Privacy Policy

2. DATA CONTROLLER INFORMATION

My Purpose Profile is the Data Controller responsible for your personal data under GDPR. This means we decide how and why your personal data is collected and processed, and we are directly responsible for protecting it.

Contact Information:

Email: info@mypurposeprofile.com

Website: mypurposeprofile.com

3. PERSONAL DATA WE COLLECT

We collect personal data that you provide to us and that is generated through your use of our Service.

3.1 Data You Provide Directly

Account Information:

• Name
• Email address
• Password (encrypted)
• Date of birth
• Occupation
• Date of account creation

Assessment Data:

• Responses to assessment questions (text)
• Voice recordings (if you choose to speak your responses; see Section 3.3)
• Personal experiences and stories shared
• Goals and aspirations
• Career and life information
• Any other information you choose to share during the assessment

Payment Information:

• Billing name and address
• Payment card details (processed by Stripe; we do not store full card numbers)
• Transaction history

Communication Data:

• Messages you send to us
• Feedback and testimonials
• Support requests

3.2 Data Collected Automatically

Technical Data:

• IP address
• Browser type and version
• Device information (type, operating system)
• Time zone setting
• Browser plug-in types and versions

Usage Data:

• Pages visited and features used
• Time spent on pages
• Assessment completion data
• Interaction with emails we send

Analytics and Marketing Data (marketing website only):

• Google Analytics data
• PostHog analytics data
• Meta Pixel data (Facebook/Instagram)

Important: Analytics and marketing tracking (Google Analytics, PostHog, Meta Pixel) operates on the My Purpose Profile marketing website only. These tracking tools are not active during the assessment experience. Essential cookies required for the assessment to function are the only cookies used while you complete the assessment.

3.3 Voice Recordings

If you choose to speak your responses instead of typing:

• Your audio is transmitted securely to a transcription service (currently OpenAI Whisper) via encrypted API connection.
• The audio is processed solely to convert your speech into text.
• Audio recordings are not stored by My Purpose Profile after transcription is complete.
• The resulting text transcription is treated as an assessment response.

3.4 Personal Reflections and Sensitive Information

The nature of our assessment means that you may choose to share information relating to your emotional wellbeing, personal challenges, relationships, career struggles, or other sensitive topics. Some of your responses may touch on your mental or physical health. Under GDPR, this may be considered special category data and requires additional protection.

Before beginning the assessment, you will be asked to provide explicit consent for the processing of this information. You are always free to share only what you are comfortable with. You can skip any question. There are no right or wrong answers.

Your responses are used solely to generate your personalised Purpose Profile. We do not use this information to diagnose, label, or categorise you in any way.

4. HOW WE USE YOUR PERSONAL DATA

4.1 Primary Purposes

We use your personal data for the following purposes:

Providing the Service:

• Process your assessment responses
• Transcribe voice responses into text
• Generate your personalised Purpose Profile using AI technology
• Provide access to your account and report
• Send your assessment results via email

AI Processing:

• We use large language model APIs (currently Anthropic Claude and OpenAI) to analyse your assessment responses and generate your personalised report.
• Your responses are processed to identify patterns and generate narrative insights.
• We do NOT train any AI models with your data.
• We do NOT use your personal data for machine learning training purposes.
• Your data is used solely to generate your personalised Purpose Profile.
• AI providers do not gain ownership of any content submitted or generated.

Customer Support:

• Respond to your enquiries
• Provide technical support
• Handle refund requests

Platform Operations:

• Process payments via Stripe
• Send transactional emails about your account and assessment (report delivery, purchase confirmation)
• Maintain and improve platform reliability and performance
• Ensure security and prevent fraud
• Monitor service quality (using anonymised, aggregated data only)

4.2 Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: To provide the Service you have purchased
• Explicit Consent: For processing special category data (emotional wellbeing, personal challenges) within the assessment
• Consent: For marketing communications and non-essential cookies
• Legitimate Interests: For improving platform reliability, security, and fraud prevention (using anonymised data)
• Legal Obligations: To comply with applicable laws (including tax record retention)

4.3 Marketing and Communications

With your consent, we may use your data to:

• Send promotional emails about our Service
• Provide updates about new features
• Share relevant content and resources

You can opt-out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.

We do not use your assessment data for marketing purposes. Marketing communications are sent via Kit.com and are separate from transactional emails (such as report delivery and account notifications). Transactional emails are sent based on your purchase, not marketing consent.

5. DATA SHARING AND DISCLOSURE

We share your personal data only in the following circumstances:

5.1 Service Providers

We share data with third-party service providers that help us operate our Service:

Core Service Providers:

• Supabase: Database hosting (EU Frankfurt) — Assessment responses, reports, account data
• Vercel: Application hosting (EU with global CDN) — Platform delivery, no persistent data storage
• Anthropic: AI report generation (USA with SCCs) — Assessment responses for report generation
• OpenAI: AI follow-up questions & voice transcription (USA with SCCs) — Assessment responses, voice audio
• Stripe: Payment processing (USA/EU with SCCs) — Payment details, billing information
• Airtable: Data workflow and backup (USA with SCCs) — Assessment responses, account data
• Zapier: Workflow automation (USA with SCCs) — Data in transit between services
• Kit.com: Email marketing (USA with SCCs) — Email address, name (marketing subscribers only)

Analytics and Marketing (marketing website only, not during assessments):

• Google Analytics: Website analytics (USA with SCCs)
• PostHog: Product analytics (EU)
• Meta (Facebook): Advertising measurement (USA with SCCs)

Integration Tools:

5.2 Legal Requirements

We may disclose your data if required by law or in response to valid requests by public authorities.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify affected users before any such transfer and ensure equivalent data protection obligations are maintained.

5.4 Aggregated Data

We may use aggregated, anonymised data that cannot identify you personally for platform improvement and reporting purposes.

5.5 What We Never Do

• We never sell your personal data
• We never use assessment data for advertising or profiling
• We never share assessment data with third parties for their own marketing purposes
• We never use your data to train AI models

All service providers are bound by data protection obligations. We have appropriate agreements in place with each provider.

6. INTERNATIONAL DATA TRANSFERS

Your data is primarily stored within the European Union (Supabase, Frankfurt). Where data is transferred outside the EU/EEA (specifically to AI providers, payment processors, and certain infrastructure services in the USA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Verification that service providers maintain adequate data protection measures
• Appropriate agreements with all service providers

7. DATA SECURITY

We implement appropriate technical and organisational measures to protect your personal data, including:

• EU-based database hosting (Supabase, Frankfurt)
• Encryption of data in transit (HTTPS/TLS 1.2+) and at rest
• Row-Level Security ensuring strict data isolation between users
• Role-based access controls
• Separation of production and testing environments
• Limited production database access (restricted to authorised personnel only)
• Secure API communication with AI providers
• Payment processing handled entirely by Stripe (PCI DSS compliant)
• Regular review of security measures

While we take extensive measures to protect your data, no method of transmission over the internet is 100% secure. If you become aware of any security issue, please contact us immediately.

8. DATA RETENTION

We retain your personal data only as long as necessary:

• Account Data: For as long as your account is active, plus 30 days after termination
• Assessment Data: For the duration of your active account, unless you request earlier deletion
• Voice Recordings: Not retained after transcription is complete
• Payment Records: As required by tax and accounting laws (typically 7 years for transaction records)
• Marketing Data: Until you opt-out or request deletion
• Analytics Data: In accordance with each analytics provider's retention policy (typically anonymised)

Deletion

You can request deletion of your data at any time by contacting us at info@mypurposeprofile.com. Your data will be permanently removed within 14 days of the request being confirmed, with the exception of records we are legally required to retain (such as tax records).

9. YOUR PRIVACY RIGHTS

9.1 Rights for All Users

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Opt-out of marketing communications
• Receive a copy of your Purpose Profile report

9.2 Additional Rights for EU/EEA Residents (GDPR)

• Data Portability: Receive your data in a machine-readable format
• Restrict Processing: Limit how we use your data
• Object to Processing: Object to certain uses of your data
• Withdraw Consent: Where we rely on consent for processing
• Lodge a Complaint: With your local data protection authority

9.3 Additional Rights for California Residents (CCPA)

• Right to know what personal information we collect
• Right to know if we sell or share personal information (we do not sell your data)
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights

9.4 Exercising Your Rights

To exercise any of these rights, contact us at info@mypurposeprofile.com. We will respond within the timeframes required by applicable law (generally within 30 days).

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

Key points:

• Essential cookies are used during assessments for functionality only
• Analytics and marketing cookies operate on the marketing website only, not during assessments
• You can manage your cookie preferences at any time

11. THIRD-PARTY LINKS

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party sites you visit.

12. CHILDREN'S PRIVACY

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from someone under 18, we will take steps to delete it promptly.

13. AI AND AUTOMATED DECISION-MAKING

13.1 How AI is Used

We use AI technology to:

• Transcribe voice responses into text (OpenAI Whisper)
• Determine if your answer would benefit from a follow-up question (OpenAI)
• Analyse your assessment responses and generate your personalised Purpose Profile (Anthropic Claude)

13.2 No Training on Your Data

We do NOT use your personal data to train any AI models. Your assessment responses are processed through AI APIs solely to generate your personalised report. AI providers (currently Anthropic and OpenAI) do not use submitted data for model training. We have opted into zero-data-retention configurations where available.

13.3 AI-Inferred Insights

The AI analysis may identify patterns, themes, or insights across your responses that relate to your emotional wellbeing, motivations, or personal challenges. These insights are generated to support your self-awareness and personal development. They are not clinical assessments, diagnoses, or professional evaluations.

13.4 Questions About Your Report

If you have questions or concerns about your report, contact us at info@mypurposeprofile.com. We will do our best to address your concerns within 30 days.

13.5 No Automated Legal Decisions

We do not use automated processing for decisions that have legal or similarly significant effects on you. Reports are reflective and informational in nature.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a revised "Last Updated" date
• Sending an email notification to users with active accounts
• Where legally required, requesting acknowledgement of significant changes

15. CONTACT US

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

My Purpose Profile

Email: info@mypurposeprofile.com

Website: mypurposeprofile.com

For EU/EEA residents: You have the right to lodge a complaint with your local supervisory authority if you believe we have not adequately addressed your concerns. In the Netherlands, this is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

By using My Purpose Profile, you acknowledge that you have read and understood this Privacy Policy.

© 2026 mypurposeprofile.com. All rights reserved.