Privacy Policy

Effective January 2024

About us

Behapp is a service aimed at collecting and analysing behavioural data gathered from smartphones of participants for the sole purpose of supporting scientific (and medical) research endeavours. This service will therefore only be present in formal scientific studies and is set up to adhere to standards, regulations and ethical considerations that apply to human subject research. The service is operated by the Behapp research team at the Groningen Institute for Evolutionary Life Sciences (University of Groningen, Netherlands).

From the perspective of a participant, your experience with Behapp will mainly revolve around our smartphone application, also named Behapp, which is responsible for collecting said behavioural data from your smartphone. In this privacy policy document we will tell you about the kinds of data that we collect, how we use the data and how we protect the data and by extension your privacy.


What information is being collected?

Our smartphone applications can tap into various sources of information on your smartphone. 

It is important to know that this application will never register any content (what you write, what you say or what someone says or writes to you).

The exact information collected from your phone will be clearly communicated to you before you decide whether you install the app. This is called the informed consent process. Below, we provide a full overview of the data collection capabilities of the app, which may or may not be activated for you, below. The exact combination sources used by our app depends on the study you are involved in. Researchers responsible for your study may choose to exclude sources if they deem it unnecessary for their research. 

  • Location data: we continuously record location data expressed as latitude/longitude coordinates accompanied by additional data like altitude, speed and accuracy.
  • Call history: we look out for activity in terms of placing, receiving and possibly missing phone calls. For each activity we record the type of call, if applicable the duration of the call and the phone number of the third party involved with the call. This number is anonymised on the phone (using one way hashing) before being sent over to us.
  • Text messaging history: similar to call history, we record activity in terms of sending and receiving SMS-only text messages recording the type of text message and the anonymised phone number of the third party involved. The contents of your text messages are not touched or looked at.
  • WiFi access points: we perform regular scans for WiFi access points in the direct vicinity of your smartphone recording the MAC address of said access points and the signal strength in relation to these devices.
  • Application usage: when your phone is in use, in other words if your display is on, we continuously check which app currently resides on the foreground of your phone recording the name of the app and the number of seconds the app was in use.
  • Accelerometer and general motion: we continuously monitor the accelerometer sensor of the device recording the expression of motion as vectors along an x, y and z axis.
  • Ambient light: we regularly take samples through the ambient light sensor of the phone recording the current light (lux) value found.
  • Ambient noise: we regularly take ten second sound samples of background noise which we use to calculate the average amplitude of that sample. The average amplitude is expressed as a numeric value and only this value is sent over to us. The recording is discarded immediately after the calculation and this operation happens in volatile memory (RAM) only. Meaning the samples are not accidentally stored and left behind on your smartphone’s internal storage or sd-card.
  • Device Information: we store information describing the type of device you use such as the Android version, brand, model etc. for quality control purposes. This information does not include any unique device identifiers available on the Android platform. 

Lastly when the app contacts our systems to send over data collected from your smartphone this event by itself is logged including IP address information of the location from where a network connection was made. This information is stored separately from the personal and smartphone collected data mentioned before and only retained for a maximum 30 days after being logged.


How will your information be used?

Your smartphone collected data and personal information will be used to support the research goals of the study by which are involved in using Behapp, for example but not limited to:

  • Reporting on movement / explorative efforts of participants
  • Deriving various types patterns of social and communicative behaviour of a participant (for example: amount, frequency and time of calls, text messages or social media app use)
  • Building a classification model tied to different participant groups in a study

Next your data may also be used to support research goals of Behapp wide analytical endeavours by aggregating participant groups. Aggregated participant groups are classes of participants e.g. with a specific mental health issue such as a depression or dementia which are grouped together for analysis regardless of their study. Concrete analytical operations remain similar to as mentioned above.

Lastly, IP address information will be used to diagnose / troubleshoot the Behapp service itself. It will play no part in formal research efforts of our study partners and our own research projects. The data will therefore only be accessible to system administrators excluding researchers.


Withdrawal of informed consent & Data deletion

At any time during your participation in a scientific study are you allowed to withdraw your consent and stop participating. Upon removal of the Behapp app from your smartphone, data collection will stop immediately.

Depending on the study that you participate in, you may also request the deletion of your data. However, the degree to which your data can be retracted and deleted depends on your specific study. In general we recommend that you contact your study manager if you have any questions about data deletion in your study.

Note that we cannot process data deletion requests that are made directly to us since we do not store any personal information that will enable us to determine which data belongs to you. Any deletion request will need to go through your study manager. Based on their request we will make sure to purge your data from our systems. 

If you have any difficulties in getting hold of your study manager send us a message at info@behapp.com and we will try to contact your study manager for you. 


How is your information protected?

We are keenly aware of the privacy sensitive nature of the data that we collect about you and we are committed to ensuring that this data remains well protected and is handled with care. 

  • As a base principle, no directly identifiable information about any participant is stored within any system that is part of the Behapp service. Participants like yourself are represented by a unique number which can only be traced back to you by the researcher responsible for the study that you participate in.
  • We build our systems on top of Google Cloud Platform which provides us with ready made, secure and regularly audited infrastructure components.
  • Our systems undergo independent security audits by Sogeti Cybersecurity Services
  • Both subsystems and researchers interacting with Behapp, especially systems that are connected to the public internet, are consistently provided with the least privileges to ensure that they can do their job and nothing else.
  • Smartphone collected data is encrypted after being submitted to our systems using a combination of carefully audited crypto libraries and key management systems.
  • Communications between your smartphone and our systems take place over secured connections only.
  • After each successful upload, all of the locally stored data on your smartphone is cleared from the device. 
  • In the event that your phone is lost / stolen report this to your study manager. Your study manager will reinitialize your account which will cause Behapp to fully reset itself on your lost / stolen phone when it tries to contact us again. This includes wiping of locally stored Behapp data.


Who has access to your information?

Your information will only be directly accessible by Behapp researchers with relevant job roles regarding the handling and analysis of data. All researchers have received instructions to ensure a secure and responsible working environment, as specified in our information security policy, wherein your data will be used.


Who will the information be shared with?

Your data, in other words the raw data, and any subsequent derivatives may be shared with the research team / consortium directly responsible for your study. We will not sell or rent your information to third parties, this includes third parties that may be involved in your study but are otherwise not involved in further analytical handling of the data.


Review of this policy

We keep this policy under regular review as part of a continuous data protection impact assessment (DPIA) cycle mandated by the European General Data Protection Regulation (GDPR) and as such may be updated over time.