Data Compliance

Data storage: All personal data is stored on EU-hosted infrastructure (Supabase EU region) and never transferred outside the EU without explicit consent.

GDPR alignment: UserView follows GDPR principles including data minimisation, purpose limitation, and the right to erasure.

Sensitive data: Government ID documents are accessible to admins only and stored in a private, encrypted storage bucket. They are never exposed to researchers.

Data rights: Participants may request account deletion at any time. Personal fields are anonymised; participation records are retained for payout and dispute history.