Legal

Privacy Policy

Last updated: 6 March 2026

Contents

  1. Data Controller
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Data Retention
  6. Third-Party Processors
  7. Your Rights
  8. Cookie Policy
  9. Data Security
  10. Children's Privacy
  11. International Data Transfers
  12. No Sale of Personal Data
  13. Changes to This Policy
  14. Contact Us

This Privacy Policy explains how the Cognitive Standards Institute ("CSI", "we", "our", or "us") collects, uses, stores, and protects personal information when you use our website and IQ assessment services at cognitivestandards.org (the "Service"). Please read this policy carefully. By using our Service, you agree to the practices described below.

1. Data Controller

The data controller responsible for your personal data is:

Cognitive Standards Institute
Psychometric Research Division
Email: administrator@cognitivestandards.org

For all privacy-related enquiries, please contact our Privacy Officer at the address above.

2. Data We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Email address: Provided voluntarily when you elect to receive your results report after payment.
  • Test responses: Your answers to the 25-question IQ assessment, collected during the test session.
  • Payment information: Payment card details and billing information processed exclusively by Stripe, Inc. We do not store card numbers or payment credentials on our servers.

2.2 Information Collected Automatically

  • Device and browser data: IP address, browser type and version, operating system, screen resolution, and device type.
  • Usage data: Pages visited, time spent on pages, referring URLs, and click-through patterns.
  • Local storage: Test score data stored locally in your browser's localStorage for the purpose of displaying results. This data does not leave your device unless you proceed to payment.
  • Cookies and tracking technologies: As described in Section 8 below.

2.3 Inferred Data

  • Calculated IQ score and category performance percentages derived from your test responses.
  • Approximate geographic location inferred from your IP address (country-level only).

3. How We Use Your Data

We use the personal information we collect for the following purposes:

  • Service delivery: To administer the IQ assessment, calculate your score, and provide your results report.
  • Report delivery: To email your personalised cognitive profile report to the address you provide upon payment.
  • Payment processing: To facilitate secure payment processing through our third-party payment provider, Stripe.
  • Anonymised research aggregation: To compile de-identified, aggregated statistics about cognitive performance distributions across our user base. No individual is identifiable in any research output.
  • Service improvement: To analyse usage patterns, identify errors, and improve the reliability and accuracy of our assessment platform.
  • Legal compliance: To meet our obligations under applicable law, including responding to lawful requests from regulatory authorities.
  • Communications: To send you transactional emails related to your purchase (e.g., receipt, report delivery). We do not send unsolicited marketing emails without your explicit opt-in consent.

4. Legal Basis for Processing

Where applicable under the GDPR (EU) and UK GDPR, we process your personal data on the following legal bases:

  • Contractual necessity (Art. 6(1)(b) GDPR): Processing your email and payment information to fulfil our contract to deliver your results report.
  • Legitimate interests (Art. 6(1)(f) GDPR): Improving our services, detecting fraud, and conducting anonymised research — where these interests are not overridden by your fundamental rights.
  • Consent (Art. 6(1)(a) GDPR): For non-essential cookies and any direct marketing communications, where we have obtained your explicit consent.
  • Legal obligation (Art. 6(1)(c) GDPR): Compliance with applicable laws and responding to lawful regulatory requests.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Email address and results report: Retained for up to 2 years from the date of your assessment, after which it is securely deleted.
  • Test response data (anonymised): Retained indefinitely in de-identified, aggregated form for research purposes. Individual responses are anonymised within 90 days of your assessment.
  • Payment transaction records: Retained for 7 years in accordance with financial record-keeping obligations.
  • Browser/device logs: Retained for up to 90 days, then automatically deleted.
  • LocalStorage data: Stored only in your browser. You can clear this at any time via your browser settings.

You may request early deletion of your data at any time. See Section 7 (Your Rights) for how to make this request.

6. Third-Party Processors

We share your data with the following trusted third-party service providers, each bound by appropriate data processing agreements:

6.1 Stripe, Inc. (Payment Processing)

Payment card processing is handled exclusively by Stripe, Inc. When you make a payment, you are subject to Stripe's Privacy Policy (stripe.com/privacy). We receive only a transaction confirmation and your email address from Stripe. We never receive or store full card numbers, CVV codes, or banking credentials.

6.2 Email Delivery Provider

We use Resend (resend.com) as our transactional email delivery provider to send your results report. Your email address is shared with Resend solely for this purpose and is governed by their privacy policy at resend.com/legal/privacy-policy. Resend is prohibited from using your data for any other purpose.

6.3 Hosting and Infrastructure

Our website is hosted on third-party infrastructure providers who have agreed to appropriate data processing terms. These providers may process server logs containing IP addresses.

We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising or marketing purposes beyond our own transactional communications.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

7.1 Rights Under GDPR (EU and UK)

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing: Request that we restrict how we process your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests, including for research purposes.
  • Rights related to automated decision-making: Our IQ score calculation is an automated process. You have the right to request human review of any decision that significantly affects you.

7.2 Rights Under CCPA (California, USA)

California residents have the right to: know what personal information is collected, know whether personal information is sold or disclosed (it is not — see Section 12), opt-out of the sale of personal information, access personal information, and request deletion of personal information.

7.3 Rights Under the Australian Privacy Act 1988

Australian residents may access, correct, or request deletion of personal information we hold. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached your privacy rights.

To exercise any of these rights, contact us at administrator@cognitivestandards.org. We will respond within 30 days (or within the timeframe required by applicable law).

8. Cookie Policy

We use the following categories of cookies and similar technologies on our Service:

8.1 Strictly Necessary Cookies

These cookies are essential for the website to function. They include session management and security tokens. You cannot opt out of these cookies as the Service cannot function without them.

8.2 Functional Cookies

These cookies remember your preferences and test session state. They are not used for tracking or advertising purposes.

8.3 Analytics Cookies

We may use analytics tools (such as Google Analytics in anonymised mode) to understand how visitors interact with our Service. IP addresses are anonymised before processing. You may opt out of analytics cookies at any time through our cookie consent manager or by using browser opt-out tools.

8.4 Third-Party Cookies

Stripe may set cookies when you proceed to payment. These are governed by Stripe's own cookie policy.

You can manage or delete cookies at any time through your browser settings. Note that disabling cookies may affect the functionality of our Service.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • HTTPS/TLS encryption for all data transmitted between your browser and our servers.
  • Access controls limiting data access to authorised personnel only.
  • Regular security reviews of our systems and third-party processors.
  • No storage of payment card data on our servers (handled exclusively by Stripe's PCI-DSS compliant infrastructure).

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by law.

10. Children's Privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately at administrator@cognitivestandards.org and we will take prompt steps to delete that information.

11. International Data Transfers

Your personal data may be processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction. Where we transfer data internationally, we implement appropriate safeguards including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions issued by relevant data protection authorities.
  • Binding Corporate Rules or equivalent protections, where applicable.

12. No Sale of Personal Data

We do not sell, rent, trade, or otherwise monetise your personal data to or with any third party for commercial purposes. Your data is used solely to provide the Service and deliver your purchased results report.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you by email if we hold your email address.

We encourage you to review this policy periodically. Your continued use of the Service after the posting of changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer:

Privacy Officer — Cognitive Standards Institute

Email: administrator@cognitivestandards.org

Subject line: Privacy Enquiry

You also have the right to lodge a complaint with your local data protection supervisory authority. In the EU, your national DPA can be found at edpb.europa.eu. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In Australia, contact the OAIC at oaic.gov.au.