Privacy Policy

Last Updated: November 1, 2018

Thank you for choosing to be a part of our community at the MIT Behavioral Research Lab (“we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy or our practices with regard to your personal information, please contact us at

In this privacy notice, we describe our privacy policy. We seek to explain to you in the clearest way possible what information we collect, how we use it, and what rights you have in relation to it. Please read this policy carefully, as it will help you make informed decisions about sharing your personal information with us. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our Sites and our services.

This privacy policy applies to all non-research data collected through our website ( and our Sona Systems web portal ( — we refer to these two websites collectively in this privacy policy as the “Sites”. This policy does not apply to data collected by researchers who use our resources, as research studies often differ from one another in what specific information is collected and how such information is used, retained, and protected. Researchers are expected to describe their data collection and handling practices in writing and obtain informed consent from participants before carrying out research activities.

1. What Information Do We Collect?

Personal Information You Disclose to Us

In short: We collect personal information that you provide to us, such as name, contact information, and login credentials.

We collect personal information that you voluntarily provide to us when registering for an account on the Sites, when signing up for activities (such as research studies) advertised through the Sites, and when contacting us.

The personal information we collect depends on the context of your interactions with us and with the Sites, the choices you make, and the services and features you use. The personal information we collect can include the following:

  • Name and contact information — We collect your first and last name, email address, phone number, and other similar contact information.
  • Credentials — We collect your username, password, and similar security information used for authentication and account access.
  • Information required for payment processing — We collect information such as postal address and social security number in order to process payments to research participants. Specifically, if the compensation amount for a study exceeds $75, or if a participant is not a U.S. citizen or permanent resident, we are required by federal law and/or MIT policy to collect such information for tax reporting and deduction purposes.

All personal information that you provide to us must be true, complete, and accurate. You must notify us of any changes to such information.

Information Automatically Collected

In short: Some information, such as IP address and web browser characteristics, is collected automatically when you visit our Sites.

We automatically collect certain information when you visit, use, and navigate our Sites. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, country, location, information about how and when you use our Sites, and other technical information. This information is primarily needed to maintain the security and operation of our Sites, and for our internal analytics and reporting purposes.

Information Collected from Other Sources

In short: We may collect limited amounts of data from public databases, marketing partners, and other outside sources.

We may obtain information about you from public databases, joint marketing partners, and other third parties. Examples of the information we receive from these sources include social media profile information, marketing leads, and search queries.

2. How Do We Use Your Information?

In short: We may use your information to send you promotional emails, administrative information, and responses to your inquiries and requests.

We may use personal information collected through our Sites for the purposes described below:

  • To send you promotional emails — We and/or our third-party marketing partners may use the personal information you provided to us for promotional purposes (which include recruiting participants for research studies), if this is in accordance with your communication preferences. You can opt out of our promotional emails at any time.
  • To provide you with administrative information — We may use your personal information to contact you about your user account, an upcoming activity (such as a research study) you have registered for, our new resources and services, and changes to our policies and procedures.
  • To respond to your inquiries and requests — When you send us an email, submit a contact form through our Sites, or interact with us by any other means, we may use your contact information to communicate with you.

3. Under What Circumstances Will Your Information Be Shared?

In short: We only share information with your consent, to fulfill a contract with you, to comply with laws, and to meet legitimate organizational needs.

We may process or share your information under the following circumstances:

  • Consent — We may process your data if you have given us specific consent to use your personal information for a specific purpose.
  • Performance of a contract — Where we have entered into a contract with you, we may process your data to fulfill the terms of our contract.
  • Legal obligations — We may disclose your information where we are legally required to do so in order to comply with applicable laws, governmental requests, judicial proceedings, court orders, and legal processes. We may also disclose your information where we believe it is necessary to investigate, prevent, or take action regarding suspected fraud, potential violations of our policies, and situations involving illegal activities or potential threats to the safety of any person.
  • Legitimate interests — We may process your data when it is reasonably necessary to achieve our legitimate organizational interests. This may involve sharing your data with third-party vendors, consultants, contractors, and agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, web hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand online activity. Unless described in this policy, we do not share, sell, rent, or trade any of your information with third parties for their promotional purposes.

4. With Whom Will Your Information Be Shared?

In short: We only share information with the following third parties.

We only share and disclose your information with the following third parties. We have categorized each party so that you may easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to revoke your consent, please contact us at

  • Advertising, direct marketing, and lead generation — Facebook Pixel
  • Content optimization — YouTube video embed, Google Fonts
  • Participant pool management — Sona Systems
  • Spam filtering — Akismet
  • Web and mobile analytics — Google Analytics
  • Website hosting — SiteGround

5. Do We Use Cookies and Other Tracking Technologies?

In short: We may use cookies and other tracking technologies to collect and store your information.

What Are Cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner are called “first-party cookies”. Cookies set by parties other than the website owner are called “third-party cookies”. Third-party cookies enable third-party features or functionality (e.g., advertising, interactive content, and analytics) to be provided on or through a website. The parties that set these third-party cookies can recognize your computer both when it visits the website in question and when it visits certain other websites.

What Cookies Do We Use?

The specific cookies served through our Sites are listed below:

  • Analytics and customization cookies — Google Analytics

How Can I Control Cookies?

You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Sites, though your access to some functionality and areas of our Sites may be restricted. As the specific procedures through which you can refuse cookies vary from browser to browser, you should visit your browser’s help menu for detailed instructions.

What About Other Tracking Technologies, like Web Beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies, such as web beacons (sometimes called “tracking pixels” or “clear gifs”), from time to time. Web beacons are tiny graphics files containing a unique identifier that enables us to recognize when someone has visited our Sites or opened an email that we have sent them. This allows us, for example, to monitor the traffic patterns of users from one page within our Sites to another, to deliver or communicate with cookies, to understand whether you have come to our Sites from an online advertisement displayed on a third-party website, to improve the performance of our Sites, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, thus declining cookies may impair their functioning.

Do You Use Flash Cookies or Local Shared Objects?

Our Sites may also use so-called “Flash cookies” (also known as “local shared objects” or LSOs) to, among other things, collect and store information about your use of our services, prevent fraud, and perform other operations.

If you do not want Flash cookies to be stored on your computer, you can adjust the settings of your Flash Player to block Flash cookie storage using the tools in the Website Storage Settings panel. You can also control Flash cookies by going to the Global Storage Settings panel and following the instructions provided there, which include instructions on how to delete existing Flash cookies, how to prevent Flash LSOs from being placed on your computer without your permission, and how to block Flash cookies that are not being delivered by the operator of the page you are on at the time.

Please note that setting Flash Player to restrict or limit acceptance of Flash cookies may reduce or impede the functionality of some Flash applications, including applications used in connection with our services or online content.

6. How Long Do We Keep Your Information?

In short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless otherwise required by law.

We will keep your personal information for as long as it is necessary to fulfill the purposes set out in this privacy policy, unless a different retention period is required or permitted by law (e.g., tax, accounting, or other legal requirements).

When we have no ongoing legitimate need to process your personal information, we will either delete or anonymize it, or, if this is not possible (e.g., because your personal information has been stored in back-up archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. How Do We Keep Your Information Safe?

In short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate organizational and technical security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the Internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Sites is at your own risk. You should only access our services within a secure environment.

8. Do We Collect Information from Minors?

In short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Sites, you represent that you are at least 18 years of age or that you are the parent or guardian of a minor under 18 years of age and consent to the minor’s use of the Sites. If we learn that personal information from users under 18 years of age has been collected, we will deactivate the associated account and take reasonable measures to promptly delete such information from our records. If you become aware of any data we have collected from children under 18 years of age, please contact us at

9. What Are Your Privacy Rights?

In short: You may review, change, or terminate your account at any time.

If you are a resident in the European Economic Area and believe that we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority. You can find their contact details here.

Account Information

If you would, at any time, like to review or change the information associated with your account or terminate your account, you can:

Upon your request to terminate your account, we will delete your account and its associated data from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with investigations, or comply with legal requirements.

Opting out of Email Lists

You can unsubscribe from our promotional email list by contacting us at You will then be removed from the promotional email list; however, we will still need to send you service-related emails that are necessary for the administration and use of your account. To otherwise opt out, please contact us at

Cookies and Similar Technologies

Most web browsers are set to accept cookies by default. If you prefer, you can set your browser to remove or reject cookies, which may affect certain features or services on our Sites.

10. Do California Residents Have Specific Privacy Rights?

In short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes, as well as the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

11. Do We Make Updates to This Policy?

In short: Yes, we will update this policy as necessary to stay compliant with relevant laws.

We will update this privacy policy from time to time. The updated version will be indicated by a new “Last Updated” date, and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes on our Sites or by directly sending you a notification. We encourage you to review this privacy policy frequently to understand how we are protecting your information.

12. How Can You Contact Us About This Policy?

If you have questions or comments about this policy, you may email us at, call us at (617) 253-1959, or write to us at:

MIT Behavioral Research Lab
400 Main Street
Suite 435
Cambridge, 02142
United States