Privacy Policy | InFlowMotions Stress Assessment
← Back to assessment
Legal

Privacy Policy

Last updated: May 20, 2026

Privacy-first approach

Assessment responses are transmitted securely to our server-side scoring engine, processed, and returned as your personalized results. No scoring algorithms are stored in your browser. We only collect your email and assessment responses when you voluntarily submit them to receive your personalized report.

01 · What we collect

When you complete the assessment:

  • Email address — to send your stress profile and 7-day protocol sequence
  • Assessment responses — your answers to the 45 stress pattern questions
  • Calculated results — stress scores, multiplier, top patterns, recommended protocols
  • Professional context — role type, industry, company size (entered before assessment)
  • Device metadata — browser type and OS, for compatibility only

Automatically collected:

  • Session storage — stored locally in your browser to preserve progress. Cleared when you close the tab.
  • Anonymous analytics — pages viewed, time spent, completion rate. No personal identifiers.

02 · How we use your data

  • Generate your results — stress profile, compound load forecast, evidence-ranked protocol recommendations
  • Email delivery — your assessment PDF and 7-day protocol sequence via MailerLite
  • Product improvement — anonymous aggregated patterns to improve assessment quality
  • Relevant communications — workshops, retreats, and programmes matched to your results

What we will never do

  • Sell your data to third parties
  • Share your individual stress assessment without explicit consent
  • Use your responses for any purpose beyond delivering your results and improving this tool
  • Send spam or unrelated marketing emails

03 · Storage and security

  • Supabase (PostgreSQL) — secure cloud database, EU-hosted (AWS Frankfurt), encrypted at rest and in transit
  • MailerLite — GDPR-compliant email platform, used for email delivery and protocol sequence only. DPA in place.
  • PDFShift — EU-based PDF generation service (France), used solely to render your downloadable assessment report. DPA in place.
  • Your browser — session storage only, not cookies. Cleared on tab close.

Security measures: End-to-end HTTPS encryption, row-level security database policies, regular audits. No sensitive health data stored beyond self-reported stress levels.

04 · Third-party services

All third-party processors operate under executed Data Processing Agreements (DPAs) as required by GDPR Article 28.

  • MailerLite — email delivery. Receives: email address, stress score, top stress patterns, recommended protocols. Lithuanian company (EU). DPA auto-effective via Terms of Service. · Privacy policy · DPA
  • PDFShift — PDF generation. Receives: assessment report content to render as a downloadable PDF. French company (EU). DPA in place. · Privacy policy
  • Supabase — database hosting. EU-hosted (AWS Frankfurt). · Privacy policy
  • Analytics — privacy-friendly, no cookies, no personal identifiers. Page views and completion rates only.

05 · Your rights (GDPR & CCPA)

  • Access — request a copy of all data we hold about you
  • Correction — update inaccurate information
  • Deletion — request complete removal ("right to be forgotten")
  • Portability — receive your data in machine-readable format (JSON)
  • Opt-out — unsubscribe from emails at any time via link in every email
  • Objection — object to specific data processing activities

06 · Data retention

  • Assessment data — 3 years from last interaction, then automatically deleted. Earlier deletion available on request.
  • Email lists — until you unsubscribe (automatic removal from MailerLite)
  • Session data — cleared on browser tab close
  • Analytics — anonymized, retained 12 months

07 · Additional terms

Children's privacy: This assessment is not intended for individuals under 18. We do not knowingly collect data from minors. Contact us immediately if you believe we have collected information from a minor.

International transfers: Supabase is EU-hosted (AWS Frankfurt). MailerLite is a Lithuanian company (EU); any US-side processing is covered by their DPA incorporating GDPR Standard Contractual Clauses. PDFShift is French (EU) — no international transfer applies. All processors have executed DPAs.

Cookies: We use no advertising cookies, third-party tracking pixels, or social media trackers. Session storage only — not cookies.

Legal basis for processing (GDPR): Consent (you voluntarily submit your email), legitimate interest (improving the tool and delivering personalized results), and contractual necessity (delivering the service you requested). You may withdraw consent at any time by emailing us or unsubscribing.

Policy updates: We update the date above for any changes. Significant changes are notified by email if you're subscribed. Continued use constitutes acceptance.

Contact

For privacy questions, data requests, or to exercise your rights:

Email: xavier@inflowmotions.com

We respond within 30 days — usually within 7.

Created with MailerLite