Altruism Choice

Privacy policy

Last updated: 28 April 2026

This policy explains what Altruism Choice collects, how the data is stored and used, and the rights you have over your data. Altruism Choice is operated by Scirenity, the data controller for the purposes of the General Data Protection Regulation (GDPR).

Data we collect

When you participate in a study, we collect:

  • Your responses — the choices you make in each vignette (which charity received how much), plus any free-text feedback you submit voluntarily.
  • Optional demographics — age, gender, education, country, prior donation frequency. Each field is opt-in; you can choose “prefer not to say”.
  • Authentication — if you create an account, your email address and (if set) a password hash. If you sign in via Google, GitHub, or ORCID, we receive your name, email, and profile picture from that provider.
  • External IDs — if you arrive via Prolific or SONA, we store the participant ID provided by that platform so we can confirm completion to it. Not linked to your account unless you explicitly log in.
  • Server logs — request paths, timestamps, error stacks. No IP addresses are stored beyond Vercel's short-lived edge logs.

What we do not collect

  • No analytics cookies or third-party trackers.
  • No advertising identifiers.
  • No payment information — donations on this platform are notional (research scenarios), not real money.

Cookies

We use one functional cookie: a session JWT, set after you log in. HTTPS-only, SameSite=Lax, expires after 30 days. Without it you cannot stay logged in. There are no analytics or advertising cookies. Anonymous participation uses a localStorage identifier (not a cookie) which never leaves your browser unless you choose to migrate your responses to a logged-in account.

Data processors

  • Vercel (USA) — hosting and function execution. Standard Contractual Clauses cover EU data transfers.
  • Neon (EU region: AWS Frankfurt) — Postgres database storing accounts, responses, and email events.
  • AWS Simple Email Service (EU region: eu-west-1) — transactional email (verification, password reset, sign-in links).
  • Google, GitHub, ORCID — only if you choose to sign in via these providers, and only the data you authorize.

Retention

  • Anonymized response data — kept indefinitely as part of the academic research record.
  • Account data (email, name, login history) — deleted on request, see below.
  • Email events (delivery, bounce, complaint) — kept for 90 days for deliverability monitoring.

Your rights under GDPR

  • Access the data we hold about you.
  • Correct inaccuracies.
  • Delete your account and any data linkable to you (anonymized response data may be retained but cannot be linked back to you).
  • Export your data in a machine-readable format.
  • Withdraw from a study at any point.
  • Lodge a complaint with your local data protection authority.

How to exercise your rights

Get in touch via scirenity.com. We respond within 30 days. For account deletion, you can also use the “Delete account” link in your profile settings once that feature ships.

Changes to this policy

Material changes are announced on the platform homepage and via email to active users at least 14 days in advance. Minor wording updates are reflected in the “Last updated” date above.

Contact

For all inquiries, including data requests: scirenity.com.

About the projectTerms of use