A person shares data for research — without giving up ownership
This is a walkthrough of what it actually looks like when a participant contributes their data to a research study through LLIF — what they agree to, what they keep control of, and what governance is doing at each step.
The situation
Nadia is 38 and has lived with fibromyalgia for six years. She tracks her pain levels, sleep, activity, and medication daily — partly for her own understanding, partly because her rheumatologist has asked her to. Over time she's become interested in whether her data might help researchers who are trying to understand how fibromyalgia patterns differ across people with different sleep profiles.
She wants to contribute. She also knows that "sharing data with researchers" has historically meant signing something she didn't fully understand, giving up more than she intended, and having no way to see what happened to her information afterward.
That's the problem she's trying to solve. Here's how it works differently in this system.
What usually happens
In the typical model, a patient who wants to contribute to research might sign up through a hospital portal, a clinical trial registry, or a commercial platform that aggregates health data. The consent form is written to protect the institution, not the participant. It's broad. It covers "future uses not yet specified." It doesn't tell you who will access your data, when, or what happens to it if the study ends early or the organization running it gets acquired.
Once you've signed, you've signed. There's usually no dashboard showing who accessed your data. There's rarely a clean revocation path that actually works. And there's no structural guarantee that your data won't end up somewhere you didn't intend, because the entity holding it is organized around different incentives.
How it works here — step by step
Nadia joins the ecosystem — on her own terms
Nadia starts using Best Life to track her symptoms. When she connects her account to LLIF's data framework for the first time, she's given a plain-language consent that covers what LLIF will hold and what it will never do — not in legalese, but in six specific commitments: her data won't be sold, she can export it at any time, she can delete it, every access will be logged, and consent is always hers to revoke.
This consent is not a condition of using Best Life. It's a relationship with a governance layer — and it's reversible.
Governance in the background
LLIF's board-enforced Participant Data Charter backs every commitment she's given. These aren't just product promises — they're obligations that require a board vote to change and are filed in LLIF's public governance documents.
She discovers a relevant study
A research team studying fibromyalgia and sleep disruption has published their study as a Program — a structured research project available to eligible participants through the ecosystem. Nadia sees it in the app and reads the program description: what the researchers are studying, what data they'll access, how long the study runs, and who's running it.
She can see the institution, the principal investigator, the consent scope (sleep data, pain logs, and activity — not medication records or location), and the study's end date. Nothing is hidden in a general "future uses" clause.
Governance in the background
Before this program went live, the research team signed LLIF's Data Partner Agreement — binding them to the same data protection standards LLIF holds itself to. They cannot access data outside the consented scope. They cannot use the data for secondary purposes. LLIF retains audit rights throughout the study.
She gives scoped, specific consent
Joining the study requires a second layer of consent — separate from her framework consent. This consent covers only this study: which data types, which researcher, for how long. It is timestamped, recorded in her consent log, and completely separate from any other program she has or hasn't joined.
Nadia consents. She can see in her dashboard that the consent was recorded and that the study's data access began. She can also see, at any time, exactly what the research team has been accessing — logged in real time, not summarized after the fact.
Governance in the background
The consent is specific, not open-ended. The research team cannot expand the data types they access without getting new consent from Nadia. And Nadia's consent to this study has no effect on any other program or any future study — each is a discrete, auditable consent event.
The study runs — she stays in the loop
Over the following months, Nadia continues tracking as she normally would. The study's data pipeline pulls from the data types she consented to. She doesn't have to do anything extra. She can check her data access log at any time and see a record of what the research team accessed and when.
Midway through the study, Nadia goes through a stressful period and decides she'd rather not have her pain data accessed for the next six weeks. She can pause her participation without losing her historical contribution and without affecting her overall framework consent.
Governance in the background
Granular revocation means she can modify or exit a specific program without it affecting anything else. Her decision is logged, her access record reflects the change, and the research team's data pipeline updates immediately.
The study ends — her data stays hers
When the study reaches its end date, the research team's access terminates automatically. They keep the data they collected under the consented terms — but they cannot access any new data from Nadia, cannot re-use that data for different research without a new consent process, and cannot license or sell it to a third party.
Nadia still has everything she contributed. She can export her full data history, delete her account entirely if she wants, or join a different study next month on the same terms. Her participation in one study didn't open the door to anything she didn't explicitly agree to.
Governance in the background
The Data Partner Agreement prohibits the research team from any secondary use of Nadia's data outside the consented program scope. LLIF's audit rights don't expire when the study does. And the donor-restricted classification that protects Nadia's data applies across the entire lifecycle — before the study, during it, and after it ends.
What this protects against
Broad consent that covers uses you never anticipated
No visibility into who accessed your data or when
Participation data used for advertising or insurance profiling
Researchers expanding scope without asking again
Data transferred to a third party when the study ends
No way to withdraw without losing everything you contributed
An acquisition that puts your research data in new hands
Promises that erode when the organization changes
What Nadia has at the end of this
She contributed to research she cares about. Her data helped a team studying a condition that affects millions of people and is poorly understood. She did it on terms she actually agreed to, with visibility into how her contribution was used, and with the ability to step back at any point without losing what came before.
She didn't have to choose between contributing and protecting herself. The governance structure made both possible at the same time — not by relying on the research team's good intentions alone, but by building constraints into the framework they agreed to before the study started.