Privacy Policy

Updated: 25th January, 2024

What is #So.Me?

The #So.Me mobile application is part of a research project run by The University of Manchester. The app is a vehicle for collecting data on social media usage and mental health of participants aged 13-15, which will be used to gain insight into the effects of social media on young people.

Who has reviewed #So.Me?

The app has been developed as part of a research project for which ethics approval was obtained from The University of Manchester Research Ethics Committee (UREC) (987120). The processing and handling of any data collected by the app is handled in accordance with the Privacy Notice for Research Participants and the associated Data Management Plan (DMP) for the research project (900909), reviewed by the Information Governance Office at The University of Manchester. The app has undergone an internal test programme prior to public release and has been approved for release by the research team and the Research IT Strategy and Change Management Board (RIT SCMB) at The University of Manchester.

How does #So.Me handle data?

Research IT at The University of Manchester handles data in compliance with UK GDPR and the Data Protection Act 2018. By using the app, users agree that researchers at The University of Manchester and collaborating institutions, associated with the development of the app can use any data collected for research purposes only. All research data handling is compliant with our Privacy Notice for Research Participants.

What data is stored on the device?

In order to function, the app is required to store some information locally on your device. The following information is stored in a database which resides in a private application directory on your device. This data may be used strictly behind-the-scenes or may be displayed directly on screen in appropriate locations to assist with the function of the app.

• Pseudonymised participant identifier is stored locally.

This database is erased when the app is uninstalled.

It is the responsibility of the device owner to protect their access to their device and hence the data store on it. We strongly recommend that you use some form of screen lock and storage encryption to protect unauthorised access to any of the data we store or display in the app.

What data is transmitted to researchers?

The app sends data to University researchers through the following mechanisms:

• StorageConnect - data collection system owned by Research IT at the University of Manchester

Note that if an internet connection is not available at the time of transmission, StorageConnect data is buffered in a separate local database on the device. Once an internet connection is available again, these records are transmitted and deleted from this local database.

The following data is transmitted to researchers:

• Pseudonymised participant identifier: this data is allocated to participants by the researchers directly involved in the research project. This data is required to keep your identity anonymised to researchers not directly involved within the project, whilst linking transmitted social media usage and self-reported data to the correct participant.
• Your chosen reminder times: to schedule notifications prompting participants to report on social media usage and answer mental health questionnaires.
• Social media usage data: including frequency of interactions with social media apps, time stamps of interactions and duration of sessions.
• Your responses to questionnaires: such as for questionnaires with standard mental health questions and social media usage.

Is any data Person Identifying Information (PII) and linked to my identity?

You will be allocated a pseudonymised unique identifier by the researchers directly involved in the research project. This ID can only be linked back to you by the researchers directly involved in the project.

How will you protect my data?

All transmissions over the internet are encrypted using a standard TSL/SSL encryption protocol and is thus protected in transit. The data you send us is stored on systems that are access-controlled and data is only accessible by project researchers and nominated collaborators. The StorageConnect system is also accessible by select members of Research IT. Access to StorageConnect is controlled by Research IT on a person-by-person basis and will not be granted to individuals not affiliated with the research project to which the data is attached. StorageConnect is backed-up and replicated daily. Records stored in StorageConnect are given an anonymous user ID and are not identified against any username or password you may have been asked to enter into the app.

What will you use the data for?

The data will be analysed to gather insights into social media usage and its effects on the mental health of young people as part of a research project.

Who will you share the data with?

Data will only be shared with the researchers directly involved in the project.

Does #So.Me collect usage statistics or analytics?

The app connects automatically to Microsoft App Center servers for the purposes of crash reporting. In the event of a crash, the app will collect the following information:

• Device information (e.g. make, model, operating system and version)
• Unique device identifiers (not directly person-identifying but allows us to know two reports came from the same device)

This information is transmitted to servers not owned by The University of Manchester, and is hence shared with the third-parties who operate the crash monitoring services. We make use of this service to acquire details on crashes users may have experienced. This allows us to improve future versions of the app. This data is only accessible to Research IT staff and is not shared with other services.

Does #So.Me access third-party content?

The app contains links to websites. If you click on a link, you will be directed to that site. Note that these external sites are not operated by the app provider. Therefore, we would advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for, the accuracy of content, the privacy policies, or practices of any third-party sites or services.

What permissions does #So.Me need?

The app requires permission to access certain features of your device for its functionality. The permissions required along with the reason are described below:

• Notifications: to post notifications of daily reminders to answer questionnaires, and to prompt answering questions about what participants are doing on social media.
• Network features and Internet: to send questionnaire responses and user feedback to Storage Connect.
• Foreground Service: to collect data about social media app usage and trigger notifications prompting to answer questionnaires whilst using social media.
• Wake Lock: to keep the Foreground Service active and allow it to finish data collection before the device goes to sleep.

Who do I contact about the study?

Lead Researcher: Dr Margarita Panayiotou
Phone: 0161 275 3534
Email: margarita.panayiotou@manchester.ac.uk

What if I have a complaint about the research team?

We encourage you to contact the research team in the first instance. However, if you are dissatisfied with their response and wish to make a formal complaint about the conduct of the research team, please write to:

Head of the Research Office
Christie Building
The University of Manchester
Oxford Road
Manchester
M13 9PL

What if I have a complaint about Data Protection and Information Governance?

We encourage you to contact the research team in the first instance. However, if you are dissatisfied with their response and wish to make a formal complaint about data protection, please contact:

Information Governance Office
G7 Christie Building
The University of Manchester
Oxford Road
Manchester
M13 9PL
Tel: +44 (0)161 275 7789
Email: information.governance@manchester.ac.uk