📑 Privacy

📑

Privacy Policy for QualiaInterviews

QualiaInterviews, developed by Causal Map Ltd, is committed to protecting the privacy of our users. This privacy policy outlines how we collect, use, store, and protect your personal data in compliance with the General Data Protection Regulation (GDPR), EU AI Act Compliance and other applicable regulations.
 

Data Controller

Causal Map Ltd acts as the data controller for both QualiaInterviews and Causal Map app. Our Data Protection Officer is Steve Powell, who can be contacted at hello@causalmap.app.

Data Collection and Processing

We collect and process data necessary for the operation of QualiaInterviews, including:
  • User account information.
  • Interview responses.
  • Usage data.
  • Essential cookies necessary for app functionality.
Data processing is conducted in compliance with the General Data Protection Regulation (GDPR) and other applicable regulations.

Data Storage and Security

  • QualiaInterviews is hosted on Heroku servers in the United States.
  • Data is stored at Heroku in the USA, with encryption.
  • We use TLS (Transport Layer Security) via HTTPS for secure data transmission between users and the app.
  • Authentication is managed through Google Firebase, supporting email/password methods and Google account integration.
  • Daily backups of the database are made automatically.

AI Processing

  • Interview data is processed either using OpenAI's GPT-4 API or Perplexity’s Llama3 Model.
  • OpenAI retains API data for a maximum of 30 days for compliance purposes. OpenAI declares that API users retain ownership of their data, and API requests are not used for training models (we are a Tier 5 OpenAI customer).
  • Perplexity’s Llama 3 model, in contrast, does not save data on their servers, but simply passes through it. During inference, data is temporarily held in memory for processing but does not persist after the task is completed.
  • We instruct respondents not to provide identifying information in their responses.
  • Causal Map Ltd. adheres to established qualitative research protocols to limit the AI's freedom in making evaluative judgments, thereby aiming for transparency and accuracy in the AI's interpretation of causal claims.
  • Ethical considerations include careful attention to the types of data processed and ensuring the AI's analysis reflects respondent views without systematic bias or undue influence​​.

Data Retention and Deletion

  • Personal data is not kept longer than necessary.
  • Data can be erased if requested.
  • Causal Map Ltd will not usually collect, store, host or process personal data of its clients’ research subjects. In the exceptional cases where this is necessary, it will occur only for and to the extent necessary for the specific purpose(s) informed to data subjects. Data will be pseudonymised at the point of data collection using “a unique identifier that is not connected to their real-world identity, using techniques such as coding or hashing” (Article 89, GDPR). All information which enables the reversal of pseudonymisation and thereby re-identification will only be held for a limited period (see 2.4), at which point all data will be fully anonymised by the destruction of all key lists.
 

User Rights

Users have the right to:
  • Access their personal data.
  • Request rectification or erasure of their data.
  • Object to data processing.
  • Data portability.
  • Withdraw consent at any time.
To exercise these rights, contact our Data Protection Officer at hello@causalmap.app.

Cookies and Tracking

  • Essential cookies for app functionality.
  • Additional cookies for chat feature functionality.
  • LinkedIn and Google tracking cookies (requires user consent via pop-up).

Third-Party Services

We use the following third-party services:
  • Firebase (Authentication).
  • OpenAI API (AI Processing).
  • Perplexity API (AI Processing).
  • AWS (Data Storage).
  • Heroku (Hosting).
  • MongoDB (noSQL object caching).
Each third-party service has its own privacy policy.

Data Protection Measures

  • All emails containing personal data are encrypted at rest and in transit.
  • Personal data is securely deleted when no longer needed.
  • Access to personal data is restricted to authorized personnel only.

International Data Transfers

Causal Map Ltd regularly needs to transfer (‘transfer’ includes making available remotely) personal data to countries outside of the UK The transfer of personal data to a country outside of the UK can take place only if one or more of the following applies:
  • The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the Information Commissioner’s Office (ICO) has determined ensures an adequate level of protection for personal data;
  • The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the ICO; compliance with an approved code of conduct approved by a supervisory authority (e.g. the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the Regulation); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;
  • The transfer is made with the informed consent of the relevant data subjects.
  • The transfer is necessary for the performance of a contract between the data subject and Causal Map Ltd or for pre-contractual steps taken at the request of the data subject).
  • The transfer is necessary for important public interest reasons.
  • The transfer is necessary for the conduct of legal claims.
  • The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent.
  • The transfer is made from a register that, under UK law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.

Data Breach Notification

In the event of a data breach, we will notify the relevant authorities and affected users in accordance with applicable laws.

Changes to Privacy Policy

We reserve the right to update this policy. Users will be notified of significant changes.

Acceptable Use Policy

Services provided by us may only be used for lawful purposes. Any material or conduct that in our judgment violates this policy may result in suspension or termination of the services or removal of the user's account with or without notice
Prohibited uses include, but are not limited to:
  • Phishing or engaging in identity theft.
  • Distributing malicious code.
  • Distributing pornography or adult-related content.
  • Promoting or facilitating violence or terrorist activities.
  • Infringing on intellectual property rights.
By using QualiaInterviews, you agree to the terms of this privacy policy. If you have any questions or concerns, please contact us.

Contact Information

For privacy-related inquiries:
  • Data Protection Officer: Steve Powell