Privacy Policy

We collect information you provide directly to us and information generated through your use of our platform:

• Account Information: Name, email address, password (hashed), and profile data you provide when registering.
• Assessment Data: Your responses to psychometric assessments, cognitive tests, and behavioral evaluations. This data is used to generate your results and development protocols.
• Usage Data: Pages visited, features used, session duration, device type, browser type, IP address, and referring URLs.
• Payment Information: Billing details processed through our payment provider (Stripe). We do not store full card numbers on our servers.
• Communications: Messages you send us via email or support channels.
• Cookies & Tracking: See Section 6 (Cookies) for details.

We use the information we collect to:

• Provide, operate, and improve the OPKOS platform and assessments.
• Generate your psychometric results, rank progressions, and development protocols.
• Process payments and manage your subscription.
• Send you transactional emails (account confirmations, password resets, subscription updates).
• Send you service announcements and platform updates (you may opt out of non-essential communications).
• Detect and prevent fraud, abuse, or security incidents.
• Comply with legal obligations.
• Conduct anonymized, aggregated research to improve assessment science.

We do not sell your personal data to third parties. We do not use your assessment responses for advertising targeting.

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the services you subscribed to.
• Legitimate Interests: Improving our platform, security monitoring, and fraud prevention.
• Consent: Where you have explicitly consented (e.g., optional analytics cookies, marketing emails).
• Legal Obligation: Where processing is required to comply with applicable law.

We share your information only in limited circumstances:

• Service Providers: Trusted vendors who help us operate (payment processing via Stripe, email delivery via Postmark, cloud hosting via Render and Neon). These providers are bound by data processing agreements and may not use your data for their own purposes.
• Legal Requirements: We may disclose information when required by law, court order, or government authority.
• Business Transfers: If OPKOS is acquired or merged, your data may transfer as part of that transaction. We will notify you in advance.
• With Your Consent: Any other sharing will only occur with your explicit consent.

We retain your account data and assessment results for as long as your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate fraud/security purposes (up to 3 years).

Aggregated, anonymized assessment data (with no personally identifying information) may be retained indefinitely for research purposes.

We use the following types of cookies:

• Strictly Necessary: Session authentication, security tokens. These cannot be disabled — they are required for the platform to function.
• Functional: Remembering your preferences (e.g., saved settings). These are enabled by default but can be disabled.
• Analytics: Understanding how users interact with the platform (aggregated, anonymized). Only set with your consent.

You can manage cookie preferences at any time using the cookie settings banner or by clearing your browser cookies. Disabling non-essential cookies will not affect your ability to use core platform features.

Depending on your location, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Portability: Request your data in a machine-readable format.
• Objection / Restriction: Object to or restrict certain processing activities.
• Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise these rights, contact us at privacy@opkos.ai. We will respond within 30 days. EEA users may also lodge a complaint with their local supervisory authority.

We use industry-standard security measures including TLS encryption in transit, AES-256-GCM encryption for sensitive stored credentials, regular security reviews, and access controls. No system is 100% secure; if a breach occurs affecting your rights, we will notify you as required by law.

OPKOS is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from a minor, contact us immediately at privacy@opkos.ai.

OPKOS operates from the United States. If you are located outside the US, your data will be transferred to and processed in the US. For EEA/UK transfers, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms where required.

We may update this Privacy Policy periodically. If we make material changes, we will notify you by email or by prominent notice on the platform. Your continued use after such notice constitutes acceptance of the updated policy. We recommend reviewing this page periodically.

For privacy-related questions, requests, or concerns:

• Email: privacy@opkos.ai
• Support: opkos.ai/support