Terapage privacy and data protection

Privacy Policy

This policy explains how Terapage Limited collects, uses, stores, protects and deletes personal information when people use the Terapage platform, mobile applications and connected integrations.

🔐 Privacy-first platform 🛡 Data minimisation 🌍 Platform and integration coverage
Privacy policy contents

👤Information Collection

When you register with Terapage or access the platform through Single Sign-On, we request the minimum information needed to create and manage your account, including your first name, last name and email address. We may also request demographic information such as date of birth or gender where this is relevant to a study or community.

Depending on the study or community you join, administrators may request further profile information. Any username and password created for Terapage must be kept confidential. If you believe your account credentials have been compromised, please contact us immediately.

Study and community administrators may configure activities that request personal information. Responses may be made available to authorised administrators and, where the activity is configured for shared participation, to other participants. These users operate independently and must comply with the Terapage Terms of Service.

Terapage does not routinely monitor private communications. We may review activity where reasonably necessary to protect users, investigate misuse, maintain platform security, enforce our terms or comply with legal requirements.

Use of Information

Registration data is used to identify users, manage access, associate contributions with the correct account and deliver service-related updates, notifications and support communications.

Demographic and profile data may be used to personalise the Terapage experience or support authorised research activities. Where data is shared externally for reporting, investment or commercial analysis, it will normally be aggregated or anonymised so that individuals are not directly identified.

🍪Use of Cookies

Terapage uses cookies and similar technologies to keep users signed in, maintain security, remember preferences and support platform functionality. Session cookies normally expire when the browser is closed, while preference and analytics cookies may remain for the period stated in our cookie settings.

Cookie values are protected against unauthorised alteration and are used to apply the correct permissions while users navigate the platform.

📈Log Files

Terapage records technical and usage information such as IP address, browser type, device information, cookie identifiers, access time and platform activity. We use this data for security monitoring, troubleshooting, service administration, performance analysis and understanding general usage trends.

We do not disclose personally identifiable traffic patterns to third parties except where required to provide the service, investigate security issues or comply with law.

🌐Public Information

Some information or content may be visible to other users or the public where a study or community administrator has enabled public or shared access. Users should consider carefully what they submit to public activities, discussions or published research spaces.

🛡Security

Terapage uses administrative, organisational and technical controls designed to protect information from accidental loss, misuse, unauthorised access, alteration or disclosure.

No online service can guarantee absolute security. We continually review our controls and encourage users to protect their credentials, use strong passwords and report suspected misuse promptly.

Session Replay and User Behaviour Analytics

To improve usability, identify technical issues and understand how people interact with our web and mobile applications, Terapage uses Microsoft Clarity. Clarity may record interactions such as mouse movement, scrolling, taps and screen navigation.

Strict Data Masking

We configure Clarity to mask sensitive information before it leaves a user’s device.

  • Web application: text inputs, form fields, passwords, financial details and personal identifiers are redacted through automatic masking and manual data-clarity-mask controls.
  • Mobile applications: high-privacy screens, profile areas and custom input views are programmatically masked using Microsoft Clarity’s mobile SDK controls.

Consent and Control

Microsoft Clarity is only activated where the user has provided the required consent through our consent banner. Users can update or withdraw their preferences through the relevant privacy settings.

More information is available in the Microsoft Privacy Statement.

Updating Data

Users can update registration and profile information through the Account Settings area available from the account menu. Where information cannot be amended directly, users may contact the relevant workspace administrator or Terapage support.

Personal Data Removal

Terapage provides workspace administrators with tools to remove personal data associated with individual users. Requests should normally be directed to the administrator of the Terapage workspace where the information was collected.

If you cannot identify the administrator, contact dpo@terapage.ai and include the relevant Terapage workspace or page URL.

Data Retention

Terapage retains personal data only for as long as reasonably necessary to provide the services, operate customer workspaces, support integrations, maintain security, comply with legal obligations, resolve disputes and enforce agreements.

Where Terapage processes data through third-party integrations, including Slack, we retain only the information required to provide the requested functionality. Integration data is not used for unrelated purposes unless this is clearly explained and lawfully authorised.

Retention Periods

Account and administrative records Retained while the account is active and, where required for tax, accounting, audit, contractual, fraud-prevention or legal purposes, for up to 6 years after closure.
Workspace and research content Retained while the relevant workspace, project or account remains active. Deleted content is normally removed from active systems immediately or within 30 days.
Slack and other integration tokens New collection stops immediately when the integration is disconnected. Tokens are disabled or deleted immediately or within 24 hours.
Integration configuration data Remaining workspace identifiers, channel references and configuration records are normally deleted from active systems within 30 days.
Temporary Slack content Processed in real time and normally deleted immediately after the requested action or within 24 hours, unless deliberately saved by the customer.
Security, access and audit logs Normally retained for up to 12 months for security monitoring, incident investigation, troubleshooting, fraud prevention and compliance.
Support communications Support tickets, emails, chat messages and troubleshooting records may be retained for up to 3 years after resolution.
Marketing preferences Unsubscribe requests are normally actioned immediately or within 48 hours. A suppression record may be retained to prevent future contact.
Backups and disaster recovery Deleted data may remain in protected backups for 30 to 90 days before being overwritten or deleted under the applicable backup cycle.
Verified deletion requests Applicable data is generally deleted from active systems within 30 days, unless a shorter period applies or retention is legally required.

Deletion Requests

Customers may request deletion of personal data, workspace data or integration-related information. We verify and process valid requests without undue delay. Where information cannot be removed immediately because it remains in backups, security records or legally required documents, access and further use will be restricted until the relevant retention period expires.

Data Minimisation

We aim to collect and retain only the information needed for the purpose for which it was obtained. Retained information is periodically reviewed and may be deleted, anonymised or aggregated when it is no longer required.

Changes to this Privacy Policy

Material changes to this Privacy Policy will be posted prominently on our website. Where appropriate, we may also notify affected users by email or through the platform and provide choices required by applicable law.

Contacting Terapage

For questions, comments or requests concerning this Privacy Policy or Terapage’s handling of personal data, contact us using the details below.

Company Terapage Limited
Address 20 Wenlock Road, London, United Kingdom, N1 7GU
Data Protection Officer dpo@terapage.ai
Telephone +44 141 501 0143