Privacy and Security

Your identity is yours and will always be. We use cookies in a minimal way to help us help you. Thank you for taking the effort to read our Privacy Policy. We also encourage you to review our Cookie Policy and the Terms of Service, which is the agreement between you and Sprockler that governs your use of the web applications. If you do not agree with our Privacy Policy, or with our Terms of Service, you will not be able to use the web application. If you have any further questions about our privacy policy, please do not hesitate to contact us at

Effective: 1st of April, 2021


We consider three types of interaction with Sprockler. Firstly, people who visit our website but do not register for an account. These will be referred to as "Visitors". Secondly, people who register and create an account will be referred to as "Users". Thirdly, people who participate in inquiries after being invited to do so by our Users will be referred to as “Participants”. If you would like to learn more about how we collect personal data using cookies or similar technologies, please read our Cookie Policy.


  • Visitors: In contrast to many “modern” organisations, Sprockler as an organisation is not interested in the identity and personal details of our Visitors. Therefore, we do not store email addresses from our Visitors.
  • Participants: We do not store email addresses from the Participants who are invited to engage in an inquiry. Sometimes it happens that the Users will need these email addresses to invite Participants for an inquiry but even then, we will not store the email addresses. Instead, we only store a so-called hash from which email addresses cannot be retrieved. The hash enables us to know that a certain set of responses comes from one Participant. We don't know who this person is, and we cannot retrieve their email address.
  • Breaking anonymity: There are legitimate situations where anonymity is not desirable. The User may include questions that ask Participants to share personal details like an email address. Only the Participants themselves can decide to offer these details. We consider this to be the most transparent way of breaking anonymity.
  • Users: Sprockler processes personal data for those Visitors who create an account and by doing so become Users of our web applications for narrative research. In section 3 of this Privacy Policy, we explain in detail what personal data we process, how and why we process those, and what your rights are under the General Data Protection Regulation (GDPR).


  • Required info: To register for the use of the web applications, Users must provide a full name, an organization name and email address (only). To purchase service, we also require legitimate payment/invoicing information.
  • Privacy policy and terms of use: When you create an account to use our web applications, we ask you to agree in advance with this Privacy Policy and Terms of Service.
  • Required info:Any Visitor can sign up for an account. As a Visitor, you will then have to register with your name and your email address to become an authorized User. This personal data will be stored in a secure way.
  • Use of the account:When a User did not login to their account for a period of 3 months, the User of this account will get an email with the question if they want to continue the account. If this email remains unanswered for a period of another month, the account and all the corresponding data will be deleted. This means that not reacting to this reminder email means the account, the personal data and all inquiries conducted will be deleted after this period of 4 months.
  • Contacting you:Sprockler may use your registration information to contact you to:
    • Deliver the Service of the web applications.
    • Improve our Site, Service, features and content.
    • Provide customer service and personalise your experience.
    • Administer and enable your use, enjoyment and navigation of our Service.
    • Improve our understanding of your needs and interests.
    • Fulfil requests you make via
  • Sharing personal data: We do not sell or share your personal details with third parties.


  • Participants rights: If you are an authorised User, you can administer and control your own inquiries. Sprockler only functions as a Service provider. The Participants can access the inquiry in data-collection mode only. According to article 15 of the GDPR, Participants have the following rights with respect to the information they provided to the User via the inquiry:
    • The Right to rectification;
    • The Right to erasure (the ‘right to be forgotten’);
    • The Right to restrict processing;
    • The Right to object.
    The authorised User is responsible for the implementation of these essential features.
  • Rights of colleagues: Typically, the person who registered for the account will be the only person who can access the inquiries and the responses. Your organization may want to share your account to allow colleagues to support you in the inquiry. This is technologically possible. However: the GDPR requires that you undertake the necessary steps, which are (1) informing the Participants and (2) signing a Data Processing Agreement with these colleagues. Sprockler has a standard Data Processing Agreement available for this purpose. It is possible to grant your colleagues limited rights only. The person who created the account from an organization will be granted administration rights in all cases. They can create other accounts and set their rights.
  • Technical support: As a User you own the inquiry data. We do not use your data, unless you request us to do so for technical support. In case you need technical support, you will grant access to the administrator of Sprockler to access your data. The administrator of Sprockler signed a nondisclosure agreement to this purpose.
  • Maximum retention period: We will remove personal data or data of inquiries from our servers upon your request. The Users themselves are responsible for the implementation of our GPDR regulations with respect to the maximum retention period of personal data. The GDPR states that personal data may only be kept for the period necessary for the purposes for which the data was processed. Note: research reports as such (for instance created in the Visualizer application) may be retained for a much longer period (up to 10 years). However, personal data such as email addresses of participants or any information that can be traced to a specific person, may only be kept in a form that permits identification of the individual for no longer than is necessary for the purposes for which it was processed, in other words for the research period only. An exception can be applied to longitudinal research under the condition that personal data will be anonymised (no longer traceable at all).


  • TLS: Data security is very important to us. To that end, communications with our servers make use of Transport Layer Security (TLS version 1.2) including the communications between the iOS and Android apps and the server (uploading of responses of Participants). TLS is a cryptographic protocol that provides secure communication between the server and the computer of a Visitor, User or Participant. It's more or less the successor of SSL protocol (which is used by the majority of banks).
  • Encryption on mobile: The Collector app also encrypts data that are temporarily stored on mobile devices. These data are removed from the device after the server confirms their receipt.
  • Secure server: Sprockler outsources hosting and technical maintenance of our site and the three web applications to TransIP, which is a renowned hosting provider.


The Sprockler Site may contain links to other websites. Please be aware that Sprockler is not responsible for the privacy practices of these websites. This Privacy Policy applies solely to information on this Site and its three web applications.