Last updated: 3 March 2026
1. Who we are
The Cold Cognition Project ("we", "us", "our") is a community-led citizen-science study run by Andy T. Woods. We operate the website at coldcognition.org and the Cold Cognition iOS/Android app (the "App"). Questions about this policy can be sent to andytwoods@gmail.com.
2. What we collect
- Account data: email address, chosen display name.
- Demographic data: age range, sex, years of cold-water experience — collected once during sign-up.
- Cognitive performance data: response times, accuracy scores, and mood ratings from the in-app cognitive tasks.
- Plunge logs: water temperature, duration, immersion depth, context, and perceived intensity that you choose to record.
- Covariate data: optional self-reported information about sleep, caffeine, and alcohol intake recorded before each session.
- Device token: if you enable push notifications, we store a device push token provided by OneSignal (see §6) to deliver reminders.
- Usage data: standard server logs (IP address, browser/OS type, pages visited) retained for up to 90 days for security purposes.
3. How we use your data
- To operate your account and provide your personal dashboard.
- To conduct pseudonymised research on the effects of cold-water immersion on cognition — your data is linked to a random participant ID, not your email, in all analyses and exports.
- To send scheduled cognitive-test reminders via push notification, if you opt in.
- To generate aggregated, anonymised community-level findings.
- To improve the tasks and user experience.
4. Legal basis (GDPR)
We process your data on the basis of your explicit informed consent, given during sign-up and recorded with a timestamp. You may withdraw consent at any time (see §7).
5. Sharing and disclosure
- Research outputs: only aggregated, anonymised group-level findings are shared publicly or in publications. No individual records are ever published.
- Legal obligations: we may disclose data if required by applicable law.
- We do not sell your data. We do not use it for advertising.
6. Third-party services
- OneSignal — push notification delivery. If you enable notifications, your device push token is transmitted to OneSignal's servers in the United States. OneSignal Privacy Policy ↗
- Hosting / infrastructure: the App and website are hosted on servers in the EU/UK. Standard server logs are retained for 90 days.
7. Your rights
You have the right to:
- Access and export all your raw data at any time via Account → Export my data.
- Delete your account and all associated raw data via Account → Delete my account. Deletion is irreversible and processed immediately; only anonymised aggregate statistics derived before deletion may be retained.
- Withdraw consent at any time by deleting your account. This does not affect the lawfulness of processing before withdrawal.
- Opt out of push notifications at any time via Notification preferences or your device's system settings.
- Lodge a complaint with your local data-protection authority (e.g. the ICO in the UK: ico.org.uk).
8. Data retention
Your data is retained for as long as your account is active. If you delete your account, all personally identifiable data is permanently removed within 24 hours. Anonymised aggregate statistics (no link back to any individual) may be retained indefinitely for research continuity.
9. Children
This App is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to this policy
We will notify registered users by email of any material changes. The "Last updated" date at the top of this page will always reflect the current version.