Privacy Policy
Effective Date: January 1, 2026
Research Shield™ ("we", "us", "our") respects your privacy. This Privacy Policy explains what data we collect, how we use it, and what rights you have.
1. Who We Are
Research Shield™ is a data quality assurance system for market research. We help research companies verify the authenticity of survey responses.
Data Controller:
TGM Research Pte. Ltd.
6001 Beach Road, #22-01 Golden Mile Tower
Singapore 199589
privacy@researchshield.com
Data Protection Officer:
Marcin Kaleta
privacy@tgmpanel.com
Postal correspondence: use the address above with notation "Data Protection Officer"
EU Representative (Art. 27 GDPR):
TGM Research Europe
[Address in EU Member State]
eu-representative@researchshield.com
UK Representative (UK GDPR Art. 27):
TGM Research UK
[Address in United Kingdom]
uk-representative@researchshield.com
2. What Data We Collect
2.1 Technical Data
- IP address and approximate geographic location
- Browser and device type
- Operating system
- Screen resolution
- Time zone
- Device identifier (fingerprint)
2.2 Behavioral Data
For fraud detection purposes, we analyze:
- Typing patterns and keystroke timing — the rhythm, speed, and pauses in your typing
- Mouse movements and click patterns — cursor trajectory, click locations, scrolling behavior
- Response timing — time spent on each question and navigation patterns
- Browser window activity — focus events, tab switching, window visibility
2.3 Survey Data
- Responses provided in the survey
- Session identifier
We do not collect: names, email addresses, or other directly identifying information unless they are part of the survey commissioned by the client.
⚠️ Important Notice for Open-Link and Social Media Respondents
If you accessed this survey via a public link, social media advertisement, or direct recruitment (not through a research panel you previously joined):
We analyze your behavior during the survey to detect fraud. This includes:
- Mouse movements and clicks — how you move your cursor across the page
- Typing patterns — the rhythm and timing of your keystrokes
- Response timing — how long you spend on each question
- Device fingerprinting — technical characteristics of your browser and device
- Navigation behavior — how you interact with form elements
Why we do this: To distinguish genuine human respondents from bots and fraudsters. This protects the integrity of research data.
Your choice:
- If you accept behavioral analysis, you may proceed with the survey
- If you do not accept, please close this page — participation requires acceptance of fraud detection
- After completing the survey, you may object to data retention by contacting privacy@researchshield.com
Legal basis: Legitimate interest in fraud prevention (GDPR Art. 6.1.f, Recital 47). See Section 7 for your rights including the right to object.
3. Why We Process Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Fraud and bot detection | Legitimate interest (Art. 6.1.f) |
| Ensuring research data quality | Legitimate interest (Art. 6.1.f) |
| Delivering the survey for the client | Contract performance (Art. 6.1.b) |
| Service analysis and improvement | Legitimate interest (Art. 6.1.f) |
Legitimate Interest
Our legitimate interest is protecting the integrity of market research and our clients' interests against fraud. Processing behavioral data is necessary to achieve this purpose and does not unduly infringe on the rights of data subjects.
Clarification: Which Data Falls Under Which Legal Basis
Behavioral data (typing patterns, mouse movements, device characteristics, interaction timing) is processed exclusively under our legitimate interest in fraud prevention (Art. 6.1.f). This data is not required to deliver your survey responses to the client.
Survey response data (your answers to survey questions) is processed under contract performance (Art. 6.1.b) on behalf of the research client who commissioned the survey.
These are distinct processing operations with separate legal bases, as required by GDPR and EDPB Guidelines 2/2019.
4. Who We Share Data With
4.1 Research Clients
Survey responses and data quality information are shared with the company commissioning the research.
4.2 Sub-Processors and Their Roles
We use the following technical service providers to deliver our fraud detection service. For each, we disclose what data is shared, how they process it, and their legal role under GDPR.
Amazon Web Services (AWS)
| Data shared | All data collected by Research Shield™ |
|---|---|
| Purpose | Cloud hosting and data storage |
| Location | EU (Frankfurt, eu-central-1) |
| Role | Processor — processes data only on our instructions |
| Cross-client data pooling | No — data isolated per customer |
| DPA in place | Yes (AWS Data Processing Addendum) |
FingerprintJS, Inc.
| Data shared | Device signals: browser type, OS, screen resolution, installed fonts, WebGL renderer, audio context, canvas fingerprint, timezone |
|---|---|
| Purpose | Generate device identifier (fingerprint) for duplicate detection |
| Location | USA |
| Role | Joint Controller (Art. 26) — FingerprintJS uses aggregated, anonymized data to improve their identification algorithms |
| Cross-client data pooling | Yes — anonymized signals contribute to their global identification model |
| DPA in place | Yes + Joint Controller Arrangement (Art. 26) |
| Their privacy policy | fingerprint.com/privacy |
Art. 26 Arrangement Summary: FingerprintJS acts as joint controller for the purpose of improving their device identification technology. We remain responsible for collecting device signals and for decisions about individual fraud assessments. FingerprintJS is responsible for the aggregated model improvement. You may exercise your rights with either party.
IPQualityScore (IPQS)
| Data shared | IP address (hashed where possible), user agent string |
|---|---|
| Purpose | Query fraud reputation database, detect VPN/proxy/bot usage |
| Location | USA |
| Role | Joint Controller (Art. 26) — IPQS maintains a fraud reputation database enriched by queries from all customers |
| Cross-client data pooling | Yes — IP reputation scores are derived from cross-client fraud signals |
| DPA in place | Yes + Joint Controller Arrangement (Art. 26) |
| Their privacy policy | ipqualityscore.com/privacy-policy |
Art. 26 Arrangement Summary: IPQS acts as joint controller for maintaining their fraud reputation database. We query their database with IP addresses; they use this data (alongside queries from other customers) to improve fraud detection accuracy across their network. We remain responsible for how we use IPQS scores in our fraud assessments. You may exercise your rights with either party.
Sentry (Functional Software, Inc.)
| Data shared | Error logs, stack traces, minimal session context (PII scrubbed before transmission) |
|---|---|
| Purpose | Application error monitoring and debugging |
| Location | USA |
| Role | Processor — processes data only on our instructions for error monitoring |
| Cross-client data pooling | No — error data not shared across customers |
| DPA in place | Yes (Sentry Data Processing Addendum) |
| Their privacy policy | sentry.io/privacy |
4.3 International Data Transfers
Some personal data is transferred to countries outside the European Economic Area (EEA), particularly the United States. We ensure appropriate safeguards for such transfers:
| Recipient | Country | Primary Safeguard | Fallback Safeguard | TIA Conducted |
|---|---|---|---|---|
| FingerprintJS, Inc. | USA | EU-US Data Privacy Framework | SCCs (2021/914) | Yes |
| IPQS (IPQualityScore) | USA | SCCs (2021/914) | — | Yes |
| Sentry (Functional Software) | USA | EU-US Data Privacy Framework | SCCs (2021/914) | Yes |
Transfer Impact Assessments (TIA)
In accordance with the Schrems II ruling (C-311/18), we have conducted Transfer Impact Assessments for each US recipient. These assessments evaluate:
- The legal framework in the recipient country
- The nature of data transferred (pseudonymized technical/behavioral data)
- Likelihood of access by public authorities
- Effectiveness of supplementary measures
TIA Conclusion: Given the technical nature of data (device fingerprints, behavioral patterns), pseudonymization, encryption, and the limited personal identifiability, the risk of harm from potential government access is assessed as low. Supplementary measures provide effective protection.
Supplementary Measures
Standard Contractual Clauses (SCCs) are legal contracts approved by the European Commission (Decision 2021/914) that bind data recipients to protect personal data to EU standards. We implement the following supplementary measures for all US transfers:
- Technical: Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Technical: Pseudonymization of personal identifiers before transfer
- Organizational: Access controls and audit logging
- Organizational: Data Processing Agreements (DPAs) with all sub-processors
- Contractual: Notification obligations if recipient receives government access requests
Adequacy Decision Contingency
If the EU-US Data Privacy Framework adequacy decision is invalidated (as occurred with Safe Harbor and Privacy Shield), we will rely on Standard Contractual Clauses as the transfer mechanism. SCCs are already in place with all US recipients as a fallback safeguard. We monitor regulatory developments and will implement additional measures as required.
You may request a copy of the relevant SCCs or TIA summaries by contacting privacy@researchshield.com.
4.4 No Advertising or Marketing Use
We do not use your data for advertising, marketing profiling, or any purpose unrelated to fraud detection. Specifically:
- We do not sell your personal data
- We do not share data with advertising networks
- We do not create marketing profiles
- We do not use data for targeted advertising
- We do not share data with social media platforms for advertising
4.5 Other Disclosures
We may disclose data when required by law, court order, or law enforcement authorities.
5. How Long We Keep Data
We apply tiered retention periods based on the data minimization principle. Each category is retained only as long as necessary for its specific purpose:
| Data Category | Retention Period | Justification |
|---|---|---|
| Raw behavioral data (typing patterns, mouse movements) | 90 days | Session fraud scoring and ML model training; derived scores retained instead |
| IP addresses | 6 months | Short-term duplicate detection; longer retention unnecessary |
| Device fingerprints | 24 months | Required for longitudinal device reuse detection across survey waves |
| Fraud scores and flags | 24 months | Required for recurring fraud pattern analysis across clients |
| Session metadata (timing, navigation) | 12 months | Quality assurance and system performance analysis |
| Aggregated statistics | Indefinitely | Anonymized; no personal data |
After each retention period, data is automatically deleted or irreversibly anonymized. Raw behavioral data is converted to derived fraud indicators before deletion.
6. Your Rights
Under GDPR, you have the following rights:
- Access - you can obtain information about processed data
- Rectification - you can correct inaccurate data
- Erasure - you can request deletion of data ("right to be forgotten")
- Restriction - you can request limitation of data processing
- Portability - you can receive data in a machine-readable format
- Objection - you can object to processing based on legitimate interest
Granular Objection Rights
You may object to specific aspects of our processing. After survey completion, you can object to:
- Continued retention of your data — we will delete your data upon valid objection
- Cross-session use of device fingerprints — we will remove your device from our duplicate detection database
- ML training use — we will exclude your data from machine learning model improvement
Such objections will be assessed individually and can be honored without affecting your past survey participation. See Section 7.4 for the full objection process.
How to Exercise Your Rights
You can exercise your rights in two ways:
- Online: Visit our Data Rights page for detailed instructions and options
- Email: Send a request to privacy@researchshield.com
We will respond within 30 days.
Complaint to Supervisory Authority
You have the right to lodge a complaint with your local data protection authority.
7. Fraud Detection and Automated Decision-Making
7.1 How Fraud Detection Works
We use automated analysis systems to detect inauthentic responses (bots, scripts, fraud). The system analyzes behavioral patterns and technical indicators to generate a fraud risk score.
7.2 Automated Processing and Decision-Making (GDPR Art. 22)
How our system works:
- Research Shield™ generates fraud risk scores based on behavioral and technical data
- The system flags responses as potentially fraudulent
- These scores and flags are recommendations only
Human-in-the-loop architecture:
Research Shield™ does NOT make disqualification or incentive decisions. Our automated system produces fraud indicators only. Final eligibility decisions, including survey disqualification and incentive denial, are made by:
- The research client's own review process, or
- The panel provider's quality control team, or
- Human reviewers at the client organization
Why Art. 22(1) does not apply: Because Research Shield™ provides fraud scores and flags as decision-support tools only, and does not itself produce decisions with legal or similarly significant effects, the prohibition in Art. 22(1) is not triggered by our processing. The data subject's relationship regarding eligibility and incentives is with the research client or panel provider, not with Research Shield™.
Legal basis for processing: Legitimate interest in fraud prevention (GDPR Art. 6.1.f, Recital 47).
7.3 Safeguards (Binding Obligations)
Regardless of Art. 22 applicability, we implement the following safeguards as binding obligations:
- Human review available: You may request human review of any fraud flag by contacting the research client or privacy@researchshield.com. We will facilitate this request.
- Right to contest: You may contest any fraud determination and provide additional information to the research client
- Transparency: We disclose the existence and logic of automated processing in this policy
- No sensitive data: We do not use special category data (Art. 9) in fraud analysis
- Accuracy obligation: Our system is regularly tested and calibrated to minimize false positives. We maintain documentation of accuracy rates.
- Client obligations: Our contracts with research clients require them to implement appropriate human review processes for disputed cases
7.4 Right to Object (Art. 21)
Under GDPR Art. 21, you have the right to object to processing based on legitimate interest. We assess each objection on a case-by-case basis, considering your specific situation and grounds for objection.
Types of Objection We Distinguish:
| Objection Type | Can It Be Honored? | Explanation |
|---|---|---|
| Real-time fraud analysis (during survey participation) | Limited | If you object to real-time behavioral analysis, you may still participate, but we cannot guarantee acceptance of your response. As a practical consequence, objection to real-time analysis may mean choosing not to participate. |
| Post-session data retention | Yes | You can object to continued retention of your data after your session has been scored. We will delete your data upon valid objection, subject to any legal retention obligations. |
| Cross-session profiling (device fingerprint retention for duplicate detection) | Yes | You can object to retention of device fingerprints used to detect repeat participation. We will delete this data upon valid objection. |
| Use for ML model training | Yes | You can object to your behavioral data being used for machine learning model improvement. We will exclude your data from training datasets. |
How to Object
Send your objection to privacy@researchshield.com with:
- A description of which processing you object to
- Your grounds for objection (your particular situation)
- Any identifiers that help us locate your data (session ID, date of participation)
Our Assessment Process
We will:
- Acknowledge your objection within 7 days
- Assess your specific grounds against our legitimate interests
- Provide a reasoned response within 30 days
- If we reject your objection, explain our compelling grounds
- Inform you of your right to complain to a supervisory authority
7.5 Relationship Between Participation and Objection
We do not operate on a "take-it-or-leave-it" basis. However, we are transparent about practical consequences:
- Before participation: If you object to all fraud detection processing, participation may not be possible as fraud detection is integral to the service
- During participation: Real-time analysis occurs automatically; objection at this stage is impractical but you retain post-session rights
- After participation: Objection to retention, profiling, and ML training can be fully honored without affecting your past participation
Your right to object is genuine and subject to individual assessment, not a pre-determined outcome.
8. Cookies, Browser APIs, and Similar Technologies
8.1 Cookies
We use essential cookies:
| Cookie | Purpose | Lifetime |
|---|---|---|
| session_id | Survey session identification | Session |
| respondent_id | Response linking | 24h |
8.2 Browser APIs for Device Fingerprinting
Our fraud detection system (via FingerprintJS) accesses the following browser APIs to generate device identifiers:
| API | Purpose |
|---|---|
| Canvas API | Generates unique image rendering signature |
| WebGL API | Identifies graphics hardware characteristics |
| Audio Context API | Generates audio processing signature |
| Navigator API | Collects browser and system information |
These accesses are strictly necessary for fraud detection under ePrivacy Directive Art. 5(3). They do not involve marketing or advertising cookies.
8.3 Local Storage
We may use localStorage for temporary session data. This data is cleared when you close your browser or after 24 hours.
We do not use marketing cookies or tracking cookies for advertising purposes.
9. Children
Our services are not intended for individuals under 16 years of age (or under 13 in the United States). We do not knowingly collect data from children.
10. Information for United States Residents
10.1 Categories of Personal Information Collected
Under US state privacy laws (including CCPA/CPRA), we collect the following categories:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | IP address, device ID, session ID | Yes |
| Internet activity | Browsing behavior, interaction with survey | Yes |
| Geolocation | Approximate location from IP | Yes |
| Inferences | Fraud risk scores, quality assessments | Yes |
| Sensitive personal information | N/A | No |
10.2 How We Use and Disclose Information
- Business purpose: Fraud detection, data quality assurance
- Sale of data: We do not sell your personal information
- Sharing for advertising: We do not share your data for cross-context behavioral advertising
10.3 Your Rights (California, Virginia, Colorado, Connecticut, Utah)
Depending on your state, you may have the right to:
- Know what personal information we collect
- Access your personal information
- Delete your personal information
- Correct inaccurate information
- Opt-out of sale/sharing (not applicable - we don't sell data)
- Non-discrimination for exercising your rights
10.4 How to Exercise Your Rights
Submit a request to: privacy@researchshield.com
We will verify your identity and respond within 45 days (or as required by applicable law).
10.5 Authorized Agents
You may designate an authorized agent to submit requests on your behalf with written permission.
10.6 Do Not Track
We do not respond to "Do Not Track" browser signals as there is no industry standard for this feature. However, our tracking is limited to fraud detection purposes only.
11. Policy Changes
We will notify of significant changes by updating the date at the beginning of this document. We encourage periodic review of this Policy.
12. Contact
For privacy-related questions, please contact:
Email: privacy@researchshield.com
Address: TGM Research Pte. Ltd., 6001 Beach Road, #22-01 Golden Mile Tower, Singapore 199589
Last updated: January 1, 2026