This website uses technically necessary cookies to ensure basic functionality (e.g., saving your progress in the game). We do not use any analytics or advertising cookies. You can find more information in our Privacy Policy.

Privacy Policy

Last updated: September 26, 2025

This Privacy Policy explains how Iunos ("we," "us") collects, uses, and protects information when you use our service, in accordance with the General Data Protection Regulation (GDPR).

1. Our Privacy-by-Design Approach

The Service is designed to protect your privacy. We do not require you to create an account or provide any directly identifying personal information (like your name or email address) to use the core features of our service. Our system is designed so that we cannot identify you. An exception to this is the user-initiated recovery process for purchased reports, where you provide specific, pseudonymized payment data for verification. Our data processing is based on the following principles:

  • No Directly Identifying Information: We do not ask for or store your name, email address, or other personal details to generate a report. Your questionnaire answers are stored permanently to generate your report, but they are not linked to your identity.
  • Pseudonymous Report Tokens: The service generates a 512-bit random token for your report. We only store a cryptographically hashed version of this token, which allows you to retrieve your report but does not identify you.
  • IP Address Handling: We process pseudonymized hashes of your IP address for two distinct purposes: a permanent hash is stored to record your consent to our legal disclaimers, and a separate, temporary hash is used for rate-limiting and is deleted after 30 days. The raw IP address is never stored.
  • No Analytics or Marketing Cookies: We do not use third-party analytics, advertising, or tracking cookies.
  • Country-Level Geolocation: We derive non-identifying country information from your IP address for tax purposes (VAT). This country code is stored permanently.
  • Consent for Matching: If you choose to use the matching feature, you consent to us comparing your pseudonymized answers with another's to generate a new report.

2. Technically Necessary Cookies

Our website uses cookies that are technically essential for the provision and security of our service. According to the law, your consent is not required for these cookies. You can set your browser to inform you about the placement of cookies and to only allow them on a case-by-case basis.

  • Session Cookie (e.g., PHPSESSID):
    • Purpose: This cookie is essential to maintain your session during your visit to our website. It allows us to save your progress in the questionnaire, your language selection, and other information necessary for functionality from one page to the next.
    • Storage Duration: Until you close your web browser (end of the session).
    • Legal Basis: § 25 para. 2 no. 2 of the German Telecommunications Telemedia Data Protection Act (TTDSG) as well as our legitimate interest in the technically flawless and optimized operation of our website pursuant to Art. 6 para. 1 lit. f GDPR.
  • Consent Cookie (e.g., privacy_consent):
    • Purpose: This cookie stores your decision regarding our cookie banner (consent or rejection). This ensures that the banner is not displayed to you again on subsequent visits.
    • Storage Duration: Typically 1 year.
    • Legal Basis: Our legitimate interest in a user-friendly design of our website and the fulfillment of legal proof obligations pursuant to Art. 6 para. 1 lit. f GDPR.

3. Third-Party Payment Processor: Stripe

We use Stripe, Inc. as our third-party payment processor. When you make a purchase, your payment data (including full name, email, billing address, and credit card details) is sent directly to Stripe. Stripe is the data controller for this payment information, and its use is governed by Stripe's Privacy Policy. We never receive or store your full financial details. We only receive a non-identifiable payment confirmation and a transaction ID. We process this transaction ID for two purposes: (1) for accounting and associating the payment with an anonymous purchase, and (2) to enable you, at your request, to recover access to your report. The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR).

4. Hosting Provider and Server Logs: Hostinger

Our website is hosted by Hostinger International Ltd. For operational and security purposes, Hostinger automatically collects server log files, which may include your IP address, browser type, operating system, and the time of the request. This data is processed by Hostinger to ensure the security and stability of the hosting environment. The legal basis for this processing is our legitimate interest in the secure operation of our website (Art. 6(1)(f) GDPR). We do not merge this log data with other data sources. For more information, please refer to Hostinger's Privacy Policy.

5. Data Storage, Retention, and Security

To provide you with continuous access to your report and to meet our legal obligations, the following data is stored permanently:

  • The hashed version of your report token and your questionnaire answers are retained so your report can be generated on-the-fly.
  • Your country code is retained to comply with international tax regulations (VAT).
  • A pseudonymized hash of your IP address is retained as a permanent record of your consent to our disclaimers.

Separately, to protect our service from misuse, another pseudonymized hash of your IP address is used temporarily for rate-limiting. This specific rate-limiting hash is permanently deleted from our systems within 30 days.

We implement industry-standard security measures and utilize tools such as encryption and hashing to safeguard the data stored on our systems.

6. Access Code Recovery for Purchased Reports

If you lose the access code for a purchased report, we offer a secure recovery feature. This process requires you to provide specific, non-identifying details from your payment (such as the date of purchase, amount, and the last 4 digits of your card). We use this information for the sole purpose of querying our payment processor (Stripe) to identify the corresponding anonymous transaction ID and restore your access. This procedure is designed to verify your ownership without requiring you to reveal your personal identity to us. The legal basis is the performance of the contract (Art. 6(1)(b) GDPR), as we ensure you can access the digital service you have purchased.

7. Your Rights Under GDPR (as a Data Subject)

Under the GDPR, you have fundamental rights to access, rectify, and erase your personal data. As our Service is built on the principle of data minimization, we cannot link the answers you provide or the resulting report directly to your identity (e.g., your name or email).

To exercise your rights, you must unambiguously prove your ownership of a specific report. This can be done by providing payment details (such as the Stripe transaction ID) that you received during your purchase—the same verification method used for access recovery. Upon successful verification, we will, of course, comply with your request within the scope of the law. This procedure ensures that we protect your data while complying with the requirements of the GDPR.

8. Data Controller

The data controller for the purposes of the GDPR is:

Iunos
Eliana Pereira
Wilhelm-Greil-Straße 14, 6020 Innsbruck
Austria
Email: hi@iunos.com