Privacy Policy

Last updated: February 1, 2026

1. Introduction

WE Research ("we" or "us" or "our") operates the weresearch.app website. This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

2. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected:

  • Personal Data: Email address, name, institution, age, gender
  • Special Category Data: Race/ethnicity, sexual orientation, mental health information (if provided for demographic purposes)
  • Usage Data: Browser type, IP address, pages visited, time and date of visits, time spent on pages
  • Cookies and Tracking: Session tokens, user preferences, analytical data

What We Do NOT Collect:

  • Study Data - all research data collection happens outside WE Research
  • Medical records or health diagnoses
  • Financial or payment information (handled separately via secure processors)

3. Use of Data

WE Research uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To match you with relevant research studies
  • To allow you to participate in interactive features when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical and security issues

4. Special Category Data (GDPR Schedule 1)

We collect sensitive data including race/ethnicity, sexual orientation, and mental health information.

Legal Basis for Processing:

We only process Special Category Data where:

  • You have given explicit, informed consent
  • Processing is necessary for compliance with employment law (if applicable)
  • Processing is necessary for the purposes of preventative or occupational health and safety

Your Rights:

  • You can withdraw consent at any time by contacting us
  • You can request deletion of Special Category Data
  • You have the same data subject rights as for other personal data

Security Measures:

Special Category Data is subject to enhanced security protections:

  • Encrypted storage and transmission
  • Limited access (only necessary personnel)
  • Regular security audits
  • Secure deletion protocols

5. Data Ownership & Recruitment Model

Your Platform Data (We Own)

The demographic profile data you provide is stored by WE Research and may be used to match you with future studies on the Platform. This includes:

  • Your profile information (age, gender, interests)
  • Your participation history
  • Your reward points and preferences

Study Data (Researcher/Institution Owns)

Important: WE Research is a recruitment platform only. All actual research data collection happens outside our system. The researcher or institution conducting each study owns any Study Data they collect. This data:

  • Is NOT stored on WE Research
  • Is governed by the study's own privacy notice and informed consent form
  • Is the responsibility of the researcher/institution
  • Is subject to their institution's data handling policies

Data Processing Relationship

For Platform Data: WE Research and your institution (if you are part of one) are Joint Controllers under GDPR.

6. Your Data Protection Rights (GDPR & UK DPA 2018)

You have the following rights regarding your Platform Data:

  • Right of Access: Obtain a copy of your Platform Data
  • Right of Rectification: Correct inaccurate data
  • Right of Erasure: Request deletion of your Platform Data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Opt out of certain processing (e.g., marketing uses)
  • Rights Related to Automated Decision-Making: Not applicable (we don't make automated decisions about you)

How to Exercise Your Rights:

Contact us at: support@werc.uk

Response time: We will respond to data subject access requests (SARs) within 30 days.

Deletion During Study Participation:

If you request deletion of your Platform Data while participating in a study:

  • Your Platform profile data will be removed
  • The researcher/institution will be notified (if they need to contact you)
  • You may need to contact the researcher directly about Study Data in their possession

7. Legal Basis for Processing

Under GDPR Article 6, we process your Platform Data based on:

  • Consent: Your agreement to participate in studies and use the Platform
  • Contract Performance: Managing your account, recruiting you for studies
  • Legal Obligations: Compliance with UK data protection and research ethics law
  • Legitimate Interests: Improving the Platform, detecting fraud, security

8. Data Retention

We retain your Platform Data for as long as you maintain an active account, plus 2 years after account deletion for audit and legal purposes. You may request deletion of your data at any time. For Study Data, see the researcher's privacy notice.

9. Study Data & Researcher Responsibility

WE Research is a recruitment platform only. All research data collection happens outside our system. When you participate in a study:

  • The researcher provides their own informed consent form and privacy notice
  • Study data is stored by the researcher/institution, not by us
  • Study data is governed by the researcher's privacy notice and ethics approval
  • Contact the researcher directly for questions about their data handling

You should carefully review each study's consent form before participating.

10. Third-Party Services & Data Processors

We may use third-party service providers to process your Platform Data:

  • Cloud hosting (Supabase - PostgreSQL)
  • Analytics (to understand platform usage)
  • Payment processors (for reward redemption)
  • Email services (for communications)

These providers are bound by confidentiality agreements (Data Processing Addenda) and are only permitted to use your data to provide services to us.

11. Security of Data

The security of your data is important to us. We use industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Secure authentication (password hashing, session tokens)
  • Regular security audits and penetration testing
  • Access controls limiting staff access to necessary data only

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we strive to use commercially acceptable means to protect your data.

12. Data Breach Notification

If we discover a data breach affecting your Platform Data, we will:

  • Notify you within 72 hours (as required by GDPR Article 33)
  • Provide details of the breach and data affected
  • Offer advice on steps you should take
  • Report to the ICO if required

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this page.

14. Data Protection Officer & Inquiries

For data protection questions or to exercise your rights:

Data Protection Email: dpo@werc.uk

General Support: support@werc.uk

15. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@werc.uk