Legal

Privacy Policy

Last updated: April 22, 2025. Effective immediately for new users.

Home / Privacy Policy

Short version: We collect only what we need to run the tests and show your scores. We never sell personal data. Anonymous visitors receive zero tracking cookies. You can request full deletion of your account at any time.

1. Overview

Human Benchmark ("we", "us", "our") operates the website at humanbenchmark.now. This policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have over your information.

We are committed to handling your personal information responsibly and in compliance with applicable data protection law, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) for California residents.

0
Data sold to advertisers
0
Tracking cookies for anonymous users
30 days
Maximum response to deletion requests

2. What We Collect

The data we collect depends on how you interact with Human Benchmark.

Anonymous visitors

Data type What it is Why we collect it
Test scores Numeric result of each test session To compute anonymised population percentiles
Device type Mobile, tablet, or desktop (coarse) To stratify latency norms by hardware class
Country (approximate) Country-level geolocation only, not city or region For geographic distribution statistics

Anonymous visitor scores are stored with no identifier that could link them to an individual. No cookies are set for anonymous visitors.

Registered users (additional data)

Data type What it is Why we collect it
Email address The email you used to register Account authentication and security emails
Display name The username you chose Leaderboard display and dashboard personalisation
Score history Timestamped results linked to your account Personal dashboard trends and history
Google ID (if applicable) Opaque identifier from Google OAuth Sign-in without a password
Session cookie Encrypted token, 30-day expiry Keeping you logged in between visits

3. How We Use Your Data

We use personal data only for the purposes listed below. We do not process data for any purpose incompatible with these stated uses without obtaining fresh consent.

Service delivery
Displaying your score immediately after a test, computing your global percentile rank, and showing your personal history on your dashboard.
Population statistics
Aggregating anonymised scores to produce the population distribution charts and percentile tables shown publicly on each test page and on the Science page.
Security and fraud prevention
Detecting and preventing automated score manipulation, account hijacking, and leaderboard fraud.
Account communications
Sending password reset emails and security alerts when you explicitly request them. We do not send newsletters or promotional emails without explicit opt-in.

4. Cookies

We take a minimal approach to cookies.

Cookie Type Duration Purpose
hb_session Strictly necessary 30 days Keeps registered users logged in. Not set for anonymous visitors.
_ga, _gid Not used - We do not use Google Analytics or any third-party analytics cookies.
fbp, _fbq Not used - We do not use Facebook Pixel or any advertising cookies.

5. Third Parties

We do not sell your personal data. We share it only with the following categories of third party, only to the extent necessary to operate the service:

Infrastructure (cloud hosting)

Processor

Our servers and database are hosted on cloud infrastructure. The provider acts as a data processor under a Data Processing Agreement (DPA) and has no right to use your data for their own purposes.

Google OAuth (optional)

Processor, optional

If you sign in with Google, we receive your Google account ID, name, and email address from Google. We do not share any data back to Google. Using email/password sign-in avoids this entirely.

Qualified researchers (aggregate data only)

Controlled disclosure

We may share aggregate, anonymised datasets with academic researchers under a formal data sharing agreement. These datasets contain no personally identifiable information and cannot be re-linked to individuals.

Law enforcement / legal requirements

Compelled disclosure

We may disclose information if required by law, court order, or governmental authority. We will notify you of such requests where legally permitted to do so.

6. Data Retention

Data type Retention period Notes
Account data (email, display name) Until account deletion Deleted within 30 days of deletion request
Linked score history Until account deletion Deleted with account; cannot be recovered
Anonymous aggregate scores Indefinite Used for population statistics; no PII, cannot be removed
Contact form messages 2 years Retained for support continuity; deleted on request
Server access logs (IP address) 90 days Standard security and fraud detection logs

7. Your Rights

Regardless of your location, you have the following rights over your personal data. To exercise any of these rights, email [email protected] or use the contact form.

Access

Request a copy of all personal data we hold about you.

Correction

Request correction of inaccurate personal data (e.g., wrong email address).

Deletion ("Right to be forgotten")

Request deletion of your account and all linked personal data. We comply within 30 days.

Portability

Request your score history in a machine-readable format (CSV or JSON).

Objection / Restriction

Object to or request restriction of specific processing activities.

Withdraw consent

Withdraw any consent you have given at any time without affecting prior processing.

8. GDPR & CCPA

European Economic Area (GDPR)

For users in the EEA, we process personal data on the following legal bases:

  • -Performance of a contract: Processing your email and scores to provide your account, dashboard, and leaderboard participation.
  • -Legitimate interests: Aggregating anonymised scores for population statistics; fraud prevention.
  • -Legal obligation: Compliance with applicable law and valid legal requests.

EEA users may lodge a complaint with their national data protection authority if they believe we have violated GDPR.

California (CCPA / CPRA)

California residents have additional rights under the CCPA/CPRA:

  • -The right to know what personal information we collect, use, disclose, and sell (we do not sell)
  • -The right to opt out of the sale of personal information (moot - we do not sell)
  • -The right to non-discrimination for exercising CCPA rights

9. Children's Privacy

Human Benchmark is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at [email protected]. We will delete such information within 30 days.

Users aged 13-15 must have parental consent to create an account in jurisdictions where this is required (including under GDPR where the threshold may be 16 years depending on member state law).

10. Security

We implement technical and organisational measures appropriate to the risk level, including:

  • TLS encryption in transit on all connections
  • Passwords stored using a modern, slow hashing algorithm (bcrypt or Argon2)
  • Access controls limiting employee access to data on a need-to-know basis
  • Regular security reviews and dependency audits

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

11. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top and, for registered users, send a notification email before the changes take effect. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

Privacy questions, data access requests, and deletion requests:

[email protected]
Contact form - Select "Privacy or data deletion request"