Privacy Policy

1. Introduction

IQSLabs ("we", "us", "our") respects your privacy. We operate from Denmark and act as the data controller for personal data processed through our website and services. This Privacy Policy explains what we collect, why we collect it, and your rights under the EU General Data Protection Regulation (GDPR) and applicable national law.

2. Data We Collect

Account and contact data

• Email address (account creation, login links, billing communications)

Assessment data

• Quiz responses and scores used to generate your report
• Self-reported demographics and preferences collected during the test
• Time taken and related performance metrics
• AI-generated interpretation text associated with your results

Payment data

• Payment card and billing details are processed by Stripe. We do not store full card numbers on our servers.
• Stripe customer ID and subscription status stored in our database

Usage data

• Pages visited, timestamps, and basic technical logs
• Cookie and local storage preferences (see Section 9)

3. Why We Collect It (Legal Basis)

• Contract performance (Art. 6(1)(b) GDPR): to deliver assessments, reports, account access, and subscription billing
• Legitimate interests (Art. 6(1)(f) GDPR): fraud prevention, service improvement, security monitoring, and analytics
• Consent (Art. 6(1)(a) GDPR): where required, e.g. non-essential cookies or optional marketing (if offered in future)
• Legal obligation (Art. 6(1)(c) GDPR): tax, accounting, and regulatory requirements

4. How We Use Your Data

• Generate personalized assessment results and dashboard content
• Send transactional emails (results, login links, billing notices)
• Process subscriptions and customer support requests
• Improve reliability, security, and product quality
• Comply with legal obligations

5. Third-Party Processors

We use trusted providers who process data on our behalf:

• Stripe (payments): stripe.com/privacy
• Supabase (database and authentication): supabase.com/privacy
• Resend (transactional email): resend.com/legal/privacy-policy
• OpenAI (AI interpretation): openai.com/policies/privacy-policy. Quiz response summaries sent via API are processed according to OpenAI's API data usage policies for business customers.
• Vercel (hosting): vercel.com/legal/privacy-policy

6. Data Sharing

We do not sell your personal data. We share data only with processors listed above, as necessary to operate the Service, or when required by law, court order, or to protect rights and safety.

7. Data Retention

• Active subscribers: data retained while the account remains active and as needed for billing and support
• Canceled accounts: personal data deleted or anonymized within 30 days of account closure, except where longer retention is required by law (e.g. invoices)
• Server logs: typically retained for up to 90 days for security purposes

8. Your GDPR Rights

Depending on your location, you may have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Restrict or object to certain processing
• Data portability
• Withdraw consent where processing is consent-based
• Lodge a complaint with the Danish Data Protection Agency (Datatilsynet) at datatilsynet.dk

To exercise your rights, email support@iqslabs.com. We respond within one month, subject to applicable extensions for complex requests.

9. Cookies

We use:

• Essential cookies / storage: authentication session, cookie consent preference, and quiz progress during your session
• Analytics cookies: optional usage analytics to improve the Service (only after you choose "Accept all" in our cookie banner)

We do not use advertising or third-party tracking cookies for ad targeting. You can change your browser settings to block cookies, though some features may not work.

10. International Data Transfers

Some processors (including OpenAI, Stripe, Supabase, and Vercel) may process data in the United States or other countries outside the European Economic Area. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission and processor contractual commitments.

11. Children's Privacy

The Service is intended for adults. We do not knowingly collect personal data from children under 16. If you believe a child has provided data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we do. Material changes may also be communicated by email or in-app notice where appropriate.

13. Contact

Privacy questions and data protection requests: support@iqslabs.com

Our data protection contact can be reached at the same address. IQSLabs, operating from Denmark, EU.