Privacy Statement

1. Purpose and Scope

This Privacy Statement explains how Iterincipis collects, uses, discloses, and protects your personal data when you use our website and services (collectively, the “Service”). It applies to all users taking our OCEAN personality test for personal growth, career guidance, and self-discovery, as well as users of our journal and coaching features.

2. Data Collection and Use

2.1 Data We Collect

We collect data as follows:

  • Anonymous Users: Test answers and gating responses are stored temporarily in your session and deleted unless you sign in or provide an email.
  • Signed-In Users: Sex, age, country of birth, current country, occupation, socioeconomic status (SES), education, relationship status, urban/rural living area, recent life events, test answers, email (if provided), journal entries (text, tags, metadata), coaching session recordings (if consented), and MFA-related data (email for OTPs, hashed backup codes, security questions, audit logs of login attempts).

2.2 Purposes

We process your personal data to:

  • Generate personalized OCEAN test results and insights.
  • Provide journal functionality, including storage, search, versioning, and exports.
  • Conduct coaching sessions, including recording calls (with consent) for service improvement or legal compliance.
  • Communicate results, follow-up guidance, and MFA verification codes (e.g., via email or AI Coach).
  • Secure your account through MFA, including OTP delivery, backup codes, security questions, and audit logging of login attempts.
  • Improve our Service through usage analysis (anonymized where possible).
  • Comply with legal obligations (e.g., GDPR, CCPA).

We do not sell your personal data to third parties.

2.3 Cookies and Tracking

We use cookies to store preferences, track usage, and collect IP addresses. Disable cookies in your browser settings, though this may affect Service functionality, including MFA session persistence.

2.4 Journal Data Consent

By using the journal feature, you consent to the storage of your journal data, including text entries, tags, and metadata, in our secure systems (AWS S3 with Fernet encryption and PostgreSQL for metadata). This data is used solely to provide journal functionality (e.g., search, versioning, exports) and is accessible only by authorized User Admin or Global Admin personnel for administrative purposes. You may withdraw consent and request deletion via Account Settings, subject to our retention policies.

2.5 Call Recording Consent

For coaching sessions, we may record calls for service improvement or legal compliance, where permitted by law, with your explicit consent obtained via a checkbox during session scheduling. An announcement (“This call is being recorded”) will be made at the start of each call. In jurisdictions requiring two-party or all-party consent (e.g., California, Germany), recording will not occur without your agreement. Recordings are stored securely using Fernet encryption on AWS S3 and are not shared or sold. You may opt out of recording or request deletion of recordings via Account Settings or by contacting support.

2.6 MFA Data Consent

By enabling Multi-Factor Authentication (MFA), you consent to us sending verification codes to your email via MailerSend and storing hashed backup codes, security questions, and audit logs of login attempts to secure your account. This data is used solely for authentication and account protection, with your consent obtained through our GDPR notice during login or signup. You may disable MFA or request deletion of MFA-related data via Account Settings, subject to our retention policies.

3. Data Sharing and Transfers

3.1 Recipients

Your data may be shared with:

  • Authorized User Admin and Global Admin personnel for administrative purposes (e.g., account management, system maintenance).
  • Third-party providers (e.g., AWS for hosting, MailerSend for email delivery, including MFA OTPs) under confidentiality agreements.

User data will never be sold to third parties.

3.2 International Transfers

Data may be transferred globally (e.g., to AWS servers in the U.S.). EEA transfers use Standard Contractual Clauses for GDPR compliance.

3.3 Legal Disclosure

We may disclose data if required by law or to protect our rights, notifying you where permitted.

4. Data Protection and Retention

4.1 Security Measures

We use AWS with server-side encryption and HTTPS/SSL. PII, journal data, call recordings, and MFA-related data (backup codes, security questions, audit logs) are encrypted (Fernet encryption for journal data, recordings, and MFA data; database encryption for PII) for signed-in users only.

4.2 Retention

Anonymous data is deleted after your session ends unless you sign in. Signed-in user data, including journal entries, call recordings, and MFA-related data, is kept as needed for results, journal functionality, coaching services, authentication, and legal compliance (e.g., 90 days post-cancellation for backups), then securely deleted.

5. Your Rights

5.1 General Rights

You can:

  • View your data, including MFA settings, on your Profile page after signing in.
  • Request your data, including journal entries, call recordings, and MFA backup codes, be emailed to you by signing in and using the "Email My Data" button on the Security page.
  • Delete your data, including journal entries, call recordings, and MFA-related data, via Delete Data.
  • Contact us at Contact Us to rectify or withdraw consent.

We don’t store PII unless you sign in. Anonymous data isn’t exportable.

5.2 U.S. Privacy Rights (CCPA/CPRA)

California residents can request to know or delete data, including journal entries, call recordings, and MFA-related data, via the Security page or contact us.

5.3 EU/EEA Privacy Rights (GDPR)

EEA users can access, export, erase, or restrict data, including journal entries, call recordings, and MFA-related data, via the Security page or contact us.

5.4 Accessibility and Compliance

Iterincipis will review all requests for reasonable modifications to ensure accessibility and compliance with local laws.

5.5 Complaints

Contact your local data protection authority if needed.

6. Contact Information

For privacy questions, use Contact Us or email iterincipisteam@gmail.com.

We use cookies to enhance your experience. See our Privacy Policy.