1. Definition of Parties

This policy distinguishes between two distinct classes of individuals:

• Users: Individuals or entities who create an account to conduct research studies via PublicPreference™.
• Participants: Individuals recruited to complete studies created by Users. Participants do not create accounts and are pseudonymous at the point of collection.

2. Data Collection & The "Wall of Separation"

PublicPreference™ maintains a strict architectural Wall of Separation between Participant research data and User account data.

3. Access & Transparency

Users have access to Participant selections and associated demographic metadata (Gender, Age, and Country). Participants do not have access to study data beyond the images and prompts provided by Users. While participants may be associated with platform-specific alphanumeric strings for fulfillment purposes, these identifiers are not linked to PII within the PublicPreference™ infrastructure.

4. Biometric Data & Local Redaction

To protect individual privacy, PublicPreference™ utilizes tools that allow face detection and redaction (blurring) to occur directly within your web browser. Our goal is to ensure that identifiable facial data is obscured before it is ever uploaded to our servers. Under standard operating conditions, we only receive and store the anonymized version of your images.

Despite these protective measures, we acknowledge the technical possibility that PublicPreference™ may inadvertently receive biometric data against our intent. This may occur due to limitations in detection algorithms (e.g., lighting, angles, or image quality), hardware/software incompatibility, or user-initiated bypass of local security scripts. PublicPreference™ strictly prohibits the processing, storage, or utilization of such data for identification or biometric modeling.

We do not create, store, or share "biometric templates" or "faceprints" as defined by the Illinois BIPA or Texas CUDPA. Any inadvertently received biometric identifiers are permanently destroyed within 30 days of discovery, and in no event later than the first anniversary of the associated study's conclusion. Users acknowledge that they remain the Data Controller and are the final safety check for ensuring redaction efficacy prior to upload.

5. Mandatory User Representations

Users conducting studies represent and warrant that:

• Legal Ownership: They hold all legal rights to the uploaded content/images and have obtained explicit, informed consent from any identifiable individuals depicted.
• Final Review Verification: They have personally reviewed the "Final Review" preview and confirm that all sensitive features (including faces) are obscured to their satisfaction before deployment.
• Age Restriction: No images depict individuals under the age of 18.
• Prohibited Content: No images depict illegal acts, extreme violence, bodily harm, dangerous activities, or sexually explicit content.
• GDPR Controller Status: For the purposes of European data protection laws, the User acts as the Data Controller and is responsible for fulfilling all transparency and consent requirements toward the data subjects.
• No Identifiers: They are not uploading "Special Category Data" (e.g., medical status, religious affiliation) or Biometric Data as defined by applicable law.
• Public Exposure: They understand that study prompts and images will be displayed to the Participant pool for research purposes.

6. Research Prompts & Survey Content

PublicPreference™ is a tool for objective preference research. While we encourage diverse research questions, all research prompts are subject to the following standards:

• Non-Identification: Prompts may not be used to solicit Personally Identifying Information (PII) from Participants, or reveal the PII of individuals depicted in images (such as names, contact details, social media handles, or specific residential locations).
• Neutrality & Integrity: Prompts should not be used to promote hate speech, harassment, or the disparagement of the individuals depicted in the images.
• Public Visibility: Users acknowledge that prompts are not private; they are visible to the Participants and are stored as part of the research record.
• No Deception: Prompts must not be used for "phishing," social engineering, or to deceive Participants into revealing sensitive personal data.

7. Infrastructure & Data Residency

PublicPreference™ utilizes industry-standard encrypted server-side architectures to safeguard User and Participant data. We utilize Google Firebase as our primary data sub-processor for hosting and database management. All data is stored and processed on secure servers located within the United States.

Data processing is governed by the Google Cloud Data Processing and Security Terms (DPST), which includes Standard Contractual Clauses (SCCs) to ensure the protection of international data transfers. You can view the Firebase Data Processing Terms here.

By using the Service, Users and Participants acknowledge and consent to the transfer of their information to, and the storage of such information in, the United States. We maintain rigorous internal protocols to ensure data isolation and prevent unauthorized access.

By using the Service, Users acknowledge that no digital architecture is entirely immune to risk and accept that the public-facing nature of research studies necessitates the disclosure of study prompts and images to the Participant pool. International users acknowledge that data protection laws in the United States may differ from those in their home jurisdiction.

8. Cookies & Local Storage

PublicPreference™ utilizes only Essential Technical Cookies and local storage to facilitate account authentication for Users and session integrity for Participants. We do not utilize third-party tracking, advertising, or marketing cookies.

9. Data Retention & Deletion

Users may request account deletion at any time by contacting us. Upon deletion, Personally Identifying Information (PII) associated with the account is purged. Aggregated, non-attributable research results provided by Participants are retained for historical analytics; because this data is siloed from PII, it cannot be "re-linked" to an individual for deletion purposes once a study is completed. We publicly commit to maintaining and using de-identified data without attempting to re-identify said data, or allow third parties to do so.

10. Consumer Rights & Privacy Standards

In accordance with the Texas Data Privacy and Security Act (TDPSA), the California Consumer Privacy Act (CCPA), and international regulations, PublicPreference™ provides the following disclosures:

• No Profiling or Targeted Research: PublicPreference™ does not process personal data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects, nor do we utilize data for targeted research beyond the scope of the specific study for which it was collected.
• Right to Limit Sensitive Data: Users and Participants have the right to direct us to limit the use of Sensitive Personal Information (SPI) to only what is necessary to perform the Service.
• Right to Access & Deletion: You have the right to confirm whether we are processing your personal data and to request the deletion of such data. Please note that once Participant data is de-identified and aggregated into research results, it can no longer be "re-linked" for individual deletion.
• Exercise of Rights: To exercise these rights, please contact us at publicpreference.assist@gmail.com. We will respond to verified requests within 45 days.