Privacy compliance doesn’t have to be difficult. At User Interviews, we’re constantly keeping up with the latest updates to data privacy laws and regulations like GDPR, CCPA, and CPRA so our users don’t have to.

And we don’t take data privacy compliance lightly. Privacy and confidentiality are non-negotiable, not just nice-to-have. We’re committed to making sure our tools are able to support compliance as data privacy laws and regulations continue to evolve. 

If you’re a researcher and want to understand how privacy laws may affect your research practice, check out our updated User Researcher’s Guide to GDPR, CCPA, and CPRA. It’s a comprehensive guide to what researchers need to be aware of for various data privacy laws and outlines examples of how to be more mindful of compliance in your research practice. If you’re already a User Interviews customer (or think you might like to be one 😉), this article is for you. We’ll cover:

• What we’re doing to protect the privacy of your team and the participants you talk to
• What to expect from us moving forward
  

In our updated User Researcher’s Guide to Data Privacy Regulations, we outline examples of how user researchers can become more mindful of important data privacy laws like GDPR, CCPA, and CPRA in their research projects, from participant recruitment to continuous compliance. In this article, we’ll show you how to use User Interviews’s privacy-focused features in our participant recruitment and management solutions, and outline processes we’ve put in place to make privacy protection easier. 

🔐For more information about our approach to security and privacy, visit our Security page as well as our Privacy Policy.

How to streamline your privacy compliance within User Interviews

With participants you recruit from our panel 

Don’t sweat it. You can recruit from our panel based on demographics, occupation, or any other criteria, and we’ll handle participant data permissions for you. We’re responsible for obtaining our participants’ consent to provide data to us and share it with our customers, and we take care of data subject requests (e.g., requests for data correction and deletion) we receive from our participants. As long as participant data stays on our platform, we’ll handle the data security bit. 

Note: if you collect additional personal information as part of your research,  you are responsible for privacy compliance in how you handle that information.

With participants you recruit from your own panel 

When you upload or recruit your own participants using your Research Hub, we provide a number of features to help you manage your data privacy compliance activities. This means you can keep all your participant data processing activity on our site, and worry less about the security of a multitude of different apps and processes. And, we’ll help you handle data subject requests (e.g., requests for data correction and deletion) received from your participants.

‍

1. Use in-app opt-in forms to grow your panel

Obtaining informed consent from each participant is paramount to maintaining good participant data processing practices. We’ve created in-app opt-in forms that require each and every participant who enters your panel to provide their informed consent.

How to do this within Hub:
To invite your users to join your research panel without applying to a specific project, create an opt-in form: a persistent, branded page where your users can sign themselves up to join your research pool.

To set yours up, head to Participants > Hub Participants, click “Build,” and then “Manage opt-in forms.”

Setting up your opt-in form takes just a few clicks

Share a link to your opt-in form to recruit users and obtain consent without having to worry about transferring data between User Interviews and other integrated software that might not be as secure or privacy-conscious.

‍
📘 Visit our support article to learn how to use opt-in forms to build your Hub panel

2. Add a data consent notice

A data consent notice acts as a heads-up to any users you invite to do research with your company, explaining how you’ll use their data and allowing them to proactively opt in to data collection.

Research teams with paid Hub subscriptions have the option to include new and existing data consent notices to their opt-in forms. This allows researchers to check that box with participants—literally and figuratively.

How to do this in Hub:

Head to My Team > Consent Settings to add your notice. Once you switch it on, it will appear on your opt-in form as well as on the invite pages for any projects with your own users—a single, consistent opt-in experience across all your research.

Customize your data consent notice

Our CRM automatically keeps track of users’ opt-in form responses, so it’s easy to filter your panel by who has given you data consent.

📘 Visit our support article to learn how to present Hub participants with your company's data consent notice

3. Manage custom fields to keep track of only the data that matters

A key data privacy principle is to collect and process only the information that you need. We’ve created a custom database that allows you to add the fields that your team needs and delete the ones they don’t. 

How to do this in Hub: 

To edit or delete custom fields from the Hub Participants view, click Filters > Custom fields > Edit.

📘 Visit our support article to learn how to manage your panel

4. Invite and keep track of users all in one place 

If you’re using User Interviews to store your participant data, you won’t have to worry about data security between tons of different third-party apps. You can invite participants to projects, review their history with your organization, and build participant lists with custom filters—all without leaving or transferring data outside of our secure research CRM.

How to do this in Hub: 

If you haven’t launched a project yet, filter through your panel, select the segments you want, and click “invite participants to project.” 

If you’re launching a project and inviting participants at the same time, upload users into the project via CSV in the “invitation email” section of the project builder.

All your participant data, in one place.

📘 Visit our support article to learn how to invite participants to sign up for a Research Hub project

4. Easily process data deletion (aka “right to be forgotten”) requests

Perhaps one of the most difficult things about transferring participant data to another service is what happens when a participant requests that their data be deleted from your database. User Interviews helps you handle data deletion (aka “right to be forgotten”) requests quickly and easily.
How to do this in Hub: 

• Edit a participant record manually: You can edit a participant’s record manually by clicking on the little blue user + pencil icon next to their email address. You can edit any participant info or custom fields, but note that you cannot edit activity records which are automatically tracked.
• To batch-delete many participants at once, you can upload a list and add a label—something like “to be deleted”—then delete all participants with that label attached by selecting everyone with that tag and deleting them from your database.
• We automatically disassociate any survey data from deleted participants.

If one of your participants makes a data deletion request directly to User Interviews regarding their personal data through our Data Subject Request Form, we will redirect that request to you in accordance with our Data Processing Agreement. 

5. Easily process data correction

Your participants may have the right to request edits to their data you have about them under applicable data privacy laws. With Hub it’s easy to edit the data fields for each participant from the “Hub Participants” view.

How to do this in Hub: 

Head to the “Hub Participants” view, search for the participant whose data you need to edit, and edit the field you need to. 

To batch-edit multiple contacts, simply upload a CSV of the folks you want to update, including columns with any new or updated data. A dialog box will appear, allowing you to choose which columns to update in User Interviews’s Hub.

Note: User Interviews matches participants based on their email addresses. If you want to change a participant’s email address, you’ll need to delete them and then re-add them as a new contact. For help with this, you can always email projects@userinterviews.com. ‍

6. Set up team roles and permissions, SSO, and email 2FA

Within Hub, you can customize permissions for each person on the research team. Our Teammate role is a more limited role that ensures sensitive data can be accessed only by those who need it. For all of our Hub plans, we also provide Single-Sign-On SAML (SSO) as an add-on feature so you can log in using your own secure authentication infrastructure.

Additionally, we make sure that all participant accounts are automatically enabled in email two-factor authentication (2FA) to bolster account security. 

How to enable this:

Customizing permissions:

• Go to Members page
• Click “My Team” and select “Members” from the dropdown menu to manage roles and permissions

Enabling SSO:

• Go to My Teams tab > Configure.
• Follow the configuration steps and steps for IT teams on the configuration page

Enabling participant email 2FA:

• Visit Edit Profile > Security tab > check the opt-in box

What User Interviews has done to protect researcher and participant privacy

We’re committed to data security and privacy, and to making it easy for our customers to be committed too. Here are some steps we’ve taken to better protect your data and the data of participants who offer their time through our platform:

Policies and procedures

• Committed to undergo annual SOC 2 Type II, ISO 27001, and ISO 27701 audits to ensure we are following industry best practices and have robust controls and processes in place to secure your data
• Committed to regularly reviewing and updating our Privacy Policy to ensure we are accurately describing how we may collect, use, and disclose personal information
• Appointed a Data Protection Officer
• Appointed an EU Representative and a UK Representative

• Signed Data Processing Agreements with all of our subprocessors (aka the vendors we use to host our website, deliver our emails, process support tickets, etc.)
• Created a Data Processing Agreement for our customers 
• Created a comprehensive set of internal information security and privacy policies and procedures
• Built security training into our new hire onboarding and committed to annual security training and regular phishing tests for all User Interviews employees
• Committed to annual penetration tests and quarterly vulnerability assessments
• Created processes and procedures for receiving and responding to data subject requests, including a Data Subject Request Form and a Request to Delete Participant Account Form

📕 You can learn more about our approach to security and privacy by visiting our Security page and reviewing our Privacy Policy.

Product improvements

• Ensured that personal information  is encrypted at rest and in flight 
• Implemented role-based access to customer data based on the principle of least privilege
• Built a Privacy Preference Center that allows visitors to set cookie and privacy preferences
• Enabled easy updates to participant records by connecting custom data fields to live data sources
• Made it easy to scrub inactive participant records by automatically removing inactive users from your panel and syncing unsubscribes
• Provided team admins with the ability to deactivate and reactivate team members on the Team Members page 
• Built a Zapier integration so you can automatically add, update, or delete participant records in Hub securely and quickly using over 5,000 tools 

📖 Stay in the loop with our product updates in our product release notes!

Our privacy preference center

Simplify privacy compliance with User Interviews

We work constantly to stay on top of the latest developments around privacy and security and are committed to building and upgrading our products with privacy and security at top of mind.

With the policies and product features highlighted above (and more to come!), we’re committed to making it not only possible but simple for you to stay on top of your privacy commitments while you’re out there searching for user insights. Sign up free today for our Research Hub and automate both panel management and privacy compliance with easy-to-use features.

‍