IQTest360 Logo IQTest360
Back

Privacy Policy

Table of Contents

  1. Definitions and Key Terms
  2. Introduction and Scope
  3. Personal Data Collection
  4. Data Processing and Usage
  5. Data Storage and Security
  6. Analytics, Advertising, and Third-Party Services
  7. Your Rights and Choices
  8. Data Retention and Deletion
  9. International Data Transfers and Legal Jurisdiction
  10. Children's Privacy
  11. Changes to This Policy
  12. Legal Information and Contact Details

1. Definitions and Key Terms

1.1 Company and Service Terms

  • IQTest360 ("we," "us," or "our")
  • Service: All features, functionalities, programs, and content available through IQTest360
  • Platform: Our website and related services accessible via any device
  • User: Any individual accessing or using our services ("you" or "your")

1.2 Data and Privacy Terms

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Controller: IQTest360, determining the purposes and means of processing personal data
  • Data Processor: Third parties that process personal data on our behalf
  • Cookie: Small text file stored on your device containing data about your platform usage

1.3 Security Terms

  • Authentication: Process of verifying user identity
  • Encryption: Process of encoding information to prevent unauthorized access
  • Token: Unique identifier used for secure authentication
  • SSL/TLS: Security protocols for encrypted data transmission

2. Introduction and Scope

2.1 Policy Overview

This privacy policy explains how IQTest360 collects, uses, and protects your personal data. It provides detailed information about your privacy rights and how you can exercise them.

2.2 Policy Application

This policy applies to:

  • All users of IQTest360 globally
  • All data collection methods
  • All service features and functionalities
  • All platform versions and updates

2.3 Policy Updates

  • We reserve the right to update this policy
  • Material changes will be notified via email
  • Continued use after changes constitutes acceptance

3. Personal Data Collection

3.1 Account Information

A. Essential Data

  • Email address (required for authentication)
  • Name (collected during payment processing or profile settings)
  • Last sign-in timestamp
  • Unique account identifiers
  • IP addresses

B. Optional Data

  • Phone number (if provided through payment processors)
  • User preferences and settings
  • Communication preferences

3.2 Service Usage Data

A. Test Results

  • IQ scores and cognitive assessment results
  • Personality test results and profiles
  • Completion timestamps and time spent
  • Performance metrics and section-level results
  • Trivia training progress and exercise history
  • Puzzle completion records

B. Interaction Data

  • Features accessed
  • Time spent on platform
  • Navigation patterns
  • Device information

3.3 Payment Information and Processing

We only receive and store limited payment information:

  • Tokenized payment method identifiers
  • Last four digits of payment cards
  • Card expiration dates
  • Transaction amounts and subscription status

Full payment card details are processed exclusively by Stripe, our PCI DSS compliant payment processor. We never have access to complete card numbers.

3.4 Technical and Device Data

A. Device Information

  • Operating system and version
  • Browser type and version
  • Screen resolution
  • Device type and model
  • Language preferences

B. Connection Data

  • IP address
  • Network information
  • Connection type
  • Geographic location (derived from IP)
  • Time zone settings

C. Performance Data

  • Load times
  • Error messages
  • System performance metrics
  • Web Vitals (LCP, CLS, FID)

4. Data Processing and Usage

4.1 Primary Processing Purposes

A. Service Provision

  • Account creation and management
  • Authentication and security (passwordless magic link)
  • IQ test scoring and report generation
  • Personality and cognitive assessment delivery
  • Training program progress tracking
  • Customer support

B. Payment Processing

  • Subscription management
  • Payment authorization
  • Fraud prevention
  • Transaction records
  • Billing support

C. Communication

  • Service updates and notifications
  • Security alerts
  • Magic link authentication emails
  • Payment confirmation emails
  • Support responses

4.2 Secondary Processing Purposes

A. Service Improvement

  • Usage pattern analysis
  • Feature optimization
  • Performance monitoring
  • User experience enhancement
  • Bug identification and resolution

B. Analytics and Research

  • Aggregate usage statistics
  • Conversion funnel analysis
  • Platform optimization
  • Feature development
  • Performance benchmarking

4.3 Legal Bases for Processing

A. Contractual Necessity

  • Account management
  • Service provision
  • Payment processing
  • Feature access
  • Support services

B. Legal Obligations

  • Tax compliance
  • Financial records
  • Legal requirements
  • Regulatory compliance

C. Legitimate Interests

  • Service improvement
  • Fraud prevention
  • Security maintenance
  • Technical optimization

D. Consent-Based Processing

  • Marketing communications
  • Optional features
  • Third-party integrations
  • Analytics participation

5. Data Storage and Security

5.1 Storage Location and Data Transfers

  • Personal data is stored in secure data centers (Supabase infrastructure)
  • Data is transmitted globally using encrypted channels
  • We employ appropriate safeguards for international data transfers
  • Continuous compliance monitoring and security measures are in place

5.2 Security Measures

A. Authentication and Access

  • Passwordless authentication via secure magic links
  • Single-use verification tokens
  • Session management with automatic termination
  • Role-based access control
  • Access logging and monitoring

B. Data Protection

  • AES-256 encryption for data at rest
  • TLS encryption for data in transit
  • Row-level security on database tables
  • Regular security audits

C. Payment Security

  • PCI DSS compliant payment processing via Stripe
  • Tokenized payment information storage
  • No access to complete card numbers
  • Encrypted payment data transmission
  • 3D Secure authentication support

D. System Security

  • DDoS protection
  • Rate limiting on sensitive endpoints
  • Regular security patching
  • Infrastructure monitoring

5.3 Data Breach Notification

Upon discovering a data breach, we will:

  • Immediately initiate our incident response plan
  • Assess the nature and scope of the breach
  • Notify affected users within 72 hours of breach confirmation via email
  • Notify relevant supervisory authorities where required by law
  • Implement additional security measures and provide ongoing updates

6. Analytics, Advertising, and Third-Party Services

6.1 Analytics Services

We utilize the following services to monitor and improve our platform:

  • Google Tag Manager: For managing analytics and marketing tags
  • Google Analytics 4: For user behavior analysis and service optimization
  • PostHog: For product analytics, session replay, heatmaps, and funnel analysis
  • AnyTrack: For conversion tracking and attribution

6.2 Session Recording

Through PostHog, we implement session recording with the following safeguards:

  • Stripe payment elements are in secure iframes — card data is never captured
  • Usage limited to bug investigation, UX optimization, and conversion analysis
  • Recordings are stored securely and subject to retention policies

6.3 Third-Party Service Providers

  • Stripe: Payment processing and subscription management
  • Supabase: Database, authentication, and backend infrastructure
  • SendPulse: Transactional email delivery (magic links, payment confirmations)
  • Vercel: Website hosting and content delivery

6.4 Advertising Partners

We may work with advertising partners including Facebook, Google, and others. These partners may receive:

  • Anonymous identifiers and click IDs
  • Conversion event data (e.g., purchase completed)
  • UTM parameters and campaign attribution data
  • Device information

6.5 User Control Over Tracking

Users can limit tracking through:

  • Browser cookie settings
  • Ad-blocker extensions
  • Device privacy settings
  • Platform-specific advertising opt-outs

Note: Core service features will remain functional regardless of tracking preferences.

7. Your Rights and Choices

7.1 Universal Rights

All users have the following rights:

  • Access their personal data
  • Correct inaccurate data
  • Request data deletion
  • Object to processing
  • Data portability
  • Withdraw consent

7.2 Regional Privacy Rights

A. European Union and UK Residents (GDPR)

  • Right to be informed
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights regarding automated decision-making

B. California Residents (CCPA/CPRA)

  • Knowledge of personal information collection and sharing
  • Deletion and correction rights
  • Opt-out rights
  • Non-discrimination rights
  • Portability rights

C. Australian Residents (Privacy Act)

  • Collection notification and access rights
  • Correction rights
  • Purpose specification and use limitation

D. Canadian Residents (PIPEDA)

  • Access and accuracy rights
  • Consent withdrawal
  • Use transparency

7.3 How to Exercise Your Rights

All privacy rights requests can be submitted via email to info@iqtest360.com.

  • Initial acknowledgment: Within 72 hours
  • Standard response time: 30 days
  • Maximum extension period: 45 days (with notification)

Data will be provided in machine-readable format (CSV or JSON) via encrypted transmission.

8. Data Retention and Deletion

8.1 Retention Periods

  • Account data: While account is active
  • Payment records: As required by law
  • Analytics data: For service improvement
  • Communication records: 2 years
  • Security logs: 13 months

8.2 Deletion Procedures

  • Account deletion: 30-day process
  • Data removal: Systematic process across all systems
  • Backup removal: 90-day maximum
  • Verification process: Complete removal check

9. International Data Transfers and Legal Jurisdiction

9.1 International Data Transfers

We ensure appropriate data protection through:

  • Standard contractual clauses for international data transfers
  • Technical and organizational security measures
  • Regular compliance monitoring and assessments
  • Adherence to international data protection requirements

9.2 Dispute Resolution

If you have concerns about our data practices:

  • Contact us at info@iqtest360.com
  • We will respond within 5 business days
  • If unsatisfied, a 30-day good-faith negotiation period applies

This privacy policy is governed by the laws of the State of Delaware, United States. For complete dispute resolution procedures, please refer to our Terms & Conditions.

10. Children's Privacy

  • Minimum age: 18 years
  • No intentional collection of data from minors
  • Account termination if underage use is discovered

11. Changes to This Policy

11.1 Material Changes

  • Email notification 5 days before implementation
  • Changes effective upon notification date
  • Continued use constitutes acceptance

11.2 Non-Material Changes

  • May be implemented immediately
  • No advance notice required
  • Updated policy posted on website

12. Legal Information and Contact Details

12.1 Company Information

Alvin AI Studio LLC

447 Broadway Fort Wayne, New York, NY 10013 US

For all inquiries including privacy-related matters:

Last updated: March 2026