Privacy Policy

In order to use the REDCap Mobile App, REDCap must be installed on your institution’s server and must be at version 6.5.0 or higher. The REDCap Mobile App is designed to fit the following scenarios:

  • A REDCap project that needs data to be collected without any Internet access available.
  • A REDCap project that needs data to be collected with sporadic Internet access.

If mobile devices are desired for use in REDCap data collection, and if WiFi or cellular Internet is amply available, then it is suggested to use the REDCap mobile web view that is available on the REDCap server, which provides real-time access to data.
For REDCap Mobile App Users

Project Creation

A project administrator must create a project on a REDCap server. User rights can be granted to the app for download. The app cannot create projects. It can only download them from a REDCap server and upload collected data.


The owner of the REDCap project owns the data on the server. If you, the mobile user, are not the owner of the REDCap project, you are merely collecting the data on the mobile device. While the data resides on the mobile device, you own all modified or new data. The mobile user does not own any downloaded data that is not modified. When the data is sent to the server, the project administrator owns the data.


The project configuration (tables specifying the project) and (optionally) all data from the project are downloaded from a REDCap server via an SSL connection.

The configuration and any data are stored in an encrypted database on the mobile device. The database houses all mobile users. Each mobile user has its data siloed so that only the individual mobile user can access the data.

The data is sent via an SSL connection to the REDCap server from which the project originated. The user can choose which modified data to send if any modified data exist.

The server does not “know” the status of the mobile values and records until the data is sent. All collection can truly happen offline. There is no server monitoring of the collection process.


Project configuration and data are private to a mobile user. They can be sent to the REDCap server, but they cannot be shared among multiple REDCap Mobile App users.

API Token Revocation

If a REDCap API token is revoked or regenerated on the REDCap server, all data is lost among those holding the token. There is no way to recover the data.

For the Participants


The instrument is made and owned by the project administrator. You are providing answers that will be owned by the mobile user and, when sent to the server, by the project administrator.


The project configuration decides whether your response requires you to identify yourself. That is, the project determines whether you are granted anonymity.


Your data is treated as private. All attempts are made to secure the data from outside interception.

Allocation of Software and Data

The parent REDCap server hosts the project and the final copy of the data. The public API and a token are used to access the project. This resides at the host institution that is a member of the REDCap Consortium.

The mobile device hosts the project configuration and any temporary project data. The data does not become authoritative until sent to the REDCap server.

The Vanderbilt REDCap server collects usage stats about the app. Further, if the QR Code is not working to set up a project, this server facilitates a 10-character code that can be used to set up the project. Under normal circumstances, however, the QR Code is sufficient to set up the project, and the Vanderbilt server is not used.