Privacy Policy

1. Scope

This Privacy Policy applies to information we collect through:

• our website and web application;
• our assessment, scoring, reporting, and delivery features;
• optional camera-enabled attention, gaze, or calibration features;
• support, feedback, and communications with us; and
• payment and purchase flows related to the Services.

This Privacy Policy does not apply to third-party websites, payment processors, or other services we do not control, even if we link to them.

2. Information We Collect

We may collect the following categories of information.

A. Information you provide directly

We may collect information you provide to us, such as:

• name, email address, username, or other account or contact details;
• age range, country, language, and similar profile details;
• answers to pre-test profiling or setup questions;
• support requests, feedback, survey responses, or other communications; and
• any other information you choose to submit.

B. Assessment and report data

When you take an ApertIQ assessment, we may collect:

• assessment responses, selected answers, answer changes, and completion status;
• question order, item timing, pacing, hesitation, revision, revisit, and related session behavior;
• derived reasoning, scoring, and behavioral metrics;
• generated report content and related report metadata; and
• purchase, delivery, and report-access metadata.

C. Optional camera-based attention and gaze data

If you enable camera-based tracking features, we may collect and process:

• camera permission status;
• calibration inputs and calibration results;
• derived gaze coordinates or gaze estimates;
• timestamps associated with gaze, calibration, and attention-related events;
• tracking confidence, dropout, and quality metrics;
• eye-, face-, or head-pose-related measurement outputs generated by our software;
• layout-linked attention features such as dwell, revisits, or region-of-interest attention summaries; and
• derived attention and behavioral features used to operate, improve, validate, secure, and maintain the Services.

By default, we do not store raw full-frame camera images or raw video from your device. Camera input is processed in real time to generate derived measurements and quality metrics used to operate the Services.

In limited cases, we may store limited eye-region calibration and validation artifacts, such as normalized eye crops and labeled calibration targets or validation samples, together with related derived outputs, for accuracy improvement, validation, fraud prevention, debugging, and system-quality analysis.

If we ever offer a separate research, beta, debugging, or validation program that involves storing full-frame camera images, raw video, or similar source media, we will provide a separate notice and obtain any additional consent required by law before doing so.

D. Device, technical, and usage information

We may automatically collect:

• IP address;
• device type;
• browser type and version;
• operating system;
• app or site version;
• viewport or screen size;
• pixel ratio or similar display information;
• approximate location inferred from IP address;
• pages viewed, clicks, referral URLs, and timestamps;
• crash, latency, or performance data; and
• cookies, local storage, and similar technologies.

E. Payment and transaction information

If you purchase a report or other paid feature, we and our payment providers may collect:

• transaction identifiers;
• purchase amount;
• purchase status;
• billing country or region; and
• limited payment metadata.

We do not store full payment card numbers on our own systems. Payments may be processed by third-party providers such as Stripe or other processors we use.

3. How We Use Information

We may use information we collect to:

• provide, operate, maintain, and improve the Services;
• administer assessments and generate, deliver, and support reports;
• process optional camera-based attention, gaze, and calibration features;
• personalize or tailor report content;
• monitor calibration quality, system performance, data integrity, and measurement quality;
• develop, test, improve, and validate our measurement, scoring, analytics, and reporting systems;
• detect, investigate, and prevent fraud, abuse, unauthorized access, cheating, misuse, or other harmful activity;
• provide customer support and respond to inquiries;
• process payments and fulfill purchases;
• enforce our Terms or other policies;
• comply with legal obligations; and
• protect our rights, users, systems, and business.

We may also use aggregated or de-identified information to improve the Services, develop benchmarks, validate system quality, and create research or analytics insights, subject to applicable law.

4. Camera-Based and Biometric-Related Processing

Camera-based attention tracking is optional unless a particular assessment flow clearly states otherwise.

If you enable camera-based tracking, you consent to:

• access to your device camera while the feature is active;
• real-time processing of camera input to estimate gaze, calibration, attention, and related measurement or quality signals;
• collection and storage of derived gaze-, attention-, calibration-, and quality-related data; and
• collection and storage of limited eye-region calibration and validation artifacts and related outputs as described in this Privacy Policy.

You may stop camera-based processing by declining permission, disabling the feature, or leaving the relevant flow, but some features may then be limited or unavailable.

5. Cookies, Analytics, and Similar Technologies

We may use cookies, SDKs, pixels, local storage, and similar technologies to:

• keep you signed in;
• remember settings;
• understand traffic sources and campaign performance;
• measure funnel performance and drop-off;
• detect abuse or suspicious behavior; and
• improve user experience.

We may work with analytics, infrastructure, communications, or security providers that collect device, browser, cookie, event, or usage information on our behalf.

6. How We Share Information

We may share information in the following circumstances.

A. Service providers

We may share information with vendors and service providers that help us operate the Services, including hosting, cloud storage, analytics, customer support, communications, security, and payment processors.

B. Business transfers

We may share or transfer information in connection with a merger, acquisition, financing, asset sale, reorganization, bankruptcy, or similar corporate transaction.

C. Legal and safety reasons

We may disclose information if we believe in good faith that doing so is necessary to:

• comply with law, regulation, court order, or lawful process;
• respond to government or regulatory requests;
• enforce our agreements;
• detect or prevent fraud, abuse, security incidents, cheating, or technical issues; or
• protect the rights, property, or safety of ApertIQ, our users, or others.

D. De-identified and aggregated information

We may use, disclose, publish, license, or otherwise use aggregated or de-identified information that does not reasonably identify you, subject to applicable law.

E. With your direction or consent

We may share information where you direct us to do so or where you otherwise consent.

7. What We Do Not Do

Except as clearly disclosed in a separate notice or required by law:

• we do not store raw full-frame camera images or raw video by default;
• we do not sell raw camera images, raw video, or identifiable derived gaze, calibration, or attention data as standalone data feeds to third parties;
• we do not knowingly collect personal information from children under 13 without legally required consent; and
• we do not use biometric-related data in a manner materially inconsistent with the notice and consent under which it was collected.

If our practices change materially, we will update this Privacy Policy and, where required, provide additional notice or obtain additional consent.

8. Data Retention and Destruction

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, resolve disputes, prevent fraud, improve system quality, enforce agreements, and comply with legal obligations.

Our general retention approach is as follows:

A. Account and contact information

We retain account and contact information until account deletion or as otherwise needed for support, operations, dispute resolution, fraud prevention, and legal compliance.

B. Assessment responses and report data

We retain assessment responses, report data, and related account-linked records until deletion request or up to 24 months after your last interaction with the Services, unless a shorter period is required by law or a longer period is required for dispute resolution, fraud prevention, or legal compliance.

C. Runtime telemetry and event logs

We retain identifiable runtime telemetry, raw event batches, and related session logs for up to 12 months after collection, unless a shorter period is required by law or a longer period is required to investigate a specific security incident, fraud event, abuse event, or legal dispute.

D. Biometric-related calibration, validation, and derived session-quality data

We retain limited eye-region calibration and validation artifacts, linked derived biometric session-quality data, and related identifiable biometric-related outputs for up to 12 months after your last interaction with the Services, unless:

• a shorter period is required by applicable law;
• longer retention is required by law;
• the data must be retained to investigate or document a specific fraud, abuse, or security incident; or
• the data must be retained in connection with a legal hold, dispute, or similar preservation obligation.

When these purposes end, we will delete or de-identify the data.

E. Payment and transaction records

We retain payment and transaction records as required for accounting, tax, dispute resolution, fraud prevention, and legal compliance.

F. De-identified and aggregated information

We may retain de-identified or aggregated information for longer periods, including indefinitely where permitted by law.

9. Your Choices and Rights

Depending on where you live, you may have rights to:

• access the personal information we hold about you;
• request deletion of your personal information;
• correct inaccurate personal information;
• request a copy of certain data;
• limit or object to certain processing;
• withdraw consent, where processing is based on consent; and
• opt out of certain analytics, advertising, or sale/sharing activities where those concepts apply under law.

You may also:

• decline camera permission;
• stop using optional camera-enabled features; and
• request deletion of account-linked data by contacting us at contact@getapertiq.com.

We may need to verify your identity before honoring certain requests.

10. California Notice

If you are a California resident, we may collect categories of information including identifiers, internet or network activity, commercial information, approximate geolocation inferred from IP address, profile information you provide, assessment data, and sensitive or biometric-related data to the extent applicable.

We collect and use that information for the purposes described in this Privacy Policy, including providing the Services, generating reports, processing payments, analytics, security, fraud prevention, and improvement.

To the extent California law applies, you may have rights to know, delete, correct, and opt out of certain sale or sharing practices. To exercise rights, contact us at contact@getapertiq.com.

11. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without legally required consent. If we learn that we collected personal information from a child under 13 without required authorization, we will take steps to delete that information. If you believe a child under 13 has provided us personal information, contact us at contact@getapertiq.com.

12. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

13. International Users

If you access the Services from outside the United States, you understand that your information may be transferred to, processed in, and stored in the United States or other jurisdictions where we or our service providers operate, where permitted by law.

14. Third-Party Services

The Services may contain links to or integrate with third-party services, including payment providers, analytics providers, authentication tools, or infrastructure vendors. Their privacy practices are governed by their own policies, not this Privacy Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version, revise the “Last Updated” date, and provide any additional notice required by law. Your continued use of the Services after an update becomes effective means you accept the revised Privacy Policy, except where additional consent is required by law.

16. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, contact us at: