Privacy Policy

Last updated: June 11, 2026

1. Who We Are (Data Controller)

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use genius.us.org and its subdomains, including questions.genius.us.org (together, the "Service"). The data controller responsible for your personal data is:

GENIUS.US.ORG LTD
Office 4, Suite C2
Orion Mall, Palm Street
Victoria, Mahé
Seychelles

For any privacy-related questions or to exercise your rights, contact us at [email protected].

2. Scope

This Policy applies to all users of the Service worldwide. Additional jurisdiction-specific disclosures are provided in Sections 12–16 for residents of the European Economic Area (EEA), the United Kingdom, Switzerland, the United States, Canada, Australia, Brazil, and other Latin American countries. Where local law grants you broader rights than described here, those rights prevail.

3. Personal Data We Collect

Identity & account data: your name and email address, provided when you submit your test results or create an account.
Assessment data: your test answers, response timings, computed scores, and the report and certificate generated for you.
Payment & transaction data: processed by our PCI DSS-compliant payment processors. We never store your full card number; we retain only the last four digits, card type, transaction amounts, dates, and status, for order identification, billing, refunds, and dispute handling.
Communications data: messages you send via our contact form or email, including your name, email address, and the content of your message.
Technical & usage data: IP address, browser type and version, device and operating system information, language settings, approximate location (country/region derived from IP), pages visited, referral source, and timestamps — collected automatically for security, fraud prevention, analytics, and language localization.
Cookie data: identifiers stored via cookies and similar technologies (see Section 8).
Optional SMS data: your phone number, only if you explicitly opt in to SMS updates.

We do not intentionally collect special categories of personal data (such as health, religion, or biometric data). Your test answers and scores are treated with heightened confidentiality but are not a medical or clinical record.

4. Purposes & Legal Bases for Processing

We process your personal data for the following purposes. For users in jurisdictions requiring a legal basis (e.g., EEA/UK GDPR, Brazil LGPD), the applicable basis is indicated:

Delivering the Service — scoring your test, generating your report and certificate, providing dashboard access, managing your subscription (legal basis: performance of a contract).
Billing and payments — processing the trial fee, recurring subscription charges, refunds, and payment disputes (performance of a contract; legal obligation).
Customer support — responding to your inquiries, cancellation and refund requests (performance of a contract; legitimate interests).
Security & fraud prevention — protecting accounts, detecting abuse, multiple-account fraud, and payment fraud, and documenting checkout consent for chargeback evidence (legitimate interests; legal obligation).
Analytics & improvement — understanding how the Service is used and improving content and usability (consent where required for cookies; otherwise legitimate interests).
Marketing communications — sending you emails or SMS about the Service and related offers, only where permitted; you can opt out at any time via the unsubscribe link or by contacting support (consent; legitimate interests for existing customers where permitted).
Legal compliance — tax, accounting, consumer protection, and responding to lawful requests from authorities (legal obligation).

We do not use your personal data to make decisions producing legal or similarly significant effects based solely on automated processing. Test scoring is automated but is an informational service you request, not such a decision.

5. How We Share Personal Data

We do not sell your personal data, and we do not share it with third parties for their own independent marketing. We share data only with:

Service providers (processors) acting on our instructions: hosting and infrastructure providers, payment processors, email and SMS delivery providers, analytics providers, and customer-support tooling. Each is bound by contractual confidentiality and data-protection obligations.
Payment networks, banks, and anti-fraud services, to process transactions and handle disputes and chargebacks.
Professional advisers (lawyers, accountants, auditors) where necessary.
Authorities and other parties when required by law, to enforce our terms, establish or defend legal claims, or protect the rights, property, or safety of our users or others.
A successor entity in connection with a merger, acquisition, or sale of assets, in which case this Policy will continue to apply to your data.

6. International Data Transfers

We operate globally and your personal data may be processed in countries other than your own, including countries that may not provide the same level of data protection as your home jurisdiction. Where we transfer personal data originating from the EEA, the UK, Switzerland, Brazil, or other jurisdictions with transfer restrictions, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses (and the UK Addendum/IDTA), equivalent contractual mechanisms recognized under local law, transfers to countries with adequacy decisions, or your explicit consent where permitted. You may request a copy of the relevant safeguards by contacting [email protected].

7. Data Retention

Account, assessment & report data: for as long as your account is active, and up to 24 months after your last activity, after which it is deleted or anonymized.
Transaction & billing records: up to 10 years, as required by tax, accounting, and audit obligations.
Checkout consent & anti-fraud records (incl. IP logs): up to 24 months, or longer where needed for an active dispute or investigation.
Support correspondence: up to 36 months after the matter is closed.
Marketing opt-out records: kept indefinitely so we can honor your choice.

When retention periods expire, data is securely deleted or irreversibly anonymized. You can request earlier deletion at any time (see Section 11), subject to legal retention obligations.

8. Cookies & Similar Technologies

We use the following categories of cookies and similar technologies:

Strictly necessary: session management, language preference, security, and fraud prevention. These cannot be switched off.
Analytics: usage measurement (e.g., Microsoft Clarity) to understand and improve how the Service is used.
Advertising/measurement: conversion measurement pixels (e.g., Meta Pixel) to measure the effectiveness of our advertising.

Where required by law (including in the EEA/UK), non-essential cookies are used only with your consent, which you may withdraw at any time. You can also control cookies through your browser settings; blocking some cookies may affect Service functionality. Third-party providers may process cookie data under their own privacy policies.

9. Security

We apply appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), access controls and least-privilege access, network security measures, PCI DSS-compliant payment processing, and logging and monitoring. No method of transmission or storage is 100% secure; if a personal data breach occurs that is likely to result in a risk to your rights, we will notify you and the competent authority where and as required by applicable law (e.g., within 72 hours under the GDPR).

10. Children

The Service is not directed to children under 16, and purchases may only be made by adults. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe a child has provided us personal data, contact us at [email protected] and we will delete it promptly.

11. Your Rights — All Users

Regardless of where you live, we extend the following rights to all users, subject to applicable law and verification of your identity:

Access: obtain a copy of the personal data we hold about you;
Rectification: correct inaccurate or incomplete data;
Erasure: request deletion of your data ("right to be forgotten");
Restriction: request that we limit processing in certain circumstances;
Portability: receive your data in a structured, commonly used, machine-readable format;
Objection: object to processing based on legitimate interests, and to direct marketing at any time;
Withdraw consent: at any time, without affecting prior processing; and
No discrimination: we will not discriminate against you for exercising any right.

To exercise any right, email [email protected] from the address on your account (or provide sufficient verification). We respond within 30 days (or sooner where local law requires, e.g., 15 days under Brazil's LGPD), and may extend where permitted for complex requests. An authorized agent may submit a request on your behalf where local law provides for this.

12. EEA, UK & Switzerland (GDPR / UK GDPR / FADP)

We process your data on the legal bases set out in Section 4. Where we rely on legitimate interests, we have balanced those interests against your rights.
You have all rights listed in Section 11 under Articles 15–21 GDPR, including the right to object to direct marketing (Article 21(2)), which we always honor.
You have the right to lodge a complaint with your local supervisory authority (for the UK: the Information Commissioner's Office, ico.org.uk; for Switzerland: the FDPIC). We would, however, appreciate the chance to address your concerns first.
International transfers are protected as described in Section 6 (Standard Contractual Clauses or equivalent safeguards).
Providing identity and payment data is necessary to enter into the contract; without it we cannot provide paid features. All other data is optional.

13. United States (CCPA/CPRA & Other State Laws)

If you are a resident of California or another US state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others), the following applies:

Categories collected (in the preceding 12 months): identifiers (name, email, IP address), commercial information (transactions), internet/ network activity (usage data), approximate geolocation, and inferences (test scores and cognitive profile). Sources: you, your devices, and our payment processors. Purposes: as described in Section 4.
We do not "sell" personal information for money. Our use of advertising/measurement cookies may constitute "sharing" for cross-context behavioral advertising under the CPRA; you may opt out of such sharing at any time by disabling advertising cookies, using a Global Privacy Control (GPC) signal, which we honor where legally required, or contacting [email protected] with the subject "Do Not Sell or Share".
Your rights: to know/access, delete, correct, opt out of sale/sharing, limit use of sensitive personal information (we do not use sensitive personal information for purposes requiring this right), and non-discrimination. We do not knowingly sell or share the personal information of consumers under 16.
Verification: we verify requests via the email on your account. You may use an authorized agent with written permission.

14. Canada (PIPEDA & Provincial Laws)

We process personal information with your consent (express or implied, as appropriate) and for the purposes identified in this Policy. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice; withdrawal may affect our ability to provide the Service. You have the right to access and correct your personal information and to challenge our compliance with PIPEDA (or applicable provincial law, including Quebec's Law 25) by contacting us, and subsequently the Office of the Privacy Commissioner of Canada or your provincial regulator. Your data may be processed outside Canada; it remains protected by contractual safeguards and may be accessible to authorities of the countries where it is processed.

15. Australia (Privacy Act & APPs)

We handle personal information in accordance with the Australian Privacy Principles. You may access and correct your personal information by contacting us. Your data may be disclosed to overseas recipients (including our hosting and payment providers); we take reasonable steps to ensure they handle it consistently with the APPs. If you are dissatisfied with our handling of a complaint, you may contact the Office of the Australian Information Commissioner (oaic.gov.au). You may interact with us pseudonymously where practicable, though paid features require accurate identity and payment data.

16. Brazil & Latin America

Brazil (LGPD): we process personal data under the legal bases of Article 7 LGPD (contract performance, legal obligation, legitimate interest, and consent). You have the rights set out in Article 18 LGPD, including confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, and revocation of consent. Requests are answered within the timeframes set by the LGPD. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD). International transfers are carried out under Article 33 LGPD safeguards.
Mexico (LFPDPPP): you may exercise your ARCO rights (access, rectification, cancellation, opposition) and revoke consent by contacting [email protected]. This Policy serves as our privacy notice (aviso de privacidad).
Argentina, Colombia, Chile, Peru, Uruguay & other LATAM countries: we honor applicable habeas data and data protection rights, including access, correction, deletion, and opposition, under local law (e.g., Argentina's Law 25.326, Colombia's Law 1581/2012). Complaints may be directed to your national data protection authority.

17. Marketing Communications

We send marketing emails or SMS only where permitted by the law of your country (with consent where required, or to existing customers about similar services where permitted). Every marketing message contains an opt-out mechanism, and SMS can be stopped by replying STOP. Transactional messages (receipts, login links, cancellation confirmations) are sent regardless of marketing preferences because they are necessary to operate the Service.

18. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date and, where required by law, notified to you by email or within the Service. We encourage you to review this page periodically.

19. Contact & Complaints

GENIUS.US.ORG LTD
Office 4, Suite C2
Orion Mall, Palm Street
Victoria, Mahé
Seychelles

Email: [email protected] (24/7/365). We will address your concerns in accordance with applicable law. If you are unsatisfied with our response, you may contact the data protection authority of your country of residence.

Privacy Policy

Last updated: June 11, 2026

1. Who We Are (Data Controller)

GENIUS.US.ORG LTD
Office 4, Suite C2
Orion Mall, Palm Street
Victoria, Mahé
Seychelles

For any privacy-related questions or to exercise your rights, contact us at [email protected].

2. Scope

3. Personal Data We Collect

Identity & account data: your name and email address, provided when you submit your test results or create an account.
Assessment data: your test answers, response timings, computed scores, and the report and certificate generated for you.
Payment & transaction data: processed by our PCI DSS-compliant payment processors. We never store your full card number; we retain only the last four digits, card type, transaction amounts, dates, and status, for order identification, billing, refunds, and dispute handling.
Communications data: messages you send via our contact form or email, including your name, email address, and the content of your message.
Technical & usage data: IP address, browser type and version, device and operating system information, language settings, approximate location (country/region derived from IP), pages visited, referral source, and timestamps — collected automatically for security, fraud prevention, analytics, and language localization.
Cookie data: identifiers stored via cookies and similar technologies (see Section 8).
Optional SMS data: your phone number, only if you explicitly opt in to SMS updates.

4. Purposes & Legal Bases for Processing

We process your personal data for the following purposes. For users in jurisdictions requiring a legal basis (e.g., EEA/UK GDPR, Brazil LGPD), the applicable basis is indicated:

Delivering the Service — scoring your test, generating your report and certificate, providing dashboard access, managing your subscription (legal basis: performance of a contract).
Billing and payments — processing the trial fee, recurring subscription charges, refunds, and payment disputes (performance of a contract; legal obligation).
Customer support — responding to your inquiries, cancellation and refund requests (performance of a contract; legitimate interests).
Security & fraud prevention — protecting accounts, detecting abuse, multiple-account fraud, and payment fraud, and documenting checkout consent for chargeback evidence (legitimate interests; legal obligation).
Analytics & improvement — understanding how the Service is used and improving content and usability (consent where required for cookies; otherwise legitimate interests).
Marketing communications — sending you emails or SMS about the Service and related offers, only where permitted; you can opt out at any time via the unsubscribe link or by contacting support (consent; legitimate interests for existing customers where permitted).
Legal compliance — tax, accounting, consumer protection, and responding to lawful requests from authorities (legal obligation).

5. How We Share Personal Data

We do not sell your personal data, and we do not share it with third parties for their own independent marketing. We share data only with:

Service providers (processors) acting on our instructions: hosting and infrastructure providers, payment processors, email and SMS delivery providers, analytics providers, and customer-support tooling. Each is bound by contractual confidentiality and data-protection obligations.
Payment networks, banks, and anti-fraud services, to process transactions and handle disputes and chargebacks.
Professional advisers (lawyers, accountants, auditors) where necessary.
Authorities and other parties when required by law, to enforce our terms, establish or defend legal claims, or protect the rights, property, or safety of our users or others.
A successor entity in connection with a merger, acquisition, or sale of assets, in which case this Policy will continue to apply to your data.

6. International Data Transfers

7. Data Retention

Account, assessment & report data: for as long as your account is active, and up to 24 months after your last activity, after which it is deleted or anonymized.
Transaction & billing records: up to 10 years, as required by tax, accounting, and audit obligations.
Checkout consent & anti-fraud records (incl. IP logs): up to 24 months, or longer where needed for an active dispute or investigation.
Support correspondence: up to 36 months after the matter is closed.
Marketing opt-out records: kept indefinitely so we can honor your choice.

When retention periods expire, data is securely deleted or irreversibly anonymized. You can request earlier deletion at any time (see Section 11), subject to legal retention obligations.

8. Cookies & Similar Technologies

We use the following categories of cookies and similar technologies:

Strictly necessary: session management, language preference, security, and fraud prevention. These cannot be switched off.
Analytics: usage measurement (e.g., Microsoft Clarity) to understand and improve how the Service is used.
Advertising/measurement: conversion measurement pixels (e.g., Meta Pixel) to measure the effectiveness of our advertising.

9. Security

10. Children

11. Your Rights — All Users

Regardless of where you live, we extend the following rights to all users, subject to applicable law and verification of your identity:

Access: obtain a copy of the personal data we hold about you;
Rectification: correct inaccurate or incomplete data;
Erasure: request deletion of your data ("right to be forgotten");
Restriction: request that we limit processing in certain circumstances;
Portability: receive your data in a structured, commonly used, machine-readable format;
Objection: object to processing based on legitimate interests, and to direct marketing at any time;
Withdraw consent: at any time, without affecting prior processing; and
No discrimination: we will not discriminate against you for exercising any right.

12. EEA, UK & Switzerland (GDPR / UK GDPR / FADP)

We process your data on the legal bases set out in Section 4. Where we rely on legitimate interests, we have balanced those interests against your rights.
You have all rights listed in Section 11 under Articles 15–21 GDPR, including the right to object to direct marketing (Article 21(2)), which we always honor.
You have the right to lodge a complaint with your local supervisory authority (for the UK: the Information Commissioner's Office, ico.org.uk; for Switzerland: the FDPIC). We would, however, appreciate the chance to address your concerns first.
International transfers are protected as described in Section 6 (Standard Contractual Clauses or equivalent safeguards).
Providing identity and payment data is necessary to enter into the contract; without it we cannot provide paid features. All other data is optional.

13. United States (CCPA/CPRA & Other State Laws)

If you are a resident of California or another US state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others), the following applies:

Categories collected (in the preceding 12 months): identifiers (name, email, IP address), commercial information (transactions), internet/ network activity (usage data), approximate geolocation, and inferences (test scores and cognitive profile). Sources: you, your devices, and our payment processors. Purposes: as described in Section 4.
We do not "sell" personal information for money. Our use of advertising/measurement cookies may constitute "sharing" for cross-context behavioral advertising under the CPRA; you may opt out of such sharing at any time by disabling advertising cookies, using a Global Privacy Control (GPC) signal, which we honor where legally required, or contacting [email protected] with the subject "Do Not Sell or Share".
Your rights: to know/access, delete, correct, opt out of sale/sharing, limit use of sensitive personal information (we do not use sensitive personal information for purposes requiring this right), and non-discrimination. We do not knowingly sell or share the personal information of consumers under 16.
Verification: we verify requests via the email on your account. You may use an authorized agent with written permission.

14. Canada (PIPEDA & Provincial Laws)

15. Australia (Privacy Act & APPs)

16. Brazil & Latin America

Brazil (LGPD): we process personal data under the legal bases of Article 7 LGPD (contract performance, legal obligation, legitimate interest, and consent). You have the rights set out in Article 18 LGPD, including confirmation of processing, access, correction, anonymization, blocking or deletion, portability, information about sharing, and revocation of consent. Requests are answered within the timeframes set by the LGPD. You may also lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD). International transfers are carried out under Article 33 LGPD safeguards.
Mexico (LFPDPPP): you may exercise your ARCO rights (access, rectification, cancellation, opposition) and revoke consent by contacting [email protected]. This Policy serves as our privacy notice (aviso de privacidad).
Argentina, Colombia, Chile, Peru, Uruguay & other LATAM countries: we honor applicable habeas data and data protection rights, including access, correction, deletion, and opposition, under local law (e.g., Argentina's Law 25.326, Colombia's Law 1581/2012). Complaints may be directed to your national data protection authority.

17. Marketing Communications

18. Changes to This Policy

19. Contact & Complaints

GENIUS.US.ORG LTD
Office 4, Suite C2
Orion Mall, Palm Street
Victoria, Mahé
Seychelles