We create methodologies and open-source tools for performing social science in the digital world: recruiting representative survey panels and evaluating the behavioral impact of ad campaigns, apps, and websites.

Recruit

Leverage the targeting power of digital advertising to recruit a custom, stratified pool of respondents. Virtual Lab creates custom audiences and conversion events to optimize targeting, enabling you to stratify by any variable for which you can gather data.

Optimize

Virtual Lab creates separate ad sets for each stratum and optimizes ad spending to ensure your over-represented strata and your under-represented strata become properly-represented strata.

Survey

Survey respondents via web surveys, chatbots, or any digital experience you can connect. Virtual Lab comes with a lightweight web survey optimized for poor connections and a chatbot that works with Facebook Messenger and Whatsapp. Follow up after hours, days, weeks or months for seamless longitudinal studies or experience sampling.

Retarget

Divide your respondents into balanced treatment groups and test the effect of your ad by actually advertising to them in the real world, on their Facebook timelines, Instagram feeds, Google search results, or the websites they browse.

Monitor

Monitor responses in realtime via the Virtual Lab dashboard and download current data in CSV format at any time. See when respondents join, how long they spend, and how many questions they answer.

Secure

Open source code ensures full transparency and auditing of security practices. Host Virtual Lab yourself and own your own data or let us take care of the hosting on GDPR compliant, secure Google Cloud infrastructure. All network communication is encrypted by default with TLS and all data at rest stored on encrypted cloud block storage.

Want more info?

Check out our slidedeck

Use Virtual Lab in your next project:

info@vlab.digital

Virtual Lab was built to power studies by us, researchers and academics trying to come up with more efficient models of running studies. Here's how it's been used, both by us and by external research teams:

Gender Attitudes in India

Do short videoclips delivered through social media change gender attitudes and promote information-seeking behaviors in Urban India?

This study evaluates a series of online videos supported and produced by two edutainment champions in the field: Population Foundation of India (PFI) and the WEvolve initiative. Respondents are randomly assigned to either a control group or one of three treatment arms, where they are sent videos from PFI, WEvolve, or both.

Respondents are sent videos, one-at-a-time, over the course of several days. All video plays are recorded on the Virtual Lab platform. Baseline questions on knowledge and attitudes are asked before the videos, one week after the videos are shown, and again after 3 months.

Respondents are invited to share the videos with their friends as well as sent links to webpages of NGOs working on gender-related topics. Clicks to the websites are tracked and a measurement of time visited calculated allowing the researchers to measure quasi-behavioral outcomes.

Donati D., Orozco V., and Rao N. (working paper)

Covid-19 and Stereotypes in Italy

In addition to its impacts on public health and the global economic system, the novel coronavirus has led to increasing concerns about racial attitudes and stereotypes and their impacts on political attitudes and sentiments towards global cooperation. These stereotypes may also translate into more general geo-political attitudes towards individual countries, such as China, who was at the center of the outbreak.

Using the geographical targeting in Facebook's ad platform, respondents were collected across 542 municipalities and 90 provinces in Italy. Surveys began in February, 2020 and were continued through out the crisis, with a few questions being asked to each respondent at weekly or bi-weekly intervals.

Asking questions via Messenger enabled the researchers to have continued, constant contact with demographically targeted respondents with low attrition rates and extremely low recruitment costs.

Donati D., Gars J., and Rao N. (working paper)

Professional Aspirations in Nigeria

What do urban young people in Nigeria want for their future and how do they think about opportunities in the public and private sectors?

Recruitment was carried out via an advertising campaign on Facebook targeted to residents of the 10 largest cities in Nigeria, with population above 1 million people (Abuja, Lagos, Kano, Ibadan, Benin City, Port-Harcourt, Jos, Ilorin, Kaduna, Enugu) aged between 13 and 19. To incentivize participation in the survey, the Ad banner displayed a picture of a brand-new Nigerian-made tablet (TECNO DROID PAD 8 II) and a sign saying that anyone who completed our survey would enter a raffle to win up to 3 tablets.

Overall, during one week, about 3000 people clicked on the Facebook Ad, about 890 people started the survey and almost 560 completed it. The survey collected information on 1. Beliefs about Public and Private Sectors; 2. Career choices; 3. Use of media.

Interested in running Virtual Lab on your own infrastructure? All code is open source and runs on any server cluster running Kubernetes + Helm. Also, we're hiring.

github.com/vlab-research

Jobs

Our mission is to make it easier and cheaper for researchers, governments, and NGO's to perform statistically valid inference about the attitudes and behaviors of populations. We leverage digital tools to reach individuals, ask them questions, and involve them in experiments.

As an engineer with Virtual Lab, you will join a small team dedicated to making smart choices and building a robust, reliable, and scalable platform that leverages the latest technologies. The platform is open source, we use open source tools, and you will be encouraged to contribute to existing libraries and/or abstract logic into reusable tools where appropriate.

Interested? jobs@vlab.digital

Senior Software Engineer

You should:

1. Be excited to work with a large set of services written in Go, Node.js, and Python.

2. Love evented systems, queues, immutability, idempotence, visibility, and reproducibility.

3. Be comfortable designing both transactional and analytics databases, as well as moving data in/out of them efficiently and reliably.

4. Love container orchestration. We currently use Kubernetes.

5. Love testing, including complex integration tests involving many containers and services.

6. Be ready to grow into a technical leadership role with architectural and design responsibilities.

Privacy Policy

Last updated: 2026-05-15

Virtual Lab, LLC ("Virtual Lab", "we", "us") operates a research platform that enables academic institutions and nonprofits to design, recruit for, and run behavioral studies. This policy describes what data we collect, why, how we use it, and the choices you have. It applies to all parts of our service — including the dashboard and API used by researchers (for study configuration, recruitment, and analytics) and our survey-delivery service, which runs over chat, messaging, SMS, and web channels (including Facebook Messenger and other platforms researchers may connect).

1. Who this policy covers

This policy applies to two groups:

  • Researchers — staff at academic, nonprofit, or partner organizations who use our dashboard to configure studies and connect external messaging and advertising platforms.
  • Participants — individuals who answer a survey delivered through our platform.

For participant data, the researcher's institution is normally the data controller and we act as a data processor on their behalf. For researcher account data, we are the controller.

2. Information we collect

2.1 From researchers

  • Account information: name, email address, organization, and authentication identifiers.
  • Platform integration data: identifiers, campaign metadata, and access tokens for the third-party messaging and advertising platforms a researcher connects (for example, Meta / Facebook), used to call those platforms' APIs on the researcher's behalf.
  • Study configuration: survey definitions, targeting specifications, message templates, recruitment parameters, and budget settings.
  • Operational telemetry: logs of dashboard activity used to operate and secure the service.

2.2 From participants

The exact fields depend on the study. Typical categories include:

  • Platform-assigned identifiers issued by the channel a participant uses (for example, a Facebook Messenger PSID, a phone number where SMS is used with the participant's consent, or an anonymous web session ID).
  • Survey responses to questions authored by the researcher.
  • Message metadata such as timestamps, message direction, delivery status, and chatbot state.
  • Consent and permission records for follow-up contact — for example study opt-ins, recurring-notification opt-ins, or platform-specific messaging permissions — recorded with timestamp.
  • Limited profile data that the messaging platform exposes (e.g. first name, locale).

We do not ask researchers to collect, and we do not knowingly process, payment card data or government identifiers.

2.3 Special category data

Some studies may involve special categories of personal data within the meaning of GDPR Article 9 (e.g. health, political opinion, religion, ethnic origin, or sexual orientation). Where such data is collected, the researcher's institution is responsible for obtaining the explicit consent required under Article 9(2)(a) and any necessary ethics-committee or IRB approval. We process such data only on the controller's documented instructions.

2.4 Cookies and local storage

The dashboard uses cookies and browser local storage only for authentication and UI preferences. We do not use third-party advertising cookies.

3. How we use information

We use this data to:

  • Authenticate researchers and provide the dashboard, API, and admin tooling.
  • Execute the studies researchers configure — sending survey messages, recording responses, and surfacing results to the researcher.
  • Manage advertising and recruitment campaigns on connected platforms (such as Meta ad accounts).
  • Send non-promotional follow-up messages — such as utility messages, opt-in confirmations, multi-wave study invitations, or reminders to complete a survey — only where the participant has granted the necessary permission (a study opt-in, an SMS opt-in, a Facebook Messenger message tag, or an analogous platform mechanism), and only within what that permission allows. These messages are transactional or research-related and contain no third-party promotional content.
  • Operate, monitor, debug, and secure the service.
  • Comply with legal obligations.

We do not sell personal data, use participant responses to train general-purpose AI models, or use participant data for advertising outside of the specific study the participant joined.

4. Legal bases (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contract — to provide the dashboard and API to researchers and their organizations.
  • Consent — for participant survey responses and for follow-up contact under the relevant opt-in or platform permission.
  • Legitimate interests — for operational logging, security monitoring, and abuse prevention.
  • Legal obligation — for responding to lawful requests and meeting record-keeping requirements.

A Data Processing Agreement (DPA) is available on request to institutional customers who require one — contact privacy@vlab.digital.

5. How we share information

We share information only as needed to operate the service:

  • With the researcher / their institution — all data collected under a researcher's study is available to that researcher and their authorized colleagues.
  • With infrastructure providers — Google Cloud (EU regions) hosts our application servers, databases, and storage, and Auth0 (an Okta company) provides authentication. These providers process data on our behalf under their standard data processing terms.
  • With connected third-party platforms — when a researcher connects an external messaging, social, or advertising platform (for example, Meta / Facebook), we exchange data with that platform strictly to perform the actions the researcher has requested. Use of that data is also governed by the platform's own terms (e.g. Meta's Platform Terms).
  • For legal reasons — when required by law, subpoena, or to protect the rights, property, or safety of Virtual Lab, our users, or others.

We do not sell or rent personal data to third parties.

6. International transfers

Our production infrastructure is hosted in the European Union (Google Cloud, europe-west regions). Virtual Lab, LLC is incorporated in the United States, so data may be accessed by our staff and U.S.-based subprocessors. Where required for transfers out of the EEA, we rely on Standard Contractual Clauses and equivalent safeguards.

7. Retention

  • Researcher account data — retained while the account is active and for 90 days after account closure.
  • Study and participant data — retained for the duration of the study and afterward according to the researcher's institutional retention policy. Researchers can delete studies and participant records at any time.
  • Platform access tokens — revoked when the researcher disconnects the corresponding account.
  • Operational logs — retained on a 90-day rolling basis.
  • Database backups — encrypted and deleted after 90 days by storage-bucket lifecycle policy.

Deletion requests against primary stores are honored promptly. Because backups age out on a fixed cycle, deleted records may persist in encrypted backup archives for up to 90 days.

8. Security

We apply layered security controls including:

  • Encryption in transit (TLS) for all dashboard, API, and chatbot traffic.
  • Encryption at rest for databases and backups.
  • Role-based access controls and least-privilege service accounts.
  • Centralized logging and monitoring of administrative access.

No system is perfectly secure; please report suspected vulnerabilities to the contact below.

In the event of a personal data breach affecting data processed on a controller's behalf, we will notify the affected controller without undue delay and, where feasible, within 72 hours of becoming aware of the breach, consistent with GDPR Article 33.

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion.
  • Restrict or object to certain processing.
  • Receive a portable copy of your data.
  • Withdraw consent at any time. Participants can stop a survey by no longer replying; to request deletion of data already collected, contact us or the researcher running the study.

To exercise these rights, use the contact details below. If your data was collected as part of a study, please contact the researcher's institution first; we will support them in responding. We respond to verified rights requests within one month, extendable by up to two further months for complex requests.

You also have the right to lodge a complaint with a data protection supervisory authority in your EU/EEA member state. A list is maintained at edpb.europa.eu.

9.1 California residents

If you are a California resident, the CCPA (as amended by the CPRA) gives you the right to know, delete, correct, opt out of sale or sharing, and not be discriminated against for exercising these rights. We do not sell or share personal information as defined by the CCPA. To exercise these rights, contact privacy@vlab.digital.

10. Automated decision-making

We do not make decisions about participants based solely on automated processing that produce legal or similarly significant effects within the meaning of GDPR Article 22.

11. Children

The platform is intended for use in research approved by an institutional review board (IRB) or equivalent ethics committee. Researchers are responsible for obtaining the appropriate consent (including parental or guardian consent where applicable) before enrolling minors. We do not knowingly collect data directly from children under 13 without such consent.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced in the dashboard and, where appropriate, by email to the account owner. The "Last updated" date at the top reflects the most recent revision.

13. Contact

Virtual Lab, LLC
5931 NW Burgundy Drive
Corvallis, OR 97330, USA
Email: privacy@vlab.digital

For data processing matters where we are acting as a processor on behalf of a researcher institution, please also contact that institution's data protection officer.