Privacy Policy

When a Customer registers: name, email address, company name, job title, billing information (processed by our payment provider; we do not store full card details).

When Authorised Users use the Service: name and email address (as provided by the Customer); assessment responses, completion times, and interaction data; proficiency scores and analytics generated by the Service.

Automatically collected: IP address, browser type and version, operating system, device type; pages visited, time spent, referral source; cookies and similar technologies (see Section 9).

If you contact us: the content of your communications, including support requests and feedback.

We use personal data to: provide, maintain, and improve the Service; generate assessment results and reports; administer Customer accounts and process payments; provide customer support.

We use anonymised and aggregated data (which cannot identify any individual) to produce industry benchmarks, improve our assessment methodology, and publish research. This is a core function of the Service and is described in our Terms of Service.

We may use your email address to send service-related communications (e.g., account notifications, security alerts, billing information). We will only send marketing communications with your prior consent (opt-in), and you can unsubscribe at any time.

We use technical data to protect the Service against fraud, abuse, and security threats, and to comply with applicable legal obligations.

We collect and process personal data in accordance with the six Data Protection Principles of the PDPO. We collect data only for purposes directly related to the Service, inform data subjects of such purposes, and do not use data for purposes beyond those specified without consent.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: Contract: processing necessary for the performance of our contract with the Customer; Legitimate interests: processing for the purposes of improving the Service, ensuring security, and producing anonymised benchmarks, where such interests are not overridden by the rights and freedoms of the individual; Consent: for marketing communications and non-essential cookies; Legal obligation: where we are required to process data by law.

The following cookies are set when you use the Service:

• Session cookies (set by Clerk, our authentication provider): Required for secure sign-in and session management. These are httpOnly, secure, and expire when your session ends or after a set period of inactivity.
• CSRF token cookie: A security cookie that prevents cross-site request forgery attacks. It is httpOnly and expires with each session.
• Auth success cookie (__auth_success): A temporary cookie (60-second lifetime) used during the login redirect process. It is automatically deleted after use.

We use browser local storage for a single functional purpose: storing a timestamp of the last successful account synchronisation to prevent unnecessary repeat requests. This data is not shared with any third party and does not contain personal information.

We do not use Google Analytics, advertising pixels, social media tracking scripts, or any other third-party tracking technologies. We do not use advertising or tracking cookies for targeted advertising purposes. Your browsing activity on our platform is not shared with advertisers or data brokers.

If you are a data subject under Hong Kong law, you have the right to: request access to your personal data (Data Access Request); request correction of inaccurate personal data (Data Correction Request). To exercise these rights, please contact us at legal@genplify.com. We will respond within 40 days of receiving a valid request.

If you are a data subject in the EEA or UK, you have the right to: access your personal data; rectify inaccurate or incomplete personal data; erase your personal data (right to be forgotten); restrict processing of your personal data; data portability (receive your data in a structured, commonly used, machine-readable format); object to processing based on legitimate interests; not be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects. To exercise these rights, please contact us at legal@genplify.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the CNIL in France, the ICO in the UK).

The Service generates assessment scores using a combination of automated scoring and psychometric analysis. These scores are provided to the Customer for informational purposes. Genplify does not make any employment decisions about Authorised Users. Any decisions based on Assessment Results are made by the Customer, and the Customer is responsible for ensuring compliance with applicable laws regarding automated decision-making.