Assistant
BackDefinitions and Key Terms
1. Company and Terms of Service
1.1 iqgeniuslab.ai (“we”, “us” or “our”)
Services: all features, functionality, programs and content available through iqgeniuslab.ai.
Platform: Our website and related services that can be accessed from any device.
User: any individual who accesses or uses our Services ("you" or "your").
2. Data and Privacy Policy
2.1 Personal Data: Any information relating to an identified or identifiable natural person.
2.2 Processing: Any operation performed on Personal Data.
2.3 Data Controller: iqgeniuslab.ai, which determines the purposes and means of processing personal data.
2.4 Data Processor: a third party who processes personal data on our behalf.
2.5 Cookies: Small text files stored on your device that contain data about your use of the Platform.
3. Security Terms
3.1 Authentication: The process of verifying a user's identity.
3.2 Encryption: The process of encoding information to prevent unauthorized access.
3.3 Token: A unique identifier used for secure authentication.
3.4 SSL/TLS: Security protocol used to encrypt data transmission.
Introduction and Scope
1. Policy Overview
This Privacy Policy explains how we collect, use and protect your personal data. It provides details about your privacy rights and how to exercise those rights.
2. Policy Application
This policy applies to:
16All users of personalitylab.ai
All data collection methods
All service features and functionality
All platform versions and updates
3. Policy Updates
We reserve the right to update this policy
Major changes will be notified via email
Continued use after changes constitutes acceptance
Personal Data Collection
1. Account Information
1.1 Basic Data
Email address (required for identity verification)
Last login timestamp
Unique account identifier
IP address
1.2 Optional Data
Name
gender
Birthday
Communication options
Settings
2. Service Usage Data
2.1 Test Results
Final Personality Code
Completion timestamp
2.2 Interaction Data
Access functionality.
Time spent on the platform
Navigation Mode
Device Information
3. Payment Information and Processing
3.1 Payment data we receive
We only receive and store limited payment information:
Tokenized payment method identifier
Last four digits of your payment card number
First 6 digits of your payment card number
Card Expiration Date
4. Technical and equipment data
4.1 Device Information
Operating system and version
Browser type and version
Device type and model
Language Preference
4.2 Connecting Data
IP address
Network Information
Connection Type
Geographic location (derived from IP)
Time zone settings
4.3 Performance data
Loading time
Error message
System performance indicators
Network latency
Application response time
Data processing and use
1. Main purposes of processing
1.1 Service Provision
Account Creation and Management
Authentication and security
Feature Access and Customization
Customer Support
Service Optimization
1.2 Payment Processing
Subscription Management
Payment Authorization
Fraud Prevention
Transaction History
Billing support
1.3 Communication
Service Updates and Notifications
Security Alerts
Product Information
Support Response
Legal Notice
2. Secondary processing purposes
2.1 Service Improvement
Usage Pattern Analysis
Functional optimization
Performance Monitoring
User experience enhancement
Error identification and resolution
2.2 Analysis and Research
Aggregate usage statistics
Trend Analysis
Platform Optimization
Function development
Performance Benchmarks
3. Legal basis for processing
3.1 Contractual Necessity
Account Management
Service provision
Payment Processing
Function access
Support Services
3.2 Legal obligations
Tax Compliance
Financial Records
Legal requirements
Regulatory Compliance
Safety and security
3.3 Legitimate interests
Service Improvement
Fraud Prevention
Security maintenance
Technical optimization
Business Development
3.4 Processing based on consent
Marketing Communications
Optional Features
Third-party integrations
Analyze participation
Functional testing
Data Storage and Security
1. Storage location and data transfer
1.1 All personal data is stored in secure data centers.
1.2 Data is transmitted globally using encrypted channels.
1.3 We implement appropriate safeguards for international data transfers.
1.4 Ongoing compliance monitoring and security measures are in place.
2. Security Measures
2.1 Infrastructure Security
2.1.1 Authentication and Access
Multi-factor authentication capabilities
Passwordless authentication via email
One-time verification code
Session management with automatic termination
Role-based access control
Principle of least privilege
Access logging and monitoring
Regular visit review
Automatic Access Termination
2.1.2 Data Protection
SOC2 Type 2 Compliance
AES-256 encryption for data at rest
TLS encryption of data in transit
Security protocols for all data transmission
Regular safety audits
2.1.3 System Security
DDoS protection via Cloudflare
Intrusion Detection System
Regular security patches
Infrastructure Monitoring
2.2 Payment Security
PCI DSS compliant payment processing
Tokenized payment information storage
No access to full card number
Encrypted payment data transmission
Immediate security incident response
Regular compliance monitoring
2.3 Backup and Restore
Regular automatic backup
Encrypted backup storage
Disaster recovery planning
Business Continuity Measures
Data Recovery Process
Geographic redundancy measures
2.4 Organizational Security
Incident Response Procedures and Protocols
Access control strategy and implementation
Security Incident Reporting Framework
Change Management Procedure
2.5 Monitoring and Maintenance
Real-time system monitoring and security event logging
Performance tracking and analysis
Regular safety reviews and assessments
Continuous compliance monitoring
Regular system updates
Vulnerability Assessment
Security patch management
3. Data Breach Notification Procedure
3.1 Definition and Scope
A data breach is defined as:
Unauthorized access to personal data
Accidental loss or destruction of personal data
Unauthorized disclosure of personal data
Any incident that compromises the confidentiality, integrity or availability of data
3.2 Internal Response
When we become aware of a potential violation, we will:
Immediately activate our incident response plan
Assess the nature and scope of the breach
Take immediate steps to contain the breach
Record all aspects of the incident
Assessing the risk to affected individuals
3.3 User Notification
We will notify affected users via email within 72 hours of confirming a data breach.
3.4 Notification Content
Our breach notification will include:
Event Description
Affected data types
Potential impact on users
The steps we take to address violations
Recommended User Action
Contact information for questions
Other Support Resources
3.5 Regulatory Compliance
Where required by law, we will:
Notify relevant regulatory authorities
Comply with requirements in specific jurisdictions
Provide mandatory documents
Cooperate with investigation
Implement the required remedial measures
3.6 Post-violation measures
Following any violation we will:
Conduct a thorough investigation
Implementing additional safety measures
Update the program as needed
Providing ongoing updates to affected users
Review and enhance security protocols
Analytics, Advertising, and Third-Party Services
1. Analytics and Infrastructure Partners
1.1 Analysis Services
We use the following services to monitor and improve our Platform:
Google Tag Manager: for managing analytics and marketing tags
Cloudflare: for performance analysis and security monitoring
1.2 Session Recording Details
With Sentry, we implement session recording and take the following protective measures:
Automatically mask all user input
No personally identifiable information is collected
Exclude all data entry fields
Anonymization of all user interactions
Usage is limited to bug investigation and performance optimization
1.3 Scope of Data Collection
These services may collect:
Usage Mode
Feature interaction data
Performance Indicators
error message
Anonymous User Flow
Aggregate Statistics
2. Advertising Partners and Data Sharing
2.1 Advertising partners
We work with a variety of advertising partners, including but not limited to:
2.2 Data Sharing Practices
These partners may receive:
Anonymous Identifiers
Usage Data
Device Information
Interaction indicators
2.3 Partner Data Usage
Our advertising partners may:
Tracking User Interactions
Measuring advertising effectiveness
Optimize ad targeting
Create audience segments
Analyze the effectiveness of marketing activities
3. User Control over Tracking
3.1 Tracking Restrictions
Users can limit tracking in the following ways:
Browser Cookie Settings
Ad blocker extensions
Device Setup
Platform-specific controls
3.2 Opt-out option
Digital Advertising Alliance (DAA) Opt-out Tool
Network Advertising Initiative (NAI) Opt-out Platform
Platform-specific ad settings
Personal Advertising Partner Opt-Out
3.3 Impact of Tracking Restrictions
Limiting tracking may affect:
Platform Features
Personalized service
Feature availability
User Experience
NOTE: Core service functionality will continue to operate normally.
Your Rights and Choices
1. Universal rights
All users have the following basic permissions:
Access their personal data
Correction of inaccurate data
Request deletion of personal data
Objection to processing
Data Portability
Withdrawal of consent
2. Regional Privacy
2.1 EU and UK Residents (GDPR)
Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Your rights regarding automated decision-making
2.2 California Residents (CCPA/CPRA)
Understanding Personal Information Collection
Information Sharing Knowledge
Right to erasure
Right to rectification
Opt-out Rights
Non-discrimination rights
Right to portability
2.3 Australian Residents
Payment Notification
Access Rights
Right to rectification
Usage
Limitation of Use
Disclosure transparency
2.4 Canadian Residents
Access Rights
Right to Accuracy
Withdrawal of consent
Use transparency
Protection expectations
3. How to exercise your rights
3.1 Submission Method
All privacy requests can be submitted via email: [email protected]
3.2 Verification Process
To protect your privacy, we need to:
3.2.1 Initial Verification:
Email Verification
Account identity verification (if applicable)
Identification document (if required for sensitive requests)
3.2.2 Additional verification (for sensitive requests or authorized agents):
Government-issued ID
Proof of Authorization (for agents)
Conduct other safety checks as needed
3.3 Response Timeline
We adhere to the following standard response times for all requests:
Initial confirmation: within 72 hours
Standard response time: 30 days
Maximum extension period: 45 days (with notice)
Appeal decision: 30 days
NOTE: California residents will receive confirmation within 10 days, as required by CCPA.
3.4 Data Delivery
All personal data will be provided via:
Machine-readable format (CSV or JSON)
Have a complete list of data
Transmitted via encryption
3.5 Complaints Process
If you are not satisfied with our response:
Submit your appeal within 30 days
Include the reason for the complaint
Provide any additional information
Receive a decision within 30 days
Data Retention and Deletion
1. Retention period
Account data: when the account is active
Payment records: as required by law
Analytical data: for service improvement
Communication records: 2 years
Security log: 12 months
2. Remove the program
Account Deletion: 30-Day Process
Data deletion: a systematic process
Backup deletion: up to 90 days
Verification Process: Complete Removal Check
International Data Transfers and Jurisdiction
1. International Data Transfers
For users outside the EU, we ensure adequate data protection by:
Standard Contractual Clauses for International Data Transfers
Technical and organizational security measures
Regular compliance monitoring and assessment
Comply with international data protection requirements
Continuous evaluation of data protection mechanisms
2. Jurisdiction and Dispute Resolution
2.1 Upgrade Process
Before legal action can be taken, users must follow our escalation process:
Submit to: [email protected]
Include reference numbers and previous communication history
Provide response within 7 working days
2.2 Formal legal process
This Privacy Policy is governed by the laws of Hong Kong.
Children’s Privacy
1. Age Limit
Minimum age: 18 years
Do not intentionally collect data from minors
If a minor is found, the account will be terminated
Changes to this Policy
1. Right to rectification
We reserve the right to modify this Privacy Policy at any time.
2. Type of change
2.1 Major Changes
Changes that materially affect your rights or our obligations:
Key changes in data sharing with third parties
Fundamental change in the purpose of data processing
Big changes to user privacy
2.2 Non-Major Changes
Changes that do not materially affect your rights, including but not limited to:
Updated to reflect current practices
Add new product features or services
Changes to Contact Information
Clarification of existing terms
Grammar or formatting updates
Security Enhancements
Technical documentation updates
Service Improvement Notes
Analysis and tracking updates
Changes to advertising partners and analytics providers
Third-party integration updates
Regional Compliance Updates
3. Notification Requirements
3.1 Major Changes
Email notification 5 days before implementation
Changes will take effect on the date of notification.
Continue to use to accept
3.2 Non-Major Changes
Immediate implementation
No prior notice required
Updated policies posted on the website
4. Your Choices
View the current Privacy Policy on our website
If you do not agree to the changes, please stop using the service.
Continue to accept the changes
Legal information and contact details
For all inquiries including privacy-related matters:
Email: [email protected]
