Privacy Policy

We collect the minimum data needed to operate the Platform:

• We do not store IP addresses in our own database.
• No data is sold to third parties. Ever.
• We do not collect your Prolific ID, account credentials, or any information about your Prolific account.

Your data is used exclusively to:

• Display your reviews, comments, and ratings on the Platform.
• Calculate and display aggregate researcher ratings.
• Prevent spam and abuse (rate limiting and duplicate detection via your account).
• Send you account-related emails (verification, password resets).
• Measure aggregate site traffic and usage patterns via Google Analytics and Umami Analytics to improve the service and qualify for ad network partnerships.

For users in the European Economic Area and the United Kingdom, we process personal data under the following lawful bases:

• Legitimate interest (Article 6(1)(f) GDPR) - for operating the review platform, preventing abuse, and processing researcher names in the context of professional activity reviews. We have balanced this against the rights of data subjects and believe the community benefit of transparent researcher feedback outweighs the limited impact on researchers, whose names are already publicly associated with their professional activities on Prolific. Researchers may exercise their right to object at any time (see "Your Rights" below).
• Consent - by voluntarily submitting content, you consent to its publication on the Platform.

We use the following third-party services:

• Resend (email delivery) - sends verification and password reset emails on our behalf.
• DigitalOcean (hosting) - serves the website from a VPS in the United States.
• Google Analytics (GA4) - we use Google Analytics to measure aggregate traffic (page views, session duration, geographic region) so we can understand how people use the site and qualify for ad networks. Google may set cookies (_ga, _gid) to distinguish unique visitors. Your IP address is anonymized before storage. We do not enable advertising features, user-ID tracking, or remarketing. You can opt out by installing the Google Analytics opt-out browser extension or blocking cookies from googletagmanager.com.
• Mediavine Grow / Journey (faves.grow.me) - a content-engagement and advertising service. It may set cookies and browser local storage to remember saved content and to show and personalize ads. For visitors in regions that require it (such as the EEA and UK), Mediavine's Consent Management Platform displays a consent banner and records your choice; consent for Grow's data collection is managed by Mediavine, not by us.
• Umami Analytics (self-hosted, privacy-focused) - a cookie-free analytics tool we run on our own server. No personal data is collected or shared with anyone.

We use a minimal number of cookies:

• Session cookie (authjs.session-token) - keeps you logged in. Essential; no opt-out needed.
• Google Analytics (_ga, _gid) - distinguishes unique visitors for aggregate traffic measurement. Set by Google. Expires after 2 years (_ga) or 24 hours (_gid). You can opt out via your browser settings, the Google Analytics opt-out extension, or by blocking googletagmanager.com.
• Mediavine Grow / Journey (grow.me) - sets cookies and browser local storage for content saving and for showing and personalizing ads. Where consent is required, you can manage your choices through Mediavine's consent banner.
• Cloudflare Turnstile (cf_clearance) - anti-bot verification on registration and login only. Essential.

We use Mediavine Grow / Journey for content engagement and advertising, and Google Analytics for aggregate traffic measurement; these may set the cookies described above. For visitors in regions with consent requirements (such as the EEA and UK), Mediavine's Consent Management Platform shows a consent banner and records your choices. We do not use social media trackers or device fingerprinting.

User-submitted content (reviews, comments, ratings) is retained for as long as the Platform operates, unless you request deletion or delete it yourself from your profile.

Account data (email, display name) is retained while your account is active. You can request full account deletion at any time.

Page view records do not contain personally identifiable information and are retained indefinitely for aggregate statistics.

Depending on your jurisdiction, you may have the right to:

• Access - request a copy of the personal data we hold about you.
• Rectification - request correction of inaccurate data.
• Erasure - request deletion of your personal data ("right to be forgotten").
• Object - object to processing of your data based on legitimate interest.
• Data portability - request your data in a machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

For researchers listed on this Platform: You may request that your personal name be redacted from the platform. Upon a valid request, we will replace your displayed name with "Redacted Name" while preserving the review history linked to your Researcher ID. Reviews themselves (which are participant opinions) will remain unless they violate our Terms of Service. To request name redaction, email us at [email protected] with your name and Researcher ID for verification.