Privacy Policy

CONTENTS

  1. Definitions and Key Terms
  2. Introduction and Scope
  3. Personal Data Collection
  4. Data Processing and Usage
  5. Data Storage and Security
  6. Analytics, Advertising, and Third-Party Services
  7. Your Rights and Choices
  8. Data Retention and Deletion
  9. International Data Transfers and Legal Jurisdiction
  10. Children's Privacy
  11. Changes to This Policy
  12. Legal Information and Contact Details

1. DEFINITIONS AND KEY TERMS

1.1 Company and Service Terms

  • Cerebrum, ("we," "us," or "our")
  • Service: All features, functionalities, programs, and content available through Cerebrum
  • Platform: Our website and related services accessible via any device
  • User: Any individual accessing or using our services ("you" or "your")

1.2 Data and Privacy Terms

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Controller: Cerebrum, determining the purposes and means of processing personal data
  • Data Processor: Third parties that process personal data on our behalf

2. INTRODUCTION AND SCOPE

2.1 Policy Overview

  • This privacy policy explains how Cerebrum collects, uses, and protects your personal data. It provides detailed information about your privacy rights and how you can exercise them.

2.2 Scope

  • This policy applies to all users of Cerebrum globally, across all service features, data collection methods, and platform versions.

2.3 Policy Updates

  • We may update this policy at any time. Material changes are notified via email; continued use after notification constitutes acceptance.

3. PERSONAL DATA COLLECTION

3.1 Account Information

A. Essential Data

  • Email address (required for authentication)
  • Name (collected during payment processing)
  • Last sign-in timestamp
  • Unique account identifiers
  • IP addresses

B. Optional Data

  • Phone number (if provided through payment processors)
  • User preferences and settings
  • Communication preferences

3.2 Service Usage Data

A. Test Results

  • Final IQ scores
  • Completion timestamps
  • Performance metrics Note: Individual test answers are processed in real-time and are not stored

B. Interaction Data

  • Features accessed
  • Time spent on platform
  • Navigation patterns
  • Device information

3.3 Payment Information

  • We receive only limited payment data: tokenized identifiers, the first six and last four digits of payment cards, and card expiration dates.

3.4 Technical and Device Data

  • We automatically collect device and usage information through standard web technologies, including IP address, approximate location, and platform performance data.

4. DATA PROCESSING AND USAGE

4.1 Primary Processing Purposes

A. Service Provision

  • Account creation and management
  • Authentication and security
  • Feature access and customization
  • Customer support
  • Service optimization

B. Payment Processing

  • Subscription management
  • Payment authorization
  • Fraud prevention
  • Transaction records
  • Billing support

C. Communication

  • Service updates and notifications
  • Security alerts
  • Product information
  • Support responses
  • Legal notices

4.2 Secondary Purposes

  • We also process data for service improvement (usage analysis, feature optimization, bug resolution) and aggregated analytics and research.

4.3 Legal Bases for Processing

  • We process personal data on the basis of: (a) contractual necessity (account management, service provision, payment processing); (b) legal obligations (tax compliance, financial records, regulatory requirements); (c) legitimate interests (service improvement, fraud prevention, security); and (d) your consent (marketing communications, optional features, analytics participation).

5. DATA STORAGE AND SECURITY

5.1 Storage Location and Data Transfers

  • All personal data is stored in secure European data centers
  • Data is transmitted globally using encrypted channels
  • We employ appropriate safeguards for international data transfers
  • Continuous compliance monitoring and security measures are in place

5.2 Security Measures

5.2.1 Technical Security

  • We implement industry-standard technical and organizational security measures, including encryption, access controls, intrusion detection, and regular security audits.

5.2.2 Payment Security

  • Payment processing is PCI DSS compliant. We store only tokenized payment data and never have access to complete card numbers.

5.2.3 Backup and Recovery

  • We maintain encrypted, geographically redundant backups with disaster recovery and business continuity procedures.

5.3 Data Breach Notification

  • In the event of a data breach (unauthorized access, loss, destruction, or disclosure of personal data), we will: (a) immediately initiate our incident response plan to contain and assess the breach; (b) notify affected users without undue delay via email, including a description of the incident and recommended actions; and (c) notify relevant supervisory authorities and comply with jurisdiction-specific requirements as required by law.

6. ANALYTICS, ADVERTISING, AND THIRD-PARTY SERVICES

6.1 Analytics and Infrastructure Partners

6.1.1 Analytics Services

  • We utilize third-party analytics and infrastructure services to monitor, improve, and secure our platform. These services may collect usage patterns, performance metrics, and aggregate statistics.

6.1.2 Session Recording and Data Scope

  • Session recording tools may be used for bug investigation and performance optimization, with user inputs masked and interactions anonymized.

6.2 Advertising Partners and Data Sharing

6.2.1 Advertising Partners We work with various advertising partners, including:

  • Facebook
  • Google
  • SnapChat
  • TikTok
  • Taboola
  • Outbrain
  • AppLovin
  • Pinterest

6.2.2 Data Sharing Practices These partners may receive:

  • Anonymous identifiers
  • Email addresses (for advertising purposes)
  • Usage data
  • Device information
  • Interaction metrics

6.3 User Control Over Tracking

6.3.1 Tracking Limitations Users can limit tracking through:

  • Browser cookie settings
  • Ad-blocker extensions
  • Device settings
  • Platform-specific controls

6.3.2 Opt-Out Options

  • Digital Advertising Alliance (DAA) opt-out tools
  • Network Advertising Initiative (NAI) opt-out platform
  • Platform-specific advertising settings
  • Individual advertising partner opt-outs

7. YOUR RIGHTS AND CHOICES

7.1 Universal Rights All users have the following basic rights:

  • Access their personal data
  • Correct inaccurate data
  • Request data deletion (see Section 8.2 for procedures)
  • Object to processing
  • Data portability
  • Withdraw consent

7.2 Regional Privacy Rights

  • In addition to the universal rights above, residents of certain jurisdictions have additional rights under local law:

7.2.1 EU/UK (GDPR): Rights regarding restriction of processing, automated decision-making, and the right to lodge a complaint with a supervisory authority.

7.2.2 California (CCPA/CPRA): Right to know what personal information is collected and shared, right to opt out of the sale of personal information, and right to non-discrimination for exercising privacy rights.

7.2.3 Australia (Privacy Act): Right to collection notification, purpose specification, and use limitation.

7.2.4 Canada (PIPEDA): Right to challenge compliance and expect adequate data protection measures.

7.3 How to Exercise Your Rights

7.3.1 Submission Methods

  • All privacy rights requests can be submitted through any of our official contact channels listed in Section 12.1.

7.3.2 Verification

  • We verify your identity before processing requests (email verification, account authentication, or government-issued ID for sensitive requests). Authorized agents must provide proof of authority.

7.3.3 Response Timelines

  • We will respond to privacy requests within the timeframes required by applicable law, including GDPR and CCPA requirements.

7.3.4 Data Delivery

  • Personal data will be provided in a commonly used, machine-readable format via secure transmission.

7.3.5 Appeals

  • Appeals may be submitted within 30 days of our response. We will issue a decision within 30 days of the appeal.

8. DATA RETENTION AND DELETION

8.1 Retention Periods

  • Account data: retained while account is active and for a reasonable period thereafter
  • Payment records: as required by applicable tax and financial regulations
  • Analytics data: retained in anonymized or aggregated form for service improvement
  • Communication records: retained as long as reasonably necessary for support and legal purposes
  • Security logs: retained as long as reasonably necessary for security and compliance purposes

8.2 Deletion Procedures

  • Account deletion: initiated upon request, subject to verification
  • Data removal: systematic removal from active systems
  • Backup removal: within a commercially reasonable timeframe following deletion from active systems
  • Verification process: confirmation of removal upon completion

9. INTERNATIONAL DATA TRANSFERS AND LEGAL JURISDICTION

9.1 International Data Transfers For users outside the European Union, we ensure appropriate data protection through:

  • Standard contractual clauses for international data transfers
  • Technical and organizational security measures
  • Regular compliance monitoring and assessments
  • Adherence to international data protection requirements
  • Continuous evaluation of data protection mechanisms

9.2 Legal Jurisdiction and Dispute Resolution

  • Before pursuing legal action, users should first follow the complaint and escalation procedures in the Terms and Conditions (Section 8).

9.2.1 Formal Legal Proceedings If escalation and informal resolution are unsuccessful:

  • This privacy policy is governed by the laws of the State of Delaware, United States
  • Any legal proceedings shall be exclusively resolved through binding arbitration as detailed in Section 10 of our Terms and Conditions
  • Arbitration shall be conducted by the American Arbitration Association
  • Users expressly consent to the personal jurisdiction of Delaware courts for matters exempt from arbitration
  • All claims must be brought within six months of the incident date

For complete dispute resolution procedures, including arbitration rules, exceptions, and class action waiver, please refer to Section 10 of our Terms and Conditions.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

  • Minimum age: 18 years
  • No intentional collection from minors
  • Account termination if underage discovered

11. CHANGES TO THIS POLICY

11.1 Modification Rights

  • We reserve the right to modify this privacy policy at any time.

11.2 Types of Changes

  • Material changes (those significantly affecting your rights or data processing practices) require advance notice. Non-material changes (clarifications, formatting, security enhancements, updated contact information) may be implemented immediately.

11.3 Notification

  • Material changes: advance email notification before implementation. Non-material changes may take effect immediately. The updated policy is always available on our website. Continued use after changes constitutes acceptance; if you disagree, you may discontinue use.

12. LEGAL INFORMATION AND CONTACT DETAILS

12.1 Contact Information For all inquiries including privacy-related matters:

All inquiries will be handled according to the response timelines detailed in Section 7.3.3

Discover tools designed to help you explore your thinking patterns and gain insights into how your mind works.

Customer Support

How to Cancel
Customer Support
24/7/365

Copyright © 2024-2025 Cerebrum™. All rights reserved. All trademarks referenced herein are the properties of their respective owners. The test is for entertainment or educational purposes only and is not a substitute for professional evaluation.

Cerebrum IQ Privacy Policy