WorkFit IQ

Legal

Privacy Policy

WorkFit IQ ("we," "us," "our") respects your privacy. This Policy explains what personal information we collect when you use WorkFit IQ, why we collect it, who we share it with, and the rights you have over it.

Effective: May 16, 2026Last updated: May 16, 2026

1. Summary

  • Most of your diagnostic data — your responses, your profile name and email, your results — is stored in your browser’s local storage on your own device. We do not have a copy on our servers.
  • When you make a purchase, we use Stripe or PayPal to process payment. We do not store your card number.
  • When you request your report by email, your name and email address are transmitted to Resend so the email can be delivered.
  • We use analytics and advertising pixels (only those we have configured) to understand how the site is used and to measure ad performance.
  • You have rights of access, deletion, correction, portability, and opt-out described below.

2. Information we collect

Information you provide

  • Profile information. Name and email address that you enter to claim a profile.
  • Diagnostic responses. Your answers to the WorkFit IQ diagnostic, the cognitive aptitude tests, and any optional add-on tests.
  • Payment information. Processed by Stripe or PayPal. We receive a transaction ID, the email address you provided to the processor, the amount, and the success/failure status. We do not receive your full card number, CVV, or bank credentials.
  • Email content. If you ask us to email your report, your name and email address are sent to Resend for the sole purpose of delivering that email.
  • Communications. If you contact us, we keep your message and our reply.

Information collected automatically

  • Usage data. Pages viewed, links clicked, device type, browser, approximate location (from IP), referrer, and timing.
  • Cookies and similar technologies. Described in our Cookie Policy.
  • Local storage.Your diagnostic results, profile, and unlock status are stored in your browser’s local storage. This data does not leave your device unless you explicitly trigger a feature (such as “Email my report” or “Download PDF”) that requires sending it.

3. How we use your information

  • To operate the Service and generate your diagnostic profile;
  • To process purchases, deliver receipts, and grant unlocked content;
  • To deliver requested emails (such as your PDF report);
  • To measure traffic, debug, secure the Service, and prevent fraud;
  • To measure the performance of marketing campaigns;
  • To comply with legal obligations and enforce our Terms;
  • With your consent, for any other purpose disclosed at the point of collection.

Legal bases (for individuals in the EEA / UK): performance of a contract, our legitimate interests in operating and improving the Service, consent (for non-essential cookies and marketing), and compliance with legal obligations.

4. Who we share with

We share information with the following categories of service providers, and only as needed to operate the Service:

  • Payment processors. Stripe, Inc. and PayPal, Inc. See stripe.com/privacy and paypal.com/privacy.
  • Email delivery. Resend (resend.com) processes the content of emails we send on your request.
  • Hosting and infrastructure. Our hosting provider stores logs and serves the site. (Default: Vercel Inc. Swap if you self-host.)
  • Analytics. Where configured: Google Analytics 4.
  • Advertising. Where configured: Google Ads, Meta (Facebook / Instagram), LinkedIn, TikTok, and X / Twitter pixels. These set cookies and may receive event data such as page views and purchases to measure ad performance.
  • Legal and safety. We may disclose information to comply with law, respond to lawful requests, enforce our Terms, or protect the rights, property, or safety of any person.
  • Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction.

We do not sell your personal information for money. Some advertising-pixel disclosures may be considered a “sale” or “sharing” under California law; see the California section below for your opt-out right.

5. International transfers

We and our service providers may process information in the United States and other countries. Where we transfer personal data of EEA or UK residents outside those regions, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms.

6. How long we keep information

Diagnostic responses, profile information, and unlock status are kept in your browser’s local storage for as long as you keep them there. You can delete them at any time using the “Reset everything” control on the Dashboard, or by clearing site data in your browser.

Payment and transaction records are retained by us and our processors for as long as required for tax, accounting, audit, and fraud prevention (typically up to seven years).

Analytics and advertising data are retained per the configuration set with each provider (typically 14 months to 26 months).

7. Security

We use TLS in transit, principle-of-least-privilege access controls, and vendor selection criteria designed to protect your information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

8. Your rights

Everyone

You can:

  • Delete your local data via “Reset everything” on the Dashboard or by clearing browser storage;
  • Email us at privacy@workfitiq.com to ask about, correct, or delete information we hold.

EEA, UK, and Switzerland (GDPR / UK GDPR)

You have the right to:

  • Access the personal data we hold about you;
  • Have inaccurate data corrected;
  • Have your data deleted, subject to applicable exceptions;
  • Restrict or object to certain processing;
  • Receive your data in a portable, machine-readable format;
  • Withdraw consent at any time, without affecting prior processing;
  • Lodge a complaint with your local supervisory authority.

California (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we have collected and how we use it;
  • Request deletion of personal information;
  • Correct inaccurate personal information;
  • Opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising;
  • Limit use of sensitive personal information;
  • Be free from retaliation for exercising these rights.

To opt out of advertising cookies, you can use your browser’s Global Privacy Control (GPC), adjust the cookie settings in your browser, or email us at privacy@workfitiq.com.

Other jurisdictions

Residents of other jurisdictions (including Virginia, Colorado, Connecticut, and others with comprehensive privacy laws) may have similar rights. We honor verified requests on the same basis described above.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us so we can delete it.

10. Do Not Track and Global Privacy Control

Some browsers offer Do Not Track or Global Privacy Control signals. We treat a valid GPC signal as a request to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising on the browser that sent the signal.

11. Changes to this Policy

We may update this Policy. The “Last updated” date above will reflect the latest revision. We will provide additional notice for material changes where required by law.

12. Contact

For privacy questions, requests, or complaints, contact us at privacy@workfitiq.com or by mail at WorkFit IQ, [[Your registered business mailing address]].

Cookies & pixels

We use strictly-necessary local storage to remember your profile and results. With your consent we also load analytics and advertising pixels to measure traffic and ad performance. See our Cookie Policy and Privacy Policy.