Open Humans is committed to empowering you with your personal data while protecting your rights. Our site is based in the United States and complies with all applicable US laws. In addition, we comply with the European Union General Data Protection Regulation (GDPR). These policies are applied to all members, irrespective of their country of origin.

Below are some highlights of how we prioritize your right to determine how your personal data is managed and shared.

You can do it yourself.

We want to empower you to do it yourself – so you don't need to wait for our response. We strive to automate all actions regarding your management of your personal data.

Right to access

All the data that activities have put into your Open Humans account is available to you. You can download copies of these data at any time from the relevant activity pages.

You can also see an overview of all your data files using your account management pages.

Right to portability

Your data's portability to third parties, and your control over this, is an important aspect of Open Humans. This enables you to participate in various activities related to your personal data – from data retrievals, to data analyses, to data donations.

We are not the gatekeepers to your data: you are. Anyone can create an activity on the site. Activities can immediately use our APIs and interact with members that join it. If you join and authorize that activity, it has access: it's between you and the activity.

However, we also want to balance this with the safety of our community members. For an activity to be available to all members (i.e. publicly listed and without a user cap), it must agree to our activity guidelines and go through a community review process.

Right to privacy

As outlined by our data use policy: unless we are required to do so for legal reasons, we will not share your private personal data without your affirmative consent. You choose when to share.

Right to erasure

To delete files related to a specific activity you're a member of:

  • Go to the activity page
  • Withdraw from the activity
  • When asked, say you also wish to delete associated data files

If you have withdrawn from an activity in the past but didn't delete that activity's files from your account, that option is available on the activity page.

Activities you've shared data with might have their own copies of your personal data, outside Open Humans. How they manage this data is according to their agreement with you. We provide tools to facilitate members making data erasure requests for activities that support this.

To delete your account entirely, go to your account management page.

When you delete your account or files, they are immediately removed. Your data is deleted in our database, and any files you've added can no longer be accessed by the website or by activities you've authorized.

Because Open Humans might be the only place a member has stored highly valuable data, we also want to protect members from accidental data loss. Secure back-ups for our database and files are performed and kept in restricted storage, and are permanently deleted after 60 days.

Community leadership

Open Humans Foundation is a nonprofit organization. The closest thing we have to "owners" is our board of directors, and we want the community to "own itself" at this highest level. Reflecting this, three of our nine board seats are elected by the members of Open Humans.

Activity features for GDPR compliance

In addition to our own site complying with GDPR, we enable the activities that operate within it to also comply. To that end, we have features on our site that enable this – e.g. the ability to support data erasure requests, with email notifications and/or an API webhook for full automation.


We believe respect for your personal data means you should have transparency. In addition to the information on this page, our website's software is open source and our community chatroom is available for anyone to join. We would love to have you join!

Contacting us

We have a community chatroom – we'd love for you to use it! We believe in transparency and we like to have questions and concerns raised within the community.

We also receive email at, and our Records of Processing Activities Report (per GDPR Article 30) contains contact information for our organization and data protection officer.