Privacy Policy

This policy describes how GroupResearch collects, uses, and protects your personal data. By using the platform, you agree to these terms.

• Account data: Email, optional name, bcrypt-12 hashed password.
• Profile data: Timezone, language, optional demographics (age, gender, country).
• Experiment data: Daily check-in answers you voluntarily submit.
• Technical data: Basic server logs (IP, browser type) for security — deleted after 30 days.
• Billing data: Subscription plan and renewal date — we never store card details.

• To run the platform and show your personal experiment results.
• To produce anonymous community statistics (minimum 5 participants).
• To send necessary operational emails only.
• To generate AI insights (Pro/Team) — we send aggregated data to OpenAI per their privacy policy.

We never sell your data. We share only with:

• Resend: For operational emails.
• OpenAI: For AI insights (Pro/Team only) — aggregated, not linked to your identity.
• Legal authorities: When legally required.

At any time you can:

• Export your data as CSV from the enrollments page.
• Delete your account from account settings — all data deleted within 30 days.
• Request deletion at: privacy@groupresearch.net

• Passwords bcrypt-hashed (cost factor 12).
• Sessions use JWTs in httpOnly, Secure, SameSite=Strict cookies.
• All connections TLS-encrypted.
• Database on closed internal network, not internet-exposed.

We use one essential cookie (auth_token) for session management. No tracking or advertising cookies.

• Access and export your data.
• Correct inaccurate information.
• Delete your data (right to be forgotten).
• Object to certain data processing.

Privacy inquiries: privacy@groupresearch.net