Privacy Policy

1. Identity of the Data Controller

2. Data we collect

We only collect data strictly necessary to provide the service:

• Name — to personalize your report.
• Email address — to deliver the results and the full report.
• Test answers — to calculate your self-knowledge profile. They are linked pseudonymously to the email you provide, with your consent, so the report can be generated and delivered. Pseudonymization reduces direct exposure but does not make the data anonymous.
• Technical data — IP address, browser type, and language, collected automatically for security and aggregate usage analysis. These are not used to identify you individually.

Some questions may touch on emotional wellbeing, stress, relationships, and personal experiences. We do not ask for medical records or use this information for clinical purposes. Answers are used only to calculate results and create the report you request.

3. Purpose and legal basis of processing

4. Data Retention and Security (Encryption & Deletion)

Data encryption at rest: Because test answers may reveal details about personal well-being and psychology (special category data under GDPR), all of your answer data and corresponding results are stored securely using encryption at rest, ensuring the highest level of confidentiality.

Data retention and automatic deletion: In order to limit the storage of sensitive data, we apply a strict automatic deletion policy. Detailed test answers and results are permanently and automatically deleted from our servers within a maximum of 30 days after the email delivery of the report. We only retain your email and essential payment metadata for the required legal retention period.

In any case, if you decide to manually request the deletion of your data before this period ends, we will proceed with the complete erasure within a maximum of 30 days from your request.

5. Recipients and data processors

We do not sell, rent, or transfer your data to third parties. We only share necessary data with the following processors to provide the service:

• Railway.app — hosting for the automation webhook server (data in transit, no persistence on Railway).
• n8n — automation platform that processes the generation and email delivery of the report.
• Transactional email provider (Mailbox — buzondecorreo.com) — for delivering the report. Provides GDPR guarantees via their DPA.

All providers have signed or are subject to Data Processing Agreements (DPA) compliant with the GDPR.

6. International transfers

Some of our data processors may be located outside the European Economic Area (EEA). In such cases, we ensure that transfers are carried out with adequate safeguards as provided by the GDPR, including:

• Standard Contractual Clauses (SCC) approved by the European Commission.
• EC adequacy decision for countries that have one.

7. Your rights

Under GDPR (EU) 2016/679 and Spanish LOPDGDD, you have the following rights:

• Access — know what data we hold about you.
• Rectification — correct inaccurate data.
• Erasure ("right to be forgotten") — request the deletion of your data.
• Restriction of processing — restrict the use of your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest or to receiving commercial communications.
• Withdrawal of consent — at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, send an email to contacto@testautoconocimiento.com with the subject "GDPR Rights Exercise". We will respond within a maximum of 30 days.

If you believe the processing is not compliant, you can file a complaint with the Spanish Data Protection Agency (AEPD).

7b. Automated decisions and artificial intelligence (GDPR Art. 22)

In compliance with Article 22 of the General Data Protection Regulation (GDPR), we inform you of the following:

Personalised report generation: The analysis of your answers and the production of the PRO report (including, where applicable, the MP3 audio narration) are carried out in an automated manner using scoring algorithms and artificial intelligence. This process does not involve direct human intervention in generating the report content.

How it works: The system assigns scores to each self-knowledge dimension based on your answers and generates parameterised interpretive text. The audio narration (PRO + Audio plan) is produced by an AI voice-synthesis model from the written report.

No legal or significant effects: This report is a self-knowledge and personal introspection tool. It does not produce legal effects or significant decisions about you (it is not a clinical, medical, or psychological diagnosis). Therefore, the restriction under Art. 22.1 GDPR does not apply.

Your right to human review: Notwithstanding the above, and in application of the transparency principle, you have the right to request a review or clarification of the content of your report. To do so, write to contacto@testautoconocimiento.com with the subject "Report Review".

7c. California Privacy Rights (CCPA / CPRA)

If you are a resident of California, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights with respect to your personal information:

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share information.
• Right to Delete — You may request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Correct — You may request correction of inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing — We do not sell or share your personal information with third parties for cross-context behavioural advertising.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
• Right to Limit Use of Sensitive Personal Information — We do not process sensitive personal information beyond what is necessary to provide the service.

To exercise any California privacy rights, email us at contacto@testautoconocimiento.com with the subject "California Privacy Rights". We will verify your identity and respond within 45 days as required by law.

Note: As a small European business, we are not currently subject to CCPA/CPRA mandatory thresholds (annual gross revenue > $25M or data of >100,000 California consumers per year). We provide this section voluntarily as a best-practice transparency measure.

8. Cookies and local storage

This site does not use advertising cookies or behavioural profiling. We use the following browser technologies:

• localStorage — to save test progress and your theme preferences (light/dark). This data remains on your device and is not transmitted to our servers until you submit the results form.
• Google Analytics 4 (GA4) — only if you accept analytics cookies through the consent banner. Analytics is not activated when you decline.

Your cookie preference is stored in localStorage under tac_cookie_consent and applied on future visits.

9. Minors

This service is intended for persons over 16 years of age. We do not intentionally collect data from minors. If you are a parent/guardian and believe your child has completed the test and provided their data, contact us for immediate deletion.

10. Changes to this policy

We reserve the right to update this policy to adapt it to legislative or service changes. Significant modifications will be communicated by email to registered users. The "last update" date in the header will always reflect the current version.

11. Contact

For any inquiries regarding privacy or data protection: