OSF should not be used for any sensitive, classified, Private, or Restricted data, including anything that falls under FERPA, HIPAA, or other categories of personally identifiable information or electronic personal health information. Please see the university's Guidelines for Data Classification.
Ensure that you have the data owner or Data Steward’s permission to store or sync the data to OSF. Refer to the university’s Intellectual Property Policy for determining ownership.
Ensure use is consistent with the terms of your sponsored research agreement(s), contractual restrictions with a third party, IRB protocols and any related data security plans.
Any concern about unauthorized access or any other system or data security concern should be immediately reported to the Information Security Office at iso-ir@andrew.cmu.edu.
You personally assume all risks associated with storing and sharing data on OSF or syncing third-party applications to OSF.
Any protections afforded by the license agreements for CMU Box and GSuite are voided once the applications are synced to OSF.
If you make your OSF project public, you will need to choose an appropriate license. You can also consider using KiltHub for publicly sharing and licensing project materials. For guidance on sharing and licensing options, please contact the library or refer to these guidelines.
All users of OSF agree to the OSF terms of use.