IRB & Privacy Overview
Public summary for research teams and reviewers evaluating The Brain Call platform.
What The Brain Call Does
The Brain Call platform conducts structured phone-based voice assessments, stores response recordings, and computes voice-related measures for longitudinal research review.
Privacy & Data Handling
- Participant access is controlled via study PIN/QR codes.
- Researcher/admin pages require authenticated access.
- Call recordings and derived metrics are stored in a managed Postgres database.
- Data is used for research operations and analysis, according to study consent and policy.
- No public participant data exposure endpoints are provided.
Security Controls (Operational)
- HTTPS/TLS in transit: Web traffic and API requests are served over HTTPS.
- Managed infrastructure: Hosting and database services are provided by managed vendors (Vercel and Supabase).
- Authentication controls: Researcher access is protected with Supabase Auth sessions.
- Least-privilege app access: Researcher views are scoped by assigned study relationships.
- Export de-identification: CSV export defaults to hashed/redacted sensitive telephony identifiers.
- At-rest protections: Data storage protections are provided by the underlying managed services and account configuration.
Technology Stack
- Next.js — web application and API routes
- Supabase — PostgreSQL database and researcher authentication
- Twilio — secure voice call handling and call recording callbacks
- Vercel — application hosting and deployment
This page is an operational overview, not a legal representation. Final study language should match your IRB protocol, consent documents, and institutional requirements.