password can access the Data File.
  5. Once the device password is entered and the Data File is exported, the Data File is no longer encrypted. However, this file has limited information. It does not contain the text of the questions; they are identified only by question number. With one exception, the answers are saved as one or more numbers which correspond to the answer options as set in the Control File. The exception is 'text' questions. The answers to 'text' questions will be saved as text. Thus the data for all questions other than 'text' questions is unintelligible without the Control File. The participant identification should also be chosen to be unidentifiable. Is should be noted that the Control File is not transmitted or transferred from the device at any time (in fact it is deleted once imported).
  6. If encryption during sending of the Data File is required, the email account on the device should be setup to use SSL/TLS security using setting from the email provider. This is usually the default setting of email software.

Data Disclosure

There are many ethical and regulatory questions relating to disclosure of data. Since the PIEL Survey does not provide a web or other interface to the data, these requirements are the responsibility of the Researcher. The Data File is provided directly to the Researcher by email or file sharing. It is a transaction between the Participant and Researcher. Access to the data after that point is controlled by the Researcher.

Further Protection

The Researcher can consider the following protections as another layer of security.

  1. The Participant's ID should be an unidentifiable ID, not their name. Even the name of the project and Researcher can be an unidentifiable ID if you wish, or even omitted altogether.
  2. The Control File and the Data File should be stored in secure locations. The Data File will often not make much sense without the Control File. You may consider storing them in separate locations.
  3. The device should be password protected with a strong password.
  4. Participants can choose to use encrypted email (SSL or TLS) to send the Data File.
  5. The Researcher should take care that the email server is secure and that they take appropriate precautions with the data once received from the Participant. Universities usually have strong protections in place for their email servers and Researchers should confirm this.
  6. If you have any concerns about email transmission or your email server security, a secure method of obtaining the Data File is file transfer by directly connecting the Participant's device to the Researcher's computer.


The PIEL App is provided as a free service to the research community. We can provide the following assurances.

  1. There is no marketing material or request for donations within the PIEL Survey app.
  2. The PIEL Survey receives no sponsorship from commercial entities in exchange for advertising or data.
  3. The PIEL Survey does not have access to any personal details of users unless they initiate contact (for example using the contact form on the PIEL Survey website).
  4. No third party (apart from the Researcher and Participant) has access to the Control or Data Files through the PIEL Survey app or website.

General Data Protection Regulation (GDPR)

The GDPR is a regulation of the European Union and European Economic area covering data protection and privacy. The underlying principle is that individuals should have control over their personal data and be protected from unauthorised use of their personal data.

The PIEL Survey meets the requirements of GDPR. In fact, the design features of the PIEL Survey are ideally suited to data privacy and protection and the protections provided by GDPR.

  1. The PIEL Survey app gives participants full control over their data.
  2. The data is encrypted and stored on the Participant's device. Specifically, there is no external data server.
  3. No data is transmitted automatically or in the background.
  4. When the data is transmitted by the actions of the Participant, the data is no longer encrypted but the participant controls the process, the content and the recipient.
  5. Data is only processed by the Participant using the PIEL Survey app on their device or the Researcher.
  6. No data is sent to Blue Jay Ventures or any third party.
  7. The Participant can delete their data at any time, either from within the PIEL Survey or by deleting the application from their device.

The main issues relating to GDPR will relate to how Researchers receive and process the data received from participants, not the PIEL Survey itself.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The US Congress incorporated a number of provisions into The Health Insurance Portability and Accountability Act of 1996 (HIPAA) that mandate the adoption of Federal privacy protections by certain entities. These protections cover the privacy and security of Protected Health Information (PHI). PHI is any individually identifiable health information held by a covered entity that concerns health status, provision of health care. They concern how data is stored, used, disclosed and transmitted.

We recommend that Researchers refer to this useful summary provided by the U.S. Department of Human & Health Services. The information provided above should aid Researchers in determining the requirements that apply to their project and whether they meet those requirements. However, we make the following observations.

  1. The PIEL Survey app does not add any personally identifiable information. If the Researcher does not provide identifiable information in the Control File nor ask questions which result in identifiable information, the Data File will not contain PHI.
  2. The only data storage by the PIEL Survey is on the Participant's device. There are several layers of protection for the Participant as described in the above sections.
  3. There is no transmission of data without specific actions of the Participant.
  4. More specifically, patient initiated communication such as email is permitted.
    "Patients may initiate communications with a provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. If the provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications." U.S. Department of Health & Human Services

Revised: 19 May 2020