Privacy
Policy.

1 Overview

ACIS (Advanced Comprehensive Intelligence Scale) is a web-based cognitive assessment. This Privacy Policy explains what information ACIS collects, how it is used, and your choices.

2 Information We Store Locally

ACIS uses browser storage (for example, localStorage) to store test progress and results on your device.

• Test progress, scores, item responses, response times, and completion timestamps
• Profile fields entered before testing, including age, gender, country, education level, native language, English proficiency, testing condition, and email address
• Device context used for norming quality checks, such as device type and input method
• Local identifiers used to keep your session consistent (e.g., an anonymous user ID)

You can remove this local information by clearing your browser site data.

3 Information We May Store Server-Side (Supabase)

When the cloud sync feature is enabled, ACIS may transmit and store limited data in our backend database hosted on Supabase.

• An anonymous user identifier (generated on-device or via anonymous authentication)
• Demographic and language fields you provide: age, gender, country, education level, native language, and English proficiency
• Session context you provide or that is inferred on-device: testing condition, device type, and input method
• If you enter an email address, ACIS stores a one-way hash of the email (not the email itself)
• Test session data (e.g., test type, status, completion time)
• Subtest, item-level, and composite score data (e.g., raw/scaled scores, totals, responses, item timing, and response time)
• Integrity/anti-cheat events (e.g., violation type and details)

4 Fingerprinting (Retake Detection)

ACIS uses browser fingerprinting to detect repeat attempts and protect test integrity. A fingerprint hash is generated on-device from selected browser and device signals, such as screen dimensions, color depth, platform, browser language, audio sample rate, and time zone, and then hashed (SHA-256).

When cloud sync is enabled, ACIS may store the fingerprint hash server-side to detect retakes. ACIS does not need to store your raw fingerprint components in the database to perform this check.

5 Third-Party Services

• Supabase: authentication and database hosting for cloud sync
• PayPal: payment processing (payment details are handled by PayPal, not stored on ACIS servers)
• CDNs: third-party script delivery (e.g., Supabase SDK)
• Google Fonts: font delivery

6 Your Choices

• You can clear locally stored data by clearing your browser site data.
• If you want to request deletion of server-side data associated with your anonymous identifier, contact the creator via the details on the Terms of Service.

7 Contact

For privacy questions or requests, please contact the creator via the details on the Terms of Service.

8 Information for EU Residents (GDPR)

If you are located in the European Union (EU) or European Economic Area (EEA), the following additional provisions apply to you under the General Data Protection Regulation (GDPR):

Data Controller

The data controller for your personal data is Structural. For contact details, please see the Terms of Service.

Legal Basis for Processing

• Contract Performance: Processing is necessary for the performance of the assessment services you have requested.
• Legitimate Interests: Processing for test integrity, retake detection, and service improvement is based on our legitimate interests in maintaining a valid and reliable assessment.
• Consent: Where required, we will obtain your consent before processing personal data.

Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of your personal data under certain circumstances.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us via the details provided in the Terms of Service. We will respond to your request within 30 days.

International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards are in place to protect your data in accordance with GDPR requirements.