Privacy Policy

1. Who We Are

Insightable Mind operates the Insightable Mind platform (the "Service"), a free online tool for psychological and wellbeing assessments. We are the entity responsible for handling your personal information under this policy.

If you have any questions about how we handle your information, you can reach us at: legal@insightablemind.com

2. What Information We Collect

We collect the minimum information necessary to provide the Service. We do not ask for more than we need.

2.1 Health Information (Sensitive)

The assessments you complete generate psychological and wellbeing data, including scores, severity ratings, percentile benchmarks, subscale results, interpretive explanations, identified strengths, and diagnostic or risk indicators. Under the Privacy Act 1988 (Cth), this constitutes health information — a category of sensitive information that attracts heightened protection. We handle it accordingly.

This information is linked only to your session identifier (a random UUID), not to your name or identity, unless you choose to provide those separately.

2.2 Session Data

When you use the Service, we automatically collect:

• A unique session identifier (UUID) and assessment identifier.
• An optional display name, if you choose to provide one.
• An optional email address, if you choose to provide one.
• Timestamps recording when your session started and ended.
• Your individual responses: question number, answer index, score, and the time each response was recorded.

2.3 Identity Information

You can complete an assessment entirely anonymously. We do not require your name at any point in the main assessment flow. Identity information is only collected when you actively choose to provide it:

• Email address: if you opt in to receive your results by email.
• Email address and your first name: if you join our waitlist.

2.4 Approximate Location

When you provide your email address (either to receive results or to join the waitlist), we may use a geolocation service (ipinfo.io) to derive your approximate city and country from your IP address. We do not store your full IP address. This approximate location is passed to our email platform (Mailchimp) alongside your email address.

2.5 Analytics Data

We collect anonymised pageview and page-leave events to understand how the Service is being used. This data does not identify you individually. See Section 6 for details of the analytics providers we use.

2.6 Information We Do Not Collect

We do not collect:

• Your full name (during the main assessment flow).
• Date of birth, gender, or other demographic attributes.
• Payment or financial information. The Service is free.
• Data processed by artificial intelligence. No AI tools are used anywhere in the Service.

3. How We Collect Your Information

We collect information directly from you when you use the Service — by completing an assessment, entering your email address, or signing up to the waitlist. We also collect limited technical data automatically (session identifiers, anonymised analytics events) as part of operating the platform.

We do not collect personal information from third parties or combine your data with externally sourced datasets.

4. Why We Collect Your Information

Under Australian Privacy Principle 3, we collect personal information only where it is reasonably necessary for one or more of our functions or activities. Here is specifically why we collect each type:

4.1 Health and Assessment Data

Collected to generate and display your assessment results. This is the core purpose of the Service. Without this data, results cannot be produced. Where you provide your email address, this data is also used to deliver your results to you. After your results email is sent, all underlying assessment data is deleted (see Section 5).

4.2 Email Address

Collected, with your consent, for one or more of the following purposes:

• To send you your assessment results.
• To notify you of product news or updates, where you have joined the waitlist.

You may withdraw consent and unsubscribe at any time. See Section 8 for your rights.

4.3 Approximate Location

Collected solely to provide contextual information to our email platform (Mailchimp) when sending your results or waitlist communications.

4.4 Analytics Data

Collected in anonymised, aggregate form to help us understand how the Service is used and to improve it over time. This data cannot identify you.

4.5 De-identified Research

We may use de-identified, aggregated assessment data — data that cannot be traced back to any individual — to inform our understanding of mental wellbeing patterns across communities. This is not personal information. No identifiable data is shared with researchers or third parties for this purpose. If this ever changes, we will update this policy and give you a meaningful choice.

5. How Long We Keep Your Information

We keep your personal information only for as long as is necessary. Our approach:

5.1 Session and Assessment Data

Your session exists only while your browser tab is open. Closing the tab ends the session. Your responses and scored results are stored temporarily for the sole purpose of generating and delivering your results. As soon as your results email is triggered, all session, response, and result data — including your results URL — is automatically and permanently deleted from our systems.

5.2 Email Address

Your email address is retained in Mailchimp for as long as you remain subscribed to receive communications from us. You may unsubscribe at any time using the link in any email we send, after which your address will be removed. You may also contact us directly to request deletion.

5.3 Anonymised Analytics

Anonymised, aggregated analytics data (pageview events and similar) does not constitute personal information and is retained for ongoing service improvement purposes. It cannot be used to identify you.

6. Who We Share Your Information With

We do not sell your personal information. We do not share it with advertisers. We share information only with the carefully selected third-party providers listed below, and only to the extent necessary to operate the Service. Each provider is subject to its own privacy terms.

6.1 Mailchimp (Email Platform)

Provider: The Rocket Science Group LLC d/b/a Mailchimp. Location: United States.

What we share: your email address, the name of the assessment you completed, your results URL (automatically deleted after your results email is sent), and optionally your approximate city and country. Where you join the waitlist, we may also share your first name.

Purpose: Delivering your results email and waitlist communications. Mailchimp acts as a data processor on our behalf under its Data Processing Addendum.

6.2 PostHog (Analytics)

Provider: PostHog, Inc. Location: United States (us.i.posthog.com).

What we share: anonymised pageview and page-leave events. No personally identifiable information is shared.

Purpose: Understanding how the Service is used so we can improve it.

6.3 Google Analytics (Analytics, Optional)

Provider: Google LLC. Location: United States.

What we share: standard anonymised analytics data (page visits, session duration). Enabled only where configured in our site settings.

Purpose: Additional usage analytics to complement PostHog.

6.4 ipinfo.io (Geolocation)

Provider: IPinfo, LLC. Location: United States.

What we share: your IP address is sent to ipinfo.io to derive an approximate city and country. We do not store your IP address.

Purpose: Providing approximate location to Mailchimp for contextual email delivery.

6.5 New Relic (Infrastructure Monitoring, Optional)

Provider: New Relic, Inc. Location: United States.

What we share: server-side operational metrics only (response times, error rates, performance data). No personal information or assessment data is shared.

Purpose: Maintaining the reliability and performance of the Service.

6.6 Fly.io (Hosting and Database)

Provider: Fly.io, Inc. Location: Australia (Sydney region).

What we share: all Service data is processed and stored on Fly.io infrastructure in Sydney. Fly.io acts as a data processor and has no independent access to your data.

Purpose: Hosting the application and database.

7. Overseas Disclosure of Personal Information

Australian Privacy Principle 8 requires us to be transparent when we disclose personal information to overseas recipients. Several of our third-party providers are located in the United States, as described in Section 6.

Before disclosing personal information to these overseas providers, we take reasonable steps to ensure they are subject to privacy obligations substantially similar to the Australian Privacy Principles, either through contractual arrangements, their own binding data protection commitments, or applicable law.

By using the Service and providing your personal information, you acknowledge that it may be disclosed to overseas recipients as described in this policy. You should be aware that Australian Privacy Law may not apply to the overseas handling of that information, and you may not be able to seek redress under Australian law in relation to such handling. However, we select providers with strong data protection practices and maintain contractual safeguards wherever possible.

8. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:

8.1 Right of Access (APP 12)

You have the right to request access to the personal information we hold about you. Because we delete assessment data immediately after your results email is sent, the only personal information we are likely to hold after that point is your email address in Mailchimp. You can request access by contacting us at the address below.

8.2 Right to Correction (APP 13)

If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will respond within a reasonable time and correct the information where we agree it requires correction.

8.3 Right to Unsubscribe

You may withdraw consent to receive marketing or results-related communications from us at any time by using the unsubscribe link in any email we send, or by contacting us directly. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal.

8.4 Right to Complain (APP 1)

If you believe we have handled your personal information in a way that does not comply with the Privacy Act or the Australian Privacy Principles, you have the right to make a complaint. You should first contact us directly so we can attempt to resolve the issue. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

8.5 Anonymity and Pseudonymity (APP 2)

Where lawful and practicable, you have the option to interact with us anonymously or using a pseudonym. The core assessment flow supports this by design: you are not required to provide your name or any identifying information to complete an assessment and view your results.

9. How We Protect Your Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Our security measures include:

• All data is stored on Fly.io infrastructure in the Sydney region, subject to Fly.io's security controls.
• Administrative access to our systems is protected by Google OAuth authentication and HTTP-only signed session cookies.
• Assessment data is automatically deleted immediately after your results email is sent, substantially reducing the window of exposure.
• We do not store your full IP address.

No method of transmission over the internet is completely secure. While we take these obligations seriously, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately.

10. Cookies and Tracking Technologies

We use a temporary, privacy-preserving session identifier (UUID) to manage your assessment session. This is not a long-lived tracking cookie — it exists only for the duration of your visit.

Our analytics providers (PostHog and, where enabled, Google Analytics) may set their own cookies or use similar technologies. These operate in accordance with each provider's own privacy policies. You may be able to control these through your browser settings.

Administrative access to our platform backend uses a secure, HTTP-only signed session cookie. This does not affect users of the public-facing Service.

11. Children and Young People

The Service does not have an age-gating mechanism. We do not knowingly collect personal information from children in a manner inconsistent with applicable law.

Because the Service collects health information — a sensitive category — parents or guardians who have concerns about a young person's use of the Service are encouraged to contact us. We will work with you to address those concerns appropriately.

12. No Artificial Intelligence Processing

Your personal information, including your assessment responses and results, is never processed by artificial intelligence or machine learning systems. We have no integrations with AI providers. All scoring, interpretation, and results logic is produced by validated, human-designed assessment instruments.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document. For material changes — particularly any change to how we handle health information or overseas disclosures — we will take steps to notify affected users where reasonably practicable.

Your continued use of the Service after any update constitutes acknowledgement of the revised policy. We encourage you to review this policy periodically.

14. Contact Us and How to Make a Complaint

We take privacy seriously and welcome any questions, concerns, or feedback about how we handle your personal information. Please reach out — we will respond thoughtfully and promptly.

Privacy enquiries and complaints:
Insightable Mind
Email: legal@insightablemind.com

If you make a complaint, we will acknowledge it within a reasonable time and aim to resolve it within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001