How we process public social media content

IndicationIQ is a social listening insight tool for pharmaceutical research. We help insight teams and agencies understand patient experiences and HCP conversation themes from public online sources.

For the research processing described on this page, we act primarily as a data processor on behalf of client organisations — typically pharmaceutical companies or the agencies working for them. Those clients are the data controllers: they define the research purpose and decide how the insights are used. We process data only under their documented instructions and contracts.

We collect content that authors have posted publicly on open social media and forum platforms — including Reddit, X (Twitter), Bluesky, and open patient forums — when it relates to specific medical conditions configured for a research project.

This may include:

• Post text and any publicly visible replies or thread context
• Public author handle, display name, and profile metadata (such as bio text, follower counts, and account dates where publicly shown)
• Engagement counts (likes, replies, reposts) where available
• Source URL, platform, and post date

We do not collect from closed, login-gated, or private health communities.

We process public posts to extract aggregated patient-experience insights — such as named barriers, language patterns, and recurring themes — for pharmaceutical patient-support and HCP communications research.

Each project serves a named client under contract. Data from one client project is not reused for another. The goal is research insight, not marketing to individuals or building a searchable database of people.

The lawful basis for this processing is the legitimate interests of our client organisations in understanding public health-relevant conversation to improve patient support, education, and care communication.

As data controller, each client performs the balancing assessment — weighing their research need against the rights of people whose public posts are included. We support that assessment through technical safeguards described below.

Where posts contain health-related information, clients may also rely on the fact that the information was manifestly made public by the person who posted it. Authors chose to share their experiences on open platforms visible to anyone.

While a research project is active, we retain the raw posts needed for analysis, review, and reporting.

When a project is archived, scheduled deletion of raw post content begins. By default, raw posts are removed 90 days after archive. After purge, aggregate statistics — barrier names, counts, and frequency data — are retained without personal identifiers so reports remain usable.

We apply privacy safeguards throughout processing:

• Pseudonymisation in deliverables — author handles are replaced with role labels such as [Patient], [Caregiver], or [HCP] in exported reports by default
• Minimisation — after author classification, non-essential profile metadata is stripped for patients and caregivers; only what the analysis needs is kept
• Audit logging — privacy-sensitive actions (exports, erasure, retention changes) are recorded
• Access controls — only authorised client users can view project data within the platform

Under UK and EU data protection law, you have rights including access, erasure, objection, and restriction of processing. We honour these rights for any post we hold — matched by post URL, post ID, or author handle.

To exercise your rights, contact us at [email protected]. Please include the URL of the post or your public handle so we can locate the relevant data.

We do not refuse erasure requests on the grounds that content was public. If you ask us to remove your post from our systems, we will.

We use trusted third parties to run the service, including:

• Hosting infrastructure (application and database)
• Analysis provider (for content classification and extraction)
• Data collection services (for gathering public posts from platforms)

An up-to-date list of sub-processors is available on request — email [email protected].