Privacy Policy

Last Updated: October 26, 2025

Innerself ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This Privacy Policy applies to information collected through our website and any related services (collectively, the "Service"). By using the Service, you consent to the data practices described in this policy.

Service Provider Information

1. Information We Collect

1.1 Personal Information You Provide

When you use our Service, we may collect the following personal information:

• Questionnaire Responses: Your answers to 34 personality assessment questions (scored on a 1-7 scale)
• Payment Information: Processed through Stripe (we do not store credit card details)
• Communication Data: If you contact us for support, we collect your email address and message content

1.2 Automatically Collected Information

When you access our Service, we automatically collect certain technical information:

• Log Data: IP address, browser type, operating system, access times, pages viewed
• Device Information: Device type, unique device identifiers, operating system version
• Usage Data: How you interact with the Service, features used, time spent on pages
• Local Storage: Temporary storage of personality results during payment processing (stored locally in your browser)
• Analytics Data (with your consent): We use Google Tag Manager (GTM) to manage analytics and tracking technologies. GTM may load Google Analytics based on your consent preferences to collect anonymized data about how visitors use our website, including pages visited, time on site, traffic sources, geographic location (country/city level), and device information. This data helps us improve our Service.

1.3 Information from Third Parties

We may receive information from third-party service providers:

• Stripe: Payment status, transaction IDs (no full credit card numbers)
• Hosting Provider: Server logs, traffic analytics

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Delivery

• Process your personality assessment questionnaire
• Generate AI-powered personality insights using OpenAI's API
• Create AI-generated fantasy art using Google Gemini API
• Display your personalized results

2.2 Payment Processing

• Process payments for premium features
• Prevent fraud and unauthorized transactions
• Issue refunds when applicable

2.3 Service Improvement

• Analyze usage patterns to improve the Service
• Troubleshoot technical issues
• Develop new features and functionality

2.4 Communication

• Respond to your inquiries and support requests
• Send transactional emails (payment confirmations, technical issues)
• Provide important updates about the Service

2.5 Legal Compliance

• Comply with legal obligations and regulations
• Enforce our Terms of Service
• Protect our rights and the rights of our users

2.6 Automated Decision-Making

Our Service uses automated processing (AI algorithms) to analyze your questionnaire responses and generate personality insights. This automated analysis:

• Generates descriptive personality assessments using artificial intelligence
• Does not make decisions with legal or similarly significant effects
• Is provided for informational and entertainment purposes only

This Service relies entirely on automated processing, and opting out would prevent us from providing the Service.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contractual Necessity: To provide the Service you requested (Article 6(1)(b) GDPR)
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security (Article 6(1)(f) GDPR)
• Legal Obligation: To comply with applicable laws and regulations (Article 6(1)(c) GDPR)
• Consent: Where you have provided explicit consent (Article 6(1)(a) GDPR) - you may withdraw consent at any time

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

4.1 Third-Party Service Providers

We share data with trusted third parties who perform services on our behalf:

• OpenAI (GPT-5 Nano): Processes your questionnaire responses to generate personality insights. See OpenAI's Privacy Policy. Note: Your data sent to OpenAI's API may be used for service improvement and model training unless you opt out via OpenAI's enterprise data usage policies.
• Google Gemini: Generates fantasy art images. See Google's Privacy Policy. Note: Data sent to Google's API may be used in accordance with Google's AI data usage policies.
• Google Tag Manager & Google Analytics: GTM manages the loading of analytics and tracking technologies based on your consent preferences. When you consent, Google Analytics collects anonymized usage statistics using cookies to track page views, session duration, traffic sources, and user behavior. Data retention: 2 years (cookie expiration). Our implementation uses Google Consent Mode v2 for GDPR compliance. See Google's Privacy Policy, GTM Use Policy, and Google Analytics Data Privacy. You can opt out using the Google Analytics Opt-out Browser Add-on.
• Stripe: Processes payments securely. See Stripe's Privacy Policy
• Hosting Provider (Vercel): Hosts our website and API endpoints. See Vercel's Privacy Policy

These providers are contractually obligated to protect your data and use it only for the specified purposes. We encourage you to review their privacy policies for details on how they process and retain data.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

• Comply with legal processes
• Protect our rights and property
• Prevent fraud or abuse
• Protect the safety of our users or the public

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy:

• Questionnaire Responses: Sent to AI services in real-time, not stored on our servers
• Local Storage Data: Automatically cleared after successful payment (persists across browser sessions to ensure payment flow works correctly)
• Payment Records: Retained for 7 years to comply with applicable tax and accounting regulations (required by tax authorities for financial record retention)
• Server Logs: Retained for 90 days for security and troubleshooting purposes
• Support Communications: Retained for 2 years after resolution

After the retention period, we securely delete or anonymize your personal data.

6. Your Data Protection Rights

You have the right to request access, correction, deletion, restriction of processing, or portability of any personal data we may hold about you. However, as we do not store user personal data, these rights are rarely applicable in practice — but you may still contact us at any time to exercise them.

Right to Withdraw Consent: You can withdraw your consent for analytics cookies at any time by:

• Changing your cookie preferences in our cookie banner (available at the bottom of any page)
• Installing the Google Analytics Opt-out Browser Add-on
• Clearing your browser cookies
• Note: Our implementation uses Google Consent Mode v2, which communicates your consent preferences to GTM

To exercise any of these rights, please see the contact information at the top of this page.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data:

• Encryption: HTTPS/TLS encryption for data in transit
• Secure Payment Processing: PCI-DSS compliant payment processing through Stripe
• No Long-Term Storage: Questionnaire responses are not stored on our servers

Important: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our third-party service providers operate.

For EEA users: When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the European Commission to protect data transfers
• Adequacy Decisions: Where the European Commission has determined the country provides adequate protection
• Supplementary Measures: Additional technical and organizational measures as required by GDPR and relevant case law (Schrems II decision)

Our third-party processors (OpenAI, Google, Stripe, Vercel) have implemented appropriate safeguards in compliance with GDPR requirements for international data transfers.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

If we discover that we have collected personal information from a child under 18, we will delete it immediately. If you believe we have collected data from a child, please see the contact information at the top of this page.

10. Cookies and Tracking Technologies

We use minimal tracking technologies. For detailed information, please see our Cookie Policy.

Summary:

• Essential Cookies: We do not set essential cookies directly
• Local Storage: Used temporarily during payment processing (stored locally in your browser, cleared after payment)
• Third-Party Cookies: Stripe sets cookies for payment processing and fraud detection
• Analytics Cookies (with your consent): Google Tag Manager and Google Analytics cookies track website usage to help us improve the service. GTM respects your consent via Consent Mode v2. You can accept or decline these via our cookie banner.

11. Third-Party Links

Our Service may contain links to third-party websites (e.g., Stripe payment pages, AI provider privacy policies). We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Changes will be effective immediately upon posting to this page.

We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying a prominent notice on our website
• Sending an email notification (if we have your email address)

We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please see the contact information at the top of this page.