Your data, handled with care.

Spectrum Insights ("we", "us", "the Service") is an online self-screening tool that helps adults map their own autism-related trait profile. We are not a clinical provider and our service is not a medical diagnosis.

• Assessment answers — the 1–5 Likert response you give to each of the 45 questions. These are stored under a random anonymous identifier.
• Email address (optional) — only if you choose to enter one to receive your report, save your assessment, or create an account.
• Account information (optional) — if you create an account: your name, email address, and a salted bcrypt password hash. We never store your plain-text password.
• Payment metadata — when you purchase the $4.99 results unlock, we record the Stripe checkout session ID, amount, currency, and payment status. We never see or store your card number, CVC, or banking details — those are handled entirely by Stripe.
• Standard server logs — IP address, user agent, and request timestamps for security and operational debugging. These are retained for up to 30 days.

Your assessment answers are used to compute your trait profile and render your personalised report. Your email (if provided) is used to deliver your report, send a payment receipt, and — if you have not completed payment — to send a single follow-up reminder. Account credentials are used purely to authenticate you when you sign back in.

We do not sell, rent, or share your individual responses with third parties. Aggregated, anonymised statistics (e.g. average completion time across all users) may be used in marketing or product materials, but never in a way that could be linked back to you.

We rely on a small number of trusted services to operate Spectrum Insights:

• Stripe — payment processing. Stripe receives your card details directly; we never do.
• Resend — transactional email delivery (report emails and abandoned-cart reminders).
• MongoDB Atlas — encrypted-at-rest database hosting for assessments and accounts.

Each of these sub-processors has its own privacy policy and is GDPR-aware.

You have the right to access, correct, export, or delete your data at any time. To exercise any of these rights, email privacy@spectruminsights.xyz and we will respond within 30 days.

If you have an account, you can also sign in and request deletion from your account page. Deleting your account removes all assessments associated with you.

We use the bare minimum of browser storage required to keep you signed in (a JWT in localStorage if you create an account) and to ensure dialogs like our exit-intent prompt do not appear more than once per session. We do not use third-party advertising cookies.

Spectrum Insights is intended for adults. The service is not directed at children under 16, and we do not knowingly collect information from them. If you believe a child has used the service, please contact us so we can remove the data.

Our servers are located in the United States and the European Union. By using the service you consent to your data being processed in those jurisdictions. Where the EU GDPR applies, we act as the data controller for the information described in this policy.

We may update this policy from time to time to reflect product or legal changes. When we do, the "Last updated" date above will change. Material changes will be highlighted on the home page for at least 14 days.

Questions about this policy or how we handle your data? Email privacy@spectruminsights.xyz.