Survey Assistant

Privacy Policy

Effective date: March 8, 2026

How Survey Assistant handles personal and operational data

Survey Assistant aims to process only the minimum information necessary for research operations. In particular, legacy backups, member records, access logs, and raw survey responses remain outside public repositories and stay inside a private operational boundary.

1. What data is processed?

  • Participant accounts are handled mainly through anonymous-style login identifiers and response history.
  • Researcher and platform-operator accounts use minimal Google-based account identity data.
  • Operational records such as access logs, security logs, submission timestamps, and permission-change history may be generated.

2. Why is this data used?

  • It is used for survey participation, research operations, access control, security review, and incident response.
  • It may also be used only as needed for exports, BYOK AI conversations, SkillBooks, store functions, and billing-request operations.

3. How do AI and external services interact?

  • When a researcher uses BYOK AI, necessary data may be sent to the selected external LLM provider at request time.
  • Hosting, database, OAuth, and future payment gateway operations may depend on external infrastructure providers.
  • User-supplied API keys and AI request data should only be handled within the scope of the requested feature, and long-term retention is not the default path.

4. How long is data kept?

  • Data is kept only within operational necessity and research-management need.
  • If there is no legal retention requirement, removable data should be cleared when deactivation, deletion, or anonymization is requested.

5. How is the boundary between public code and sensitive data managed?

  • Public repositories contain code, documentation, sanitized examples, and publishable implementation artifacts only.
  • Legacy database backups, member records, IP logs, and raw response datasets are outside that public boundary.
  • The development process also keeps a deliberate separation so sensitive data is not pushed to public remotes by mistake.

6. What requests can a data subject make?

  • Users may send privacy, deletion, anonymization, and operations-related requests.
  • Requests may require identity and scope confirmation first, and sensitive-data review usually starts from the smallest safe example rather than a raw full dump.

7. Contact

  • Privacy and deletion requests can be sent through the contact page or the email below.
  • Support email: mow.coding@gmail.com