Data Privacy & Protection

When you use our cognitive assessment platform, we collect:

• Assessment Data: Quiz responses, timing metrics, and calculated scores
• Technical Data: IP address, browser type, device information, and referral source
• Transaction Data: Email address (for receipt delivery), payment metadata via Stripe (we do NOT store credit card numbers)
• Optional Data: Age cohort (if provided during registration), feedback submissions

After your assessment session ends (typically 24 hours after completion), we anonymize your quiz data for research and statistical purposes:

• PII Severance: Personal Identifiable Information (name, email, IP address) is disassociated from test results
• Aggregation: Anonymized scores are pooled with 3.2 million+ responses to maintain normative distributions
• Research Use: De-identified data may be used to improve test calibration, validate psychometric models, and publish aggregated statistics

Exception: If you purchase the full report, your email is retained for 90 days to facilitate customer support and refund processing. You may request immediate deletion (see "Your Rights" below).

We employ industry-standard safeguards to protect your data:

• 256-bit SSL/TLS Encryption: All data transmitted between your browser and our servers is encrypted using the same protocol banks use
• Secure Infrastructure: Hosted on Vercel's Edge Network with automatic DDoS protection and penetration testing
• Payment Security: Transactions processed through Stripe (PCI-DSS Level 1 certified) — we never see or store your card details
• Access Controls: Database access limited to essential personnel with multi-factor authentication

You have the following rights regarding your personal data:

To exercise any of these rights, email us at privacy@iqofficial.com with your request. We will respond within 30 days.

Data Retention Policy

• Session Data: Stored in browser localStorage until quiz completion (client-side only)
• Free Results: PII deleted after 24 hours; anonymized scores retained indefinitely
• Paid Reports: Email retained for 90 days post-purchase for support; then auto-deleted
• Backups: Deleted data purged from backups within 30 days

Third-Party Services

We use the following trusted service providers:

• Stripe: Payment processing (PCI-DSS compliant) — Privacy Policy
• Vercel: Website hosting and edge functions — Privacy Policy
• Plausible Analytics (optional): Privacy-first, GDPR-compliant web analytics (no cookies) — Privacy Policy

These providers have independent privacy policies. We conduct due diligence to ensure they meet our standards.

International Data Transfers

Our servers are located in the United States. If you access our platform from the European Economic Area (EEA) or other regions with data protection laws, your information may be transferred to countries with different privacy standards.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for EU data subjects.