Hi Nicolas, glad PCIbex is working out well for you!
I’ll leave the encryption question to Jeremy, but thought I’d also throw in that at least with certain recruitment platforms, you can avoid having to collect email addresses or names etc. altogether. Sona and Prolific (which we use for for-course-credit Penn students and paid participants respectively) both allow for using a method where you just direct participants back to the platform with a custom-generated link at the end of the experiment that directly confirms their participation there. The relevant code/User ID # from the platform still winds up being stored in the results, but that’s arguably less personal and critical than more direct personal identifiers.
PS: We’re happy to help with specifics if you go that route. See https://www.pcibex.net/wiki/04-participant-information/#menuToc-1 and in particular https://www.pcibex.net/wiki/penncontroller-geturlparameter/ for starters.