Quitiq Logo

Privacy Policy

Quitiq is designed and deployed with rigorous research governance at its core. The platform supports institutions, investigators, and research teams in managing participant data responsibly while aligning with established ethical frameworks and regulatory obligations. All data activities conducted through Quitiq should adhere to institutional review board (IRB) requirements, informed consent standards, and applicable local and international privacy regulations, including but not limited to GDPR, HIPAA, and other relevant data protection laws where applicable.

Our governance model emphasizes accountability, transparency, and participant autonomy. Researchers retain responsibility for ensuring that study protocols, recruitment processes, and data handling practices meet the ethical thresholds defined by their institutions and oversight bodies. Quitiq provides the infrastructure to operationalize these requirements securely and efficiently.

Data Minimization

Quitiq follows the principle of data minimization by design. Researchers are encouraged—and technically enabled—to collect only the data strictly necessary to address predefined research objectives and hypotheses.

By limiting unnecessary data capture, studies can:

  • Reduce participant privacy risk
  • Improve data security posture
  • Streamline storage and processing requirements
  • Maintain regulatory compliance more easily

Customizable survey logic, selective field deployment, and scoped data schemas ensure that superfluous personally identifiable information (PII) or sensitive attributes are not collected without clear justification. This approach aligns with global best practices in ethical research and privacy engineering.

Participant Consent

Ethical research begins with informed, voluntary participation. Quitiq supports robust consent management workflows that prioritize clarity, transparency, and participant comprehension.

Key consent considerations include:

  • Plain-language disclosures explaining study purpose, procedures, and risks
  • Explicit data usage statements outlining how information will be stored, analyzed, and shared
  • Withdrawal rights allowing participants to opt out where legally and operationally feasible
  • Documentation records of consent capture for audit and compliance review

Researchers can embed consent forms directly within study flows, ensuring participants review and affirm consent before contributing data. This structured approach strengthens ethical defensibility and institutional compliance.

Secure Architecture

Quitiq is built on a security-first architectural framework designed to safeguard research data across its lifecycle—from collection to storage to analysis.

Security controls include:

  • Role-based access controls (RBAC) to restrict data access to authorized personnel only
  • Encrypted data transmission using industry-standard protocols (e.g., TLS)
  • Secure data storage environments with monitored infrastructure
  • Audit logging to track access and administrative actions
  • Environment segregation to protect production datasets

These measures help mitigate risks such as unauthorized access, data leakage, and interception during transmission. Security practices are continuously reviewed and updated to align with evolving cybersecurity standards and threat landscapes.

Ethical Data Stewardship

Beyond technical safeguards, Quitiq promotes a culture of ethical data stewardship. Researchers are expected to evaluate not only what data can be collected, but what data should be collected. Respect for participant dignity, confidentiality, and contextual sensitivity remains paramount—particularly when working with vulnerable populations or stigmatized health conditions.

Data Retention

We retain personal data only for as long as necessary to provide the QuitIQ service and fulfill the purposes described in this policy:

  • Active accounts: Your account profile, quit plan, survey responses, mood logs, uploaded photos, chat history, and other personal data are stored for as long as your account remains active.
  • Research participation: If you enroll in a research study, study-related data may be retained for the duration of the study and for any additional period required by the study protocol, institutional review board (IRB) requirements, or applicable law.
  • After deletion: When you delete your account or request data deletion, we remove your personal data from our active systems within 30 days of verifying your request. Residual copies in encrypted backups may persist for up to 90 days before being automatically purged.
  • Aggregated or de-identified data: Data that can no longer be linked to you may be retained indefinitely for research, analytics, and service improvement purposes.

Data Deletion

You may request deletion of your QuitIQ account and associated personal data at any time. Once deleted, this action cannot be undone.

How to request deletion

  • Use the in-app option under Account > Delete Account.
  • Email support@quitiq.org with the subject "Account Deletion Request" and include the email address linked to your account.
  • Visit our Account Deletion page for full details.

What is deleted

When your deletion request is processed, the following are permanently removed:

  • Account profile and login credentials
  • Personal information (name, email, phone number)
  • Quit plan, survey responses, and behavioral tracking records
  • Mood logs, uploaded photos, and chat history

Aggregated or de-identified research data that cannot be linked back to you may be retained as described above. For questions about deletion, contact support@quitiq.org.