Privacy Policy

1. Information We Collect

Account information. When you sign in via Apple, Google, or an email magic link, we store your email address, your display name (if provided), and an opaque user identifier from the OAuth provider. We do not store passwords — sign-in is delegated to third-party providers or one-time email links.

Test responses. Your full answers to the MBTI assessment (~50–120 items) and the SBTI scenario test (~24–75 items), along with the computed personality type and dimension scores, are stored in our database. Anonymous visitor responses are kept as sessions and auto-purged after 30 days. Signed-in users' responses are linked to the account so you can view them across devices.

AI Coach inputs. When you use the AI Coach, the scenario text you type (up to 500 characters), the category you select, and your MBTI + SBTI types are sent to a third-party AI provider (see Section 3). The AI's response is not persisted server-side beyond the request.

Compare-page tension queries. When you view the dual-track compare page, your MBTI × SBTI combination plus your language is used to generate an AI tension analysis. The result is cached for ~30 days keyed on (type combo + language); the cached text is generic and is not tied to any individual user.

Technical data. When you access the site, our edge servers receive your IP address. The IP is used for two purposes only: (a) as a short-lived cache key for per-day rate limits (e.g. test submissions, AI Coach calls) — the IP is SHA-256 hashed and truncated to 16 hex characters before being written to cache, and entries auto-expire within 24 hours; (b) to infer a coarse country code (ISO alpha-2). Beyond these uses, we do not associate the IP (or its hash) with your account, email, or test results in any long-term database. We also record user agent, browser language, and referrer.

Anti-abuse signals. To deter scraping and stuffing, we record per-IP daily test counts, answer pacing, and consecutive-identical-option patterns. These signals are not tied to your identity and are used only for threshold detection.

Cookies. We use one HttpOnly, SameSite=Lax, Secure session cookie to maintain your sign-in. It contains a signed JWT and is not used for cross-site tracking. We do not currently use third-party advertising or tracking cookies.

2. How We Use Your Information

• Provide the core service. Store test results, enable cross-device access, generate comparisons, run the AI Coach.
• Personalize AI output. Pass your computed personality type to the AI as context so its replies are relevant to your profile.
• Anti-abuse. Limit per-IP daily test count (default 5/day), detect anomalous answer patterns, deter bots.
• Improve the service. Aggregate, anonymized usage analysis (e.g., test completion rates) — never per-user profiling.
• Legal compliance. Disclose information when required by law or to protect our or our users' rights.

3. Third-Party Services

DuoPersonica relies on the following third parties. Each has its own privacy obligations — please review their policies as well.

• Cloudflare (infrastructure): hosting, Workers compute, D1 database, KV cache, R2 object storage. Cloudflare processes your requests at edge nodes worldwide.
• Apple Sign In / Google OAuth (sign-in): when you choose third-party sign-in, we receive your email and an opaque user identifier from the provider.
• Resend (email): when we send a magic-link sign-in email, your email address is delivered via Resend.
• DeepSeek (AI model): AI Coach replies and Compare-page tension analyses are currently powered by DeepSeek, which is hosted in mainland China. When you use AI features, your scenario text, personality types, and category are sent over HTTPS to DeepSeek's API. Important: if you are outside mainland China, using the AI features means your inputs cross borders and reach a Chinese AI provider. If you are not comfortable with that transfer, please do not use AI Coach.

4. International Data Transfer

DuoPersonica's infrastructure runs on Cloudflare's global edge network. Your requests may be routed to nodes outside your home region.

As noted in Section 3, the AI Coach involves a cross-border transfer to DeepSeek in mainland China. This matters in particular for users in the EU, UK, US, and other jurisdictions with strict data-localization or transfer rules. If you input sensitive information into AI features, please understand that information will reach a Chinese provider and be subject to local law there.

We are evaluating routing non-China users to Gemini or Claude in v1.1 to minimize unnecessary cross-border transfer.

5. Data Retention

• Account information. Retained until you delete your account. A deletion request immediately marks the account as deleted (you can no longer sign in) and starts a 30-day grace window; after 30 days a daily scheduled job (running at 04:00 UTC) hard-deletes your user row plus every linked record — test results, test sessions, sign-in sessions, and third-party identity links.
• Test results. Signed-in users' results are retained so you can revisit them; anonymous sessions purge after 30 days. Linked results are cascade-deleted alongside the user row when the account is hard-deleted.
• AI Coach inputs. Not persisted server-side beyond the API call.
• AI tension cache. Keyed on (MBTI type + SBTI type + language), cached ~30 days; the cached text is generic and contains no user identifier.
• Public share pages. When you generate a /r/[shortId] share link, the anonymous version is cached ~1 day for fast viewing.
• Anti-abuse counters. Daily counters keyed on hashed-IP auto-expire after 24 hours (KV TTL).
• Webhook records. Cleared after 90 days.

6. Your Rights

Wherever you are, you may:

• Access your account info and historical results — visit /my
• Correct your display name and other account fields
• Delete your account and all associated data — request from /my
• Export a copy of your data: while signed in, send a request to `POST /api/account/export` to immediately download a JSON file containing your account record, linked identities, every MBTI / SBTI result, raw test-session answers, and AI-conversation metadata. Limit: 1 export per user per day. For additional copies, email contact@duopersonica.com
• Withdraw consent: simply stop using AI Coach to halt further cross-border transfers

To exercise any right, email contact@duopersonica.com. We will respond within 30 days as required by GDPR Article 12. If your request is complex, we may extend by up to 60 additional days with written notice to you.

If you are in the EU, you have additional GDPR rights (including the right to lodge a complaint with a supervisory authority). If you are in mainland China, you have rights under the Personal Information Protection Law (PIPL).

7. Data Subject Access Requests (DSAR)

GDPR, CCPA, PIPL, and most other jurisdictions grant users the right to obtain their data directly from a data controller. DuoPersonica offers two DSAR pathways:

• Self-serve (recommended): while signed in, send `POST /api/account/export` to download a complete JSON copy immediately. The endpoint is authenticated — unauthenticated requests receive a 401. Limit: 1 export per user per UTC day.
• Email: write to contact@duopersonica.com with subject "DSAR Request" or "Data Subject Access Request" and state the action you wish to exercise (access / correction / deletion / objection / portability). We will respond within 30 days, with a permitted extension of up to 60 additional days for complex requests under GDPR Art. 12(3) — we will notify you in writing if we extend.

Identity verification. Email DSARs must be sent from the email address bound to your account, as a baseline identity check. We may additionally ask you to confirm the request from within the signed-in app to prevent impersonation.

No fee. DSAR responses are free of charge. Where a single user submits manifestly unfounded or excessive requests in a short window, we reserve the right to charge a reasonable fee or refuse, as permitted under GDPR Art. 12(5).

Right to complain. If you believe our DSAR response is inadequate, you have the right to complain to your jurisdiction's data-protection authority (e.g. an EU member-state DPA, the UK ICO, the Cyberspace Administration of China, or the California CPPA).

8. Children's Privacy

DuoPersonica is not directed to children under 13 (or 16 in the EU and other jurisdictions where that is the threshold). If we discover we have collected data from a child below the applicable age, we delete it. If you believe a minor has registered without guardian consent, please contact us.

9. Cookies and Local Storage

• Session cookie: HttpOnly + SameSite=Lax + Secure; carries a signed JWT for sign-in only.
• Language preference cookie: remembers your CN/EN choice; contains no personal info.
• Browser localStorage: stores your in-progress test draft (so a refresh doesn't lose it). Nothing is uploaded until you finish and submit.
• We currently do not use Google Analytics, Facebook Pixel, or other third-party tracking cookies.

10. Security

We follow industry-standard practices: enforced HTTPS, HttpOnly cookies, signed JWTs, API rate limits, and webhook signature verification. That said, no internet system is perfectly secure, and we cannot guarantee absolute security of data transmission or storage.

11. Changes to This Policy

We may update this policy. Material changes will be announced on the site or by email to registered users at least 30 days before they take effect. Continued use of the service after the effective date constitutes acceptance.

12. Contact

For privacy questions, contact: contact@duopersonica.com

(Interim contact for v1.0; a formal legal contact will be published in a later release.)