Privacy Policy.

1.1 Company and Service Terms

• Cerebrum ("we," "us," or "our")
• Service: All features, functionalities, programs, and content available through Cerebrum
• Platform: Our website and related services accessible via any device
• User: Any individual accessing or using our services ("you" or "your")

1.2 Data and Privacy Terms

• Personal Data: Any information relating to an identified or identifiable natural person
• Processing: Any operation performed on personal data
• Data Controller: Cerebrum, determining the purposes and means of processing personal data
• Data Processor: Third parties that process personal data on our behalf

2.1 Policy Overview

This privacy policy explains how Cerebrum collects, uses, and protects your personal data. It provides detailed information about your privacy rights and how you can exercise them.

2.2 Scope

This policy applies to all users of Cerebrum globally, across all service features, data collection methods, and platform versions.

2.3 Policy Updates

We may update this policy at any time. Material changes are notified via email; continued use after notification constitutes acceptance.

3.1 Account Information

A. Essential Data

• Email address (required for authentication)
• Name (collected during payment processing)
• Last sign-in timestamp
• Unique account identifiers
• IP addresses

B. Optional Data

• Phone number (if provided through payment processors)
• User preferences and settings
• Communication preferences

3.2 Service Usage Data

A. Test Results

• Final IQ scores
• Completion timestamps
• Performance metrics
• Note: Individual test answers are processed in real-time and are not stored

B. Interaction Data

• Features accessed
• Time spent on platform
• Navigation patterns
• Device information

3.3 Payment Information

We receive only limited payment data: tokenized identifiers, the first six and last four digits of payment cards, and card expiration dates.

3.4 Technical and Device Data

We automatically collect device and usage information through standard web technologies, including IP address, approximate location, and platform performance data.

4.1 Primary Processing Purposes

A. Service Provision

• Account creation and management
• Authentication and security
• Feature access and customization
• Customer support
• Service optimization

B. Payment Processing

• Subscription management
• Payment authorization
• Fraud prevention
• Transaction records
• Billing support

C. Communication

• Service updates and notifications
• Security alerts
• Product information
• Support responses
• Legal notices

4.2 Secondary Purposes

We also process data for service improvement (usage analysis, feature optimization, bug resolution) and aggregated analytics and research.

4.3 Legal Bases for Processing

We process personal data on the basis of: (a) contractual necessity; (b) legal obligations; (c) legitimate interests (service improvement, fraud prevention, security); and (d) your consent (marketing communications, optional features, analytics participation).

5.1 Storage Location and Data Transfers

• All personal data is stored in secure European data centers
• Data is transmitted globally using encrypted channels
• We employ appropriate safeguards for international data transfers
• Continuous compliance monitoring and security measures are in place

5.2 Security Measures

We implement industry-standard technical and organizational security measures, including encryption, access controls, intrusion detection, and regular security audits. Payment processing is PCI DSS compliant. We store only tokenized payment data and never have access to complete card numbers. We maintain encrypted, geographically redundant backups with disaster recovery and business continuity procedures.

5.3 Data Breach Notification

In the event of a data breach, we will: (a) immediately initiate our incident response plan to contain and assess the breach; (b) notify affected users without undue delay via email; and (c) notify relevant supervisory authorities as required by law.

6.1 Analytics and Infrastructure Partners

We utilize third-party analytics and infrastructure services to monitor, improve, and secure our platform. Session recording tools may be used for bug investigation and performance optimization, with user inputs masked and interactions anonymized.

6.2 Advertising Partners and Data Sharing

We work with advertising partners including Facebook, Google, SnapChat, TikTok, Taboola, Outbrain, AppLovin, and Pinterest. These partners may receive anonymous identifiers, email addresses (for advertising purposes), usage data, device information, and interaction metrics.

6.3 User Control Over Tracking

Users can limit tracking through browser cookie settings, ad-blocker extensions, device settings, and platform-specific controls. Opt-out options include Digital Advertising Alliance (DAA) tools, Network Advertising Initiative (NAI) platform, platform-specific advertising settings, and individual advertising partner opt-outs.

7.1 Universal Rights

• Access their personal data
• Correct inaccurate data
• Request data deletion
• Object to processing
• Data portability
• Withdraw consent

7.2 Regional Privacy Rights

EU/UK (GDPR): Rights regarding restriction of processing, automated decision-making, and the right to lodge a complaint with a supervisory authority.

California (CCPA/CPRA): Right to know what personal information is collected and shared, right to opt out of the sale of personal information, and right to non-discrimination.

Australia (Privacy Act): Right to collection notification, purpose specification, and use limitation.

Canada (PIPEDA): Right to challenge compliance and expect adequate data protection measures.

7.3 How to Exercise Your Rights

All privacy rights requests can be submitted through our official contact channels. We verify your identity before processing requests. We will respond within timeframes required by applicable law. Personal data will be provided in a commonly used, machine-readable format. Appeals may be submitted within 30 days of our response.

8.1 Retention Periods

• Account data: retained while account is active and for a reasonable period thereafter
• Payment records: as required by applicable tax and financial regulations
• Analytics data: retained in anonymized or aggregated form
• Communication records: retained as long as reasonably necessary
• Security logs: retained as long as reasonably necessary for security and compliance

8.2 Deletion Procedures

• Account deletion: initiated upon request, subject to verification
• Data removal: systematic removal from active systems
• Backup removal: within a commercially reasonable timeframe
• Verification process: confirmation of removal upon completion

For users outside the European Union, we ensure appropriate data protection through standard contractual clauses, technical and organizational security measures, regular compliance monitoring, adherence to international data protection requirements, and continuous evaluation of data protection mechanisms.

9.2 Legal Jurisdiction

This privacy policy is governed by the laws of the State of Delaware, United States. Any legal proceedings shall be exclusively resolved through binding arbitration conducted by the American Arbitration Association. All claims must be brought within six months of the incident date.

Minimum age requirement is 18 years. We do not intentionally collect data from minors. Accounts will be terminated if underage use is discovered.

We reserve the right to modify this privacy policy at any time. Material changes require advance email notification before implementation. Non-material changes (clarifications, formatting, security enhancements) may be implemented immediately. The updated policy is always available on our website. Continued use after changes constitutes acceptance.

• Email: [email protected]
• Help Center: cerebrumiq.com/help
• Address: 2093 Philadelphia Pike #3129, Claymont, DE 19703, United States