Privacy Policy

This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our personality assessment platform. We are committed to protecting your privacy and handling your data with care and transparency.

Important: Your personality assessment data is sensitive psychological information. We treat it with the highest level of security and confidentiality.

1. Personal Information

• Email Address: Required to deliver your assessment results and provide access to your dashboard
• Name: Optional, used to personalize your results if provided
• Test Metadata: Date and time of assessment, completion status, time spent on assessment

2. Assessment Responses

• Question Responses: Your answers to personality assessment items
• Personality Scores: Calculated domain and facet scores based on the Big Five (OCEAN) model
• Test Results: Interpretations, percentile rankings, and narrative reports

3. Technical Information

• Browser Information: Browser type, version, and language preferences
• Device Information: Device type, operating system, screen resolution
• Usage Data: Pages viewed, features used, session duration
• IP Address: For security purposes and geographic analytics (anonymized)

4. Cookies and Tracking

We use only strictly necessary cookies. We do not run third-party analytics, advertising, or cross-site tracking on the platform.

• mft_session (essential): An HMAC-signed session token issued after sign-in or checkout. Used to authenticate your dashboard requests. HttpOnly, Secure, SameSite=Lax. Default lifetime: 30 days; cleared on sign-out.
• Edge request logs (Cloudflare): Our infrastructure provider records request metadata (IP address, user agent, timestamp, requested path, response code) for security, abuse prevention, and operational debugging. These are not cookies but are described here for completeness.

Primary Uses

• Assessment Scoring: Calculate your personality scores using automated scoring algorithms
• Results Delivery: Generate personalized reports and deliver them via email
• Result Access: Provide ongoing access to your results through your unique test ID
• Dashboard Services: Display your assessment history and results in your personal dashboard

Secondary Uses

• Platform Improvement: Analyze aggregated, anonymized data to improve assessment quality and user experience
• Research: Conduct psychometric research using de-identified data to study and improve our assessments
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Meet regulatory requirements and respond to lawful requests

What We DO NOT Do

• ❌ We do not sell your personal data or assessment results to third parties
• ❌ We do not use your data for targeted advertising
• ❌ We do not share your individual results without your explicit consent
• ❌ We do not use your data to train AI models without anonymization

Two parts of the assessment pipeline are automated. We describe them here so you can make an informed choice before taking the assessment.

1. Automated Scoring

Your responses are scored deterministically by our scoring engine using published psychometric methods (item-response theory, Bayesian trait estimation, and outcome regression). No human reviews your raw responses as part of producing your score. Identical inputs produce identical scores; the math is reproducible.

2. AI-Generated Narrative Content

The plain-language sections of your report (the "coach narrative" and similar interpretive text) are generated by a large-language model running on Cloudflare Workers AI. The current model is Meta’s Llama 3.1 8B Instruct, executed entirely on Cloudflare’s infrastructure. Your scores and a small set of derived features are sent to the model as input; the model produces narrative text which is then returned to you. We do not send your responses to third-party AI providers (such as OpenAI or Anthropic) at this time. We may change models in the future and will update this Policy if we do.

Your Rights Regarding Automated Processing

Under the GDPR (Art. 22) and similar laws, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Our reports are intended for self-understanding and informational use only and are not, by themselves, decisions of that kind. If a third party (for example, an employer) uses your report to make such a decision, that party — not us — is responsible for providing human review and appeal under applicable law.

You can:

• Request a plain-English explanation of how your scores were calculated
• Request that we re-run the narrative generation
• Object to the use of your data for model evaluation or improvement

Contact privacy@myfivetest.com to exercise any of these rights.

When We Share Your Data

1. With Your Consent

If you take an assessment at the request of an organization (employer, educational institution, etc.), your results may be shared with that organization. You will be clearly informed before taking the assessment if results will be shared.

2. Sub-Processors

We rely on a small number of named third-party providers ("sub-processors") to operate the platform. Each is bound by a Data Processing Agreement (or equivalent contractual terms) and processes your data only on our instructions and only for the purposes listed below. The current sub-processors are:

We will update this list when we add or change sub-processors. Material additions will be communicated as a Privacy Policy update (see "Changes to This Privacy Policy" below).

3. Legal Requirements

We may disclose your information if required by law, such as:

• In response to valid legal process (subpoena, court order)
• To protect our rights, property, or safety
• To prevent fraud or illegal activities
• In connection with a merger, acquisition, or sale of assets (with notice to you)

4. Research Purposes

We may use anonymized, aggregated data for psychometric research and validation studies. Individual responses are de-identified before use in research, making it impossible to trace back to you.

We implement industry-standard security measures to protect your personal and assessment data:

Technical Safeguards

• Encryption: All data transmitted between your browser and our servers uses TLS/SSL encryption
• Database Security: Assessment data is stored in encrypted databases with access controls
• Access Controls: Strict role-based access controls limit who can view your data
• Secure Infrastructure: Our platform is hosted on secure, compliant cloud infrastructure

Organizational Safeguards

• Employee Training: Staff with data access receive privacy and security training
• Confidentiality Agreements: All personnel sign strict confidentiality agreements
• Regular Audits: We conduct regular security audits and vulnerability assessments
• Incident Response: We have procedures in place to respond to security incidents

Note: While we take extensive measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.

How Long We Keep Your Data

Active Assessment Data

• Complete Assessments: Retained indefinitely so you can access your results at any time
• Incomplete Assessments: Deleted after 90 days of inactivity
• Email Addresses: Retained while you have active assessments

Deleted Account Data

• Upon Request: You can request deletion of your data at any time
• Deletion Timeline: Data is permanently deleted within 30 days of your request
• Exceptions: We may retain some data if required by law or for legitimate business purposes (e.g., fraud prevention)

Anonymized Research Data

• De-identified Data: Once anonymized, data cannot be traced back to you and may be retained for research purposes
• Aggregated Statistics: General platform statistics are retained indefinitely

You have the following rights regarding your personal data:

Right to Access

You can access your assessment results and personal data at any time using your test ID. You can also request a copy of all data we hold about you.

Right to Correction

If any of your personal information is inaccurate or incomplete, you can request corrections. Note: Assessment responses cannot be modified after submission as this would invalidate your results.

Right to Deletion

You can request deletion of your personal data and assessment results. We will delete your data within 30 days unless we have a legal obligation to retain it.

Right to Data Portability

You can request a copy of your assessment data in a structured, machine-readable format (JSON/CSV).

Right to Object

You can object to certain processing of your data, such as use for research purposes. Essential processing for delivering assessment services cannot be objected to.

Right to Withdraw Consent

Where we process data based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@myfivetest.com. We will respond to your request within 30 days.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

For assessments conducted in educational settings with minors, parental/guardian consent must be obtained by the administering institution.

The platform is hosted in the United States and on Cloudflare’s global edge network. All current sub-processors (see "Sub-Processors" above) store and process data primarily in the United States; Mailtrap also operates infrastructure in the European Union. If you access the platform from outside the United States, your data will be transferred to and processed in the United States.

Where transfers leave the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) executed with each sub-processor. The United States does not currently have an EU adequacy decision covering all transfers; you have the right to request a copy of the safeguards in place by contacting privacy@myfivetest.com.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if you have an active assessment
• Provide a prominent notice on our platform

Your continued use of our services after changes to this Privacy Policy constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

We take your privacy seriously and will respond to all requests and inquiries within 30 days.

For European Union Residents (GDPR)

If you are located in the EU, you have additional rights under GDPR:

• Right to lodge a complaint with your local data protection authority
• Right to restriction of processing in certain circumstances
• Right to object to automated decision-making (note: our assessments use automated scoring)

Our legal basis for processing your data is: (1) Contract performance (delivering assessment services), (2) Legitimate interests (platform improvement), and (3) Consent (where applicable).

For California Residents (CCPA)

If you are a California resident, you have additional rights under CCPA:

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights