• radar-base@kcl.ac.uk | radar-base@thehyve.nl
  • KCL +44 (0)20 7848 0924 | The Hyve +31 (0)30 700 9713

Google User Data Privacy Policy

1 The Platform

RADAR-base allows study participants to securely share their health data with clinicians and researchers. It is an open-source platform designed for scalable, remote data collection, providing modular tools to integrate data streams from a wide range of sources, including wearables, smartphones, mobile apps, and IoT devices.

The platform enables the real-time collection, processing, storage, management, and sharing of data with researchers. Participants enrol in a specific study, give informed consent under that study’s ethics approval, and may then connect their Google account so the study can passively collect health and fitness data for research.

2 Google Health

2.1 What Google data we access

When you connect your Google account, RADAR-base accesses the following from the Google Health API, read-only, on behalf of the study you enrolled in:

  • Activity & fitness — step counts, total calories/energy expenditure, and exercise sessions (type, duration, distance, speed, and in-session heart-rate zones).
  • Health metrics — heart rate, resting heart rate, heart-rate variability, blood-oxygen saturation (SpO₂), respiratory rate during sleep, and nightly sleep skin-temperature variation.
  • Sleep — sleep sessions and sleep stages.
  • Electrocardiogram (ECG) — ECG recordings, including the voltage waveform and the recording’s heart-rate and device details.
  • Irregular rhythm notifications — alerts indicating a possible irregular heart rhythm, with their timestamps.
  • Location during exercise — GPS track points (latitude, longitude, altitude, timestamp) recorded only during exercise sessions, for studies that analyse mobility or activity routes.
  • Time-zone setting — your account’s time-zone setting, used only to align your daily and exercise data to your local calendar date.

We request read-only access only and never write, modify, or delete data in your Google account.

2.2 How we use it

This data is used solely to deliver the research study you consented to join. It is collected, converted to the platform’s research data format, stored in the study’s secure research database, shown back to you in your participation summary, and analysed by that study’s authorised researchers, including derived measures (aggregates, trends, study metrics) computed from it. We do not use Google user data—raw or derived—for advertising, do not sell it, and do not share it with data brokers.

2.3 Where it is stored

Transmitted over TLS and stored encrypted at rest in the study’s research infrastructure, hosted either in AWS eu-west-2 (London) or university infrastructure, with access restricted to authorised study personnel.

2.4 Sharing

Shared only with the research team of the study you enrolled in, under that study’s ethics approval and your consent. Humans do not read your raw Google data except as needed to deliver the research study, for security, or to comply with law.

2.5 Retention and Deletion

You can disconnect your Google account at any time from the study portal; we then stop collection, revoke our access, and delete the associated Google tokens and identifiers. You may also request deletion of collected study data, subject to the study’s ethics and retention policy, by contacting radar-base@kcl.ac.uk.

2.6 What we never do
  • No advertising of any kind.
  • No selling or transfer to data brokers.
  • No training of generalised AI/ML models.
  • No credit-worthiness or lending use.
2.7 Limited Use

RADAR-base’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.