At MX8 Labs, we’ve built our platform with privacy and security in mind from day one. Our role is to provide you with secure, configurable tools so you can run your research confidently. Your role, as the data controller, is to decide what information you collect, why you collect it, and how you respond to your participants. Think of us as the safe, reliable workspace — you decide what goes inside.
Privacy and consent
We design for major regulations like GDPR in Europe, CCPA and other US state laws, and COPPA for children’s privacy. When you run a survey, the personal data collected is up to you. We always collect a hashed IP address and a respondent's unique identifier, but you might choose to include more sensitive details in the survey. If your project involves personal or sensitive data, we even include an out-of-the-box consent question you can include in your surveys.
Data storage and retention
You can control where and how long data is stored. We currently support hosting in the US and Germany, with other regions available on request. Surveys are anonymized after a timeframe you choose — by default, that’s 180 days, at which point identifiers like IP addresses and respondent IDs are removed. If you delete survey data, it’s retained for a configurable grace period (again, defaulting to 180 days) before it’s permanently purged 30 days later.
Data usage
Your data is never used for anything other than running the service. We don’t train AI models on it, and we don’t share it with anyone except AWS, our hosting provider. Any vendors we work with go through strict checks and must meet our high security standards, including encryption, access control, and continuous monitoring. This means you can focus on your research without worrying about infrastructure risks.
Participant rights
In many regions, respondents have the right to ask to access or delete their data, or to opt out. You can add consent forms, privacy notices, and opt-out options to your surveys so participants have the right information from the start. If a respondent does get in touch requesting data deletion, you can pass their details to us, and we'll process it. The same applies if you work with children’s data — COPPA requires verified parental consent, and you can easily collect it in the platform.
In short, MX8 Labs gives you a secure, privacy-conscious environment to conduct your research. You decide what to collect, set your retention rules, and handle participant rights — and we provide the technology and safeguards to help you stay compliant while doing it.