Privacy Policy
Last updated: 13 May 2026
1. Who We Are
The Self Index is operated by The Self Index Ltd ("we", "us", "our"), a company registered in England and Wales. Our registered address and data controller contact is: [email protected].
We are the data controller for personal data collected through this website. We are committed to protecting your personal information and being transparent about how we use it, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Data We Collect
We collect the following categories of personal data:
- Account data: your email address, first name, and last name when you register or sign in.
- Assessment data: your responses to psychometric assessments and the resulting scores and profiles.
- Payment data: transaction identifiers and subscription status (processed by Stripe — we do not store card details).
- Usage data: pages visited, assessment completion events, and session duration, collected via privacy-respecting analytics.
- Communications: emails you send to us and any support correspondence.
3. How We Use Your Data
We process your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Providing assessments and displaying results | Performance of contract |
| Sending magic link sign-in emails | Performance of contract |
| Processing payments via Stripe | Performance of contract |
| Improving the platform and fixing bugs | Legitimate interests |
| Sending service-related emails (receipts, updates) | Legitimate interests |
| Marketing communications (if opted in) | Consent |
| Complying with legal obligations | Legal obligation |
4. Assessment Data and Sensitive Information
Psychometric assessment results may reveal information about your personality, cognitive style, or psychological traits. Under UK GDPR, some of this data may constitute special category data. We process it solely to provide you with your results and to improve the accuracy of our instruments. We will never share your individual results with employers, schools, or third parties without your explicit consent.
5. Cookies and Tracking
We use strictly necessary cookies to maintain your session and authentication state. We also use analytics cookies to understand how the site is used. You can manage your cookie preferences via the banner shown on your first visit. For full details, see our Cookie Policy.
6. Data Sharing
We share your data only with the following categories of third parties:
- Stripe: payment processing. Stripe is PCI DSS compliant.
- Resend: transactional email delivery (magic links, receipts).
- Hosting infrastructure: cloud servers located in the EU/UK.
We do not sell your personal data. We do not share assessment results with any third party without your explicit, informed consent.
7. Data Retention
We retain your account and assessment data for as long as your account is active or as necessary to provide our services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or accounting purposes (typically 7 years for financial records).
8. Your Rights
Under UK GDPR, you have the following rights:
- Access: request a copy of the personal data we hold about you.
- Rectification: ask us to correct inaccurate data.
- Erasure: ask us to delete your data ("right to be forgotten").
- Restriction: ask us to restrict processing of your data.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email [email protected]. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted connections (TLS), hashed authentication tokens, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we take our obligations seriously.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice on the site. The "last updated" date at the top of this page indicates when the policy was last revised.
11. Contact Us
For any privacy-related queries, contact our data protection lead at [email protected].