Empathy Lab Data Protection Policy

Introduction

Empathy Lab is committed to protecting the personal data of our research participants, partners, and collaborators. We prioritize transparency, respect, and accountability in how we collect, store, and use data. This policy outlines our approach to handling personal data, ensuring privacy, and safeguarding information.

Scope

This policy applies to all personal data collected, stored, and processed by Empathy Lab, including:

  • Names and email addresses (collected separately from other data)

  • Demographic information

  • Survey responses related to human experiences and behavior

  • Any additional data collected through online forms, in-person interviews, or virtual sessions

Data Collection

We collect personal data through:

  • Online forms (Typeform, Google Forms)

  • In-person and Zoom interviews

We do not collect or store contact information alongside research responses to maintain participant anonymity.

Data Storage and Processing

Collected data is securely stored and processed using:

  • Typeform

  • Google Forms

  • Airtable (as needed)

  • Google Sheets (as a repository)

  • Microsoft Excel

Artificial Intelligence as a tool:

  • We will be examining the usage of a private artificial intelligences (Huggingface, Elicit, Claude, etc.) in order to process and synthesize the data we gather. All efforts with AI will be completely anonymous.

Data Access

Access to personal data is strictly limited to:

  • Administrative Empathy Lab employees

  • Vetted humanity-first organizations and institutions (e.g., university researchers, health organizations) for collaborative research purposes

We never sell or share personal data with third parties for commercial purposes.

Data Protection Principles

We adhere to the following principles:

  • Lawfulness & Fairness: Data is collected and processed transparently and in compliance with applicable laws.

  • Purpose Limitation: We collect and process data only for clearly defined, legitimate purposes (research, experience sharing, and collaboration).

  • Data Minimization: We collect only the necessary data needed for our research.

  • Accuracy: We take reasonable steps to ensure data accuracy.

  • Storage Limitation: We retain personal data indefinitely unless a user requests deletion.

  • Security: We implement security measures to prevent unauthorized access, disclosure, or loss of data.

  • User Rights: Individuals have the right to access, correct, or request deletion of their data.

Data Sharing & Transfer

We may share anonymized data with vetted humanity-first organizations and institutions for research collaboration. Data will only be shared:

  • With explicit consent from participants

  • When required by law

We do not share personally identifiable information unless explicitly agreed upon by the participant.

Data Retention

  • We retain personal data until a participant requests deletion.

  • Upon request, we will promptly delete or anonymize all associated data.

Data Breach & Security Procedures

While we currently do not have a formal breach response plan, we are committed to:

  • Notifying affected individuals and authorities (if legally required) in the event of a breach

  • Investigating and taking corrective action to prevent future incidents

  • Updating security measures as necessary

User Rights

Participants have the right to:

  • Access their personal data

  • Request corrections or deletion of their data

  • Object to data processing

  • Withdraw consent for future data collection

To make a request, contact Shelton Davis at shelton@empathylab.io.

Policy Updates

We may update this policy as needed. Any significant changes will be communicated via our website or directly to participants when applicable.

By participating in our research and providing personal data, individuals acknowledge that they have read and agree to this data protection policy.