Privacy Policy

About Us

This is a privacy policy for the CMU Usable Privacy and Security Laboratory. Our homepage on the Web is located at

We invite you to contact us if you have questions about this policy. You may contact us by postal mail at the following address:

CMU Usable Privacy and Security Laboratory
5000 Forbes Avenue
Pittsburgh, PA 15213 

You may contact us by e-mail at

Data Collection

Global Policy

As you browse our web site, our web server collects data sent automatically by your web browser. This data is used to provide you with the web pages you request, as well as for system administration and research. If you play a game or participate in another activity on our web site we will collect information about your interactions with the game or activity and use it for our research. We may set a cookie when you play a game or participate in some activities so that we know that you have previously participated if you return to our web site to participate again. These cookies, web browsing, and activity information will not be identified with you personally, although they may be linked to your computer's IP address.

PrivacyFinder Policy

Our policy for our PrivacyFinder service differs from our global policy in that we require search terms to be submitted. These search terms are only used for fulfilling your queries and conducting further research. This data is stored in our web server logs for one week. After one week, all information other than search terms is deleted. Search terms are archived for research purposes and can in no way be mapped back to an individual or their computer. We use cookies for our PrivacyFinder service so that you may store custom privacy preference information. These PrivacyFinder cookies cannot be used for tracking or identifying you.

Survey and User Study Policy

If you sign up for one of our surveys or online user studies we will collect your survey responses and information about your activities during the study. This information will be anonymized and used for research purposes only. If you choose to provide your name and contact information, we will use it only to follow-up with you on matters related to the study, for example, to send you a follow-up survey or to let you know that you have won a prize. Some of our studies use cookies to identify you as a study participant.

Mailing List and Twiki Policy

If you sign up for one of our mailing lists, blogs, or the CUPS Wiki, we will collect your email address, and optionally your name, and ask you to pick a password. This information will be used to send you email messages posted to the mailing list you subscribed to and to manage your subscription or access the blog or Wiki. This information and the contents of your messages and postings will be shared with other subscribers and users.

Submission System Policy

If you use a conference submission system hosted on on, we will collect your name and contact information. If you are a submitter, we will collect your submission. If you are a reviewer, we will collect your reviews and discussion about the submissions. The information you submit will be available to the event organizers and reviewers (submitter name and contact information will not be shared with reviewers if the conference is using an anonymous review process). Your contact information will be used only to communicate with you about the submission and review process or other matters related to the event.

Data Sharing

No data identified with you is ever shared with third parties beyond those identified in this policy, except as required by law or to investigate abuse of our web site.

Data Access

To access information related to your mailing list subscriptions, login to the subscription management page for the mailing lists to which you are subscribed. To access personally identified data you provided as part of your participation in a CUPS study, please contact the researcher conducting the study or


Our web site is P3P enabled. If you are using a P3P-enabled web browser you should be able to fetch the P3P policy automatically.