ExemianXEMIAN
Blog

Privacy Policy

Last updated: April 1, 2026

This Privacy Policy governs your use of exemian.com and its services (collectively referred to as the "Product"). It outlines the types of data we collect, how we store it, how it may be used, with whom it may be shared, and your choices regarding these uses and disclosures. Please read this Privacy Policy carefully when using our Product.

"GDPR" means the General Data Protection Regulation (EU) 2016/679. "EEA" includes all current Member States of the European Union and the European Economic Area. "CCPA" means the California Consumer Privacy Act of 2018. "Process", in respect of personal data, includes to collect, store, use, and disclose to others.

1. Data Controller

Exemian, operated at exemian.com, is the controller of your personal data. For data-related inquiries, contact us at support@exemian.com.

2. What Data We Collect

2.1. Data you provide

You provide us data when you use the Product:

  • Email address — required to take assessments and receive results
  • Background information — job title, industry, company size, and other context you provide voluntarily to personalize your assessment
  • Optional free-text input — additional context about your experience that you choose to share
  • Assessment responses — your answers to test questions

2.2. Data collected automatically

  • Browser and device data — browser type, operating system, device type, screen resolution, language settings
  • IP address and location data — approximate geographic location derived from your IP address
  • Usage data — pages visited, features used, time spent, interactions with the Product
  • Referral data — the URL from which you arrived at our Product

2.3. Payment data

When you purchase a report, payment is processed by our third-party payment processor (merchant of record). We do not collect or store credit card numbers or full payment details. We receive transaction confirmation data including date, amount, and payment status.

3. How We Use Your Data

We process your personal data for the following purposes:

3.1. To provide our services

This includes generating your AI-Proof Score, selecting adaptive questions based on your background, calculating your results, and delivering purchased reports. We use your email to authenticate your account via magic link and to deliver results and reports.

3.2. To generate AI-powered reports

Your assessment results and background information are processed by our AI service provider to generate personalized reports. The data sent includes your scores, background context, and assessment responses — but not your email address. This data is used solely for report generation and is not used to train AI models.

3.3. To research and improve the Product

We analyze aggregated and anonymized usage data to understand how users interact with the Product, improve assessment quality, and develop new features. This processing is based on our legitimate interest in improving our services.

3.4. To process payments

We share necessary data with our payment processor to process payments for premium reports. Our payment processor acts as the merchant of record and handles all payment processing, tax collection, and billing.

3.5. To communicate with you

We send transactional emails including magic link sign-in emails, assessment results, and purchased reports. We may also send product updates. You can opt out of non-essential communications at any time.

3.6. To enforce our Terms and prevent fraud

We process data to enforce our Terms of Service, prevent unauthorized access, detect fraud, and ensure the security of our Product.

3.7. To comply with legal obligations

We may process your data when required by law, regulation, or legal process.

4. Legal Basis for Processing (EEA Users)

If you are located in the EEA, we process your personal data under the following legal bases:

4.1. Your consent

For optional data collection such as free-text background information and marketing communications.

4.2. Performance of contract

To provide our services to you, including generating assessments, delivering results, processing payments, managing your account, and providing customer support.

4.3. Legitimate interests

For product improvement and analytics, fraud prevention, and sending relevant product communications — unless those interests are overridden by your rights and freedoms.

4.4. Legal obligations

To comply with applicable laws and regulations.

5. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal data we collect and how it is used
  • Request deletion of your personal data
  • Opt out of the sale of personal data (we do not sell personal data)
  • Non-discrimination for exercising your rights

To exercise these rights, contact us at support@exemian.com with "California privacy rights request" in the subject line. We will respond within 45 days.

6. Data Sharing

We share data with the following categories of third parties, strictly for the purposes described:

We may share your Personal Data in a limited number of circumstances, including with:

  • Payment processors (merchant of record) — email address and transaction data, for processing payments, tax collection, and billing.
  • Email delivery providers — email address only, for delivering transactional emails such as sign-in links and reports.
  • AI service providers — assessment scores, background context, and responses (no email address), solely for generating your personalized report. This data is not used to train AI models.
  • Hosting and infrastructure providers — all data is processed and stored on secured cloud infrastructure.
  • Analytics providers — anonymized usage data (pages visited, time spent, device info) to help us understand and improve the Product.
  • Legal and regulatory authorities — upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation.
  • Professional advisors — accountants, auditors, lawyers, subject to binding confidentiality obligations.

Where we engage third-party processors, they are subject to binding contractual obligations of confidentiality and data protection.

We do not sell, rent, or share your personal data with advertisers, data brokers, or any parties for marketing purposes.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States, where our infrastructure providers and AI processing services are located. If you are in the EEA, we ensure adequate protection through Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.

8. Cookies & Analytics

We use the following cookies and technologies:

  • Session cookie — an essential authentication cookie (httpOnly, secure, sameSite: lax). Used solely to maintain your login session. Expires after 30 days.
  • Analytics cookies — we use third-party analytics tools to understand how visitors use our site (pages visited, time spent, referral sources). This data is anonymized and helps us improve the Product.
  • Marketing pixels — we use third-party tracking pixels to measure the effectiveness of our advertising campaigns and understand how users find our Product. These may collect data such as pages visited and actions taken.

We use sessionStorage (browser-only, not a cookie) to save your assessment progress in case of page reload. This data is cleared when you close the browser tab or submit your assessment.

We do not sell your personal data to third parties.

9. Data Retention

We retain your data as follows:

  • Account data — retained as long as your account is active
  • Assessment results — retained indefinitely so you can access your history
  • Payment records — retained as required by tax and financial regulations
  • Session data — automatically expires after 30 days

You may request deletion of your data at any time. Upon deletion request, we will remove your data within 30 days, except where retention is required by law.

10. Data Security

We implement the following security measures:

  • Encryption in transit (HTTPS/TLS) for all data transmission
  • Secure, httpOnly session cookies to prevent cross-site scripting
  • Cryptographically random tokens for authentication (256-bit for magic links, 384-bit for sessions)
  • Webhook signature verification for payment processing
  • Input validation on all API endpoints
  • Database access restricted to authorized application systems only
  • No storage of credit card or full payment details

11. Your Rights

Depending on your jurisdiction, you have the following rights:

  • Access — view your profile and test history at /profile, or request a copy of your data
  • Rectification — correct inaccurate personal data
  • Erasure — request deletion of your personal data
  • Data portability — receive your data in a machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent
  • Lodge a complaint — with a supervisory authority in your jurisdiction

To exercise any of these rights, contact us at support@exemian.com. We will respond within 30 days. You may also submit requests through an authorized agent.

12. Age Limitation

Our Product is not intended for persons under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you learn that a person under 18 has provided us with personal data, please contact us at support@exemian.com.

13. Do Not Track

Our Product uses analytics and advertising tools to understand usage patterns and measure the effectiveness of our marketing. Some of these tools may use cookies or pixels to collect data about your interactions. While these tools may not respond to "Do Not Track" browser signals, we do not sell your personal data to third parties.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Product. By continuing to use the Product after changes become effective, you agree to the revised Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, contact us at:

Email: support@exemian.com