This Privacy Policy describes how ReadMyBlot ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the ReadMyBlot service (the "Service"). It applies globally to all users. We are committed to protecting your privacy and processing your personal data in accordance with applicable data protection laws worldwide, including the European Union General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), Australia's Privacy Act 1988, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable privacy frameworks.
Please read this Privacy Policy carefully. By using the Service, you acknowledge that you have read and understood how we handle your personal data.
ReadMyBlot is operated by Pinchysoft, based in Western Australia. Pinchysoft is the data controller responsible for your personal data collected through the Service.
If you have any questions about how we process your data, please contact us at [email protected].
If you are located in the European Economic Area (EEA) or United Kingdom, Pinchysoft is the data controller under the GDPR and UK GDPR respectively. Our legal basis for processing your data is described in Section 3 below.
When you register for and use the Service, we collect:
Name: To personalise your portrait and the service experience.
Email address: For account creation, authentication, email verification, password resets, and service communications.
Password: Stored in hashed form using industry-standard cryptographic algorithms. We do not have access to your plaintext password.
Date of birth: Collected during registration solely to verify that you meet the minimum age requirement (18+). Your date of birth is processed locally in your browser and is not transmitted to or stored on our servers.
Inkblot responses: The text (and, if used, voice transcriptions) you provide in response to the inkblot images. These are highly personal and treated as sensitive data.
Generated portrait data: The psychological portrait created from your responses by our AI system.
When you use the Service, we may automatically collect:
Device and browser information: Browser type, operating system, screen resolution.
Usage data: Pages visited, features used, time spent, and interaction patterns.
IP address: Used for security, fraud prevention, and approximate geolocation.
Log data: Server logs including access times, error reports, and diagnostic data.
When you purchase the full portrait, payment is processed by our third-party payment processor, Stripe. We do not collect or store your credit card number, bank account details, or other financial instrument data. We share your email address and an internal user identifier with Stripe for the purpose of processing your payment. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.
If you choose to use the voice input feature, your speech is processed in real-time by your browser's built-in speech recognition to produce a text transcription. The audio is not recorded or transmitted to our servers. However, in some jurisdictions — including Illinois (BIPA), Texas, and Washington state in the US, and under the GDPR — voice data may be classified as biometric data. By using the voice input feature, you consent to this processing. You are not required to use voice input; you may type your responses instead.
We do not collect or process:
Precise geolocation data.
Voice recordings or voiceprints (speech is processed locally by your browser and only the resulting text transcription is used).
Data from third-party social media platforms.
For users in the EEA and United Kingdom, we process your personal data on the following legal bases:
Contract performance: Processing your account data and responses is necessary to provide the Service you have requested.
Legitimate interests: Processing usage data to maintain security, prevent fraud, and improve the Service, where this does not override your rights.
Legal obligation: Retaining certain data to comply with legal requirements.
Consent: Where we seek your consent for optional processing (such as marketing communications), which you may withdraw at any time.
Explicit consent for special category data: We treat your inkblot responses and resulting psychological portrait as special category data relating to psychological characteristics under GDPR Article 9. Before your responses are processed by our AI system, we obtain your explicit consent through a separate, dedicated consent mechanism. This consent is not bundled with general acceptance of these terms. You may withdraw this consent at any time by deleting your account, though this will result in the loss of your portrait data. Refusal to provide consent will prevent use of the Service.
We use your personal data for the following purposes:
To create and manage your account.
To verify your age and email address.
To process your inkblot responses and generate your personalised portrait using artificial intelligence.
To process your payment via Stripe when you purchase the full portrait.
To store your portrait so you can access it when you return to the Service.
To operate, maintain, secure, and improve the Service.
To detect and prevent fraud, abuse, and security incidents.
To respond to your enquiries and provide customer support.
To send you service-related communications (account confirmations, verification emails, password resets).
To comply with applicable legal obligations.
To conduct aggregated, de-identified research to improve the interpretive quality of the Service. De-identification is applied before any data is used for this purpose, and de-identified data cannot be linked back to you. Where data cannot be fully anonymised, it is treated as personal data and subject to all protections in this policy. No non-anonymised response data is used for model training or system improvement. This research use does not survive account deletion — upon deletion, your data is removed from all systems within 30 days.
The Service involves automated processing to generate interpretive content; however, it is not designed to produce decisions with legal or similarly significant effects. Users are expressly instructed not to rely on outputs for any such decisions.
Your portrait is generated by a probabilistic language model (Anthropic's Claude AI) that creates interpretive narratives based on patterns in your responses. You should be aware that:
The AI does not "understand" your responses in a human sense — it generates plausible interpretive text based on statistical patterns.
Outputs may reflect biases, generalisations, or culturally influenced interpretations that do not accurately represent your individual experience.
The Service does not use validated psychometric instruments, psychological testing standards, or clinically recognised assessment methodologies. Outputs are AI-generated interpretive narratives, not scientifically validated measures of personality, cognition, or emotional functioning.
No human psychologist, clinician, or reviewer is involved in the generation or review of your portrait.
If you believe the AI has processed your responses incorrectly or produced content you find concerning, you may contact us at [email protected] for a manual technical review.
Your inkblot responses and the resulting psychological portrait may constitute sensitive personal data under applicable law, as they relate to your psychological characteristics and inner life. We treat this data with the highest level of care.
We do not use your response data or portrait for employment screening, insurance assessment, credit decisions, law enforcement purposes, or any other purpose that could cause you harm. Your portrait is for your personal use only.
We do not sell, rent, or share your response data or portrait with third parties for marketing, advertising, or commercial profiling purposes.
To provide the Service, we work with the following third-party service providers who process data on our behalf:
Anthropic (Claude AI): Your inkblot responses are processed by Anthropic's Claude AI model to generate your psychological portrait. Anthropic processes your responses solely to generate output for our Service. Under Anthropic's API terms, data submitted via the API is not used to train their models.
Cloudflare: Provides hosting (Cloudflare Pages and Workers), content delivery, and database services (Cloudflare D1) for the Service. Your account data, responses, and portrait are stored in Cloudflare's infrastructure.
Stripe: Processes payments for portrait purchases. Stripe receives your email address and an internal user identifier. Stripe may collect additional payment data directly under the Stripe Privacy Policy.
Resend: Delivers transactional emails on our behalf, including verification emails and password reset emails. Resend receives your email address for this purpose.
All third-party processors are contractually required to maintain appropriate technical and organisational security measures and to process your data only as instructed by us, in accordance with GDPR Article 28 requirements. Where required by law, we ensure that data transfers outside the EEA or UK are protected by appropriate safeguards, including Standard Contractual Clauses. We are not responsible for the independent security practices of third-party processors to the extent permitted by law.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:
Account data (name, email): Retained for as long as your account is active, plus a reasonable period thereafter to comply with legal obligations.
Inkblot responses and portrait: Retained for as long as your account is active. Upon account deletion, responses and portrait data are permanently deleted within 30 days.
Payment records: Transaction records (whether a user has purchased) are retained for as long as required by applicable tax and accounting laws.
Usage and log data: Retained for up to 12 months for security and diagnostic purposes.
You may request the deletion of your data at any time (see Section 9). Upon account deletion, we will permanently delete your responses and portrait within 30 days, unless retention is required by applicable law.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:
Encryption of passwords at rest using industry-standard cryptographic hashing algorithms.
Encrypted transmission of all data using TLS/HTTPS.
Verification of webhook signatures to prevent unauthorised payment events.
Access controls limiting who within our organisation can access personal data.
Regular security reviews and monitoring.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you become aware of any security vulnerability or breach, please contact us immediately at [email protected].
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law. Where the breach is likely to result in a high risk to you, we will inform you without undue delay, providing details of the breach and the steps we are taking in response.
Depending on your jurisdiction, you have the following rights with respect to your personal data. We are committed to honouring these rights regardless of where you are located.
Right of access: To receive a copy of the personal data we hold about you.
Right to rectification: To have inaccurate or incomplete data corrected.
Right to erasure ("right to be forgotten"): To request deletion of your personal data.
Right to restriction: To request that we limit processing of your data in certain circumstances.
Right to data portability: To receive your data in a structured, machine-readable format. You may exercise this right by contacting us at [email protected]; we will provide your data within 30 days.
Right to object: To object to processing based on legitimate interests.
Rights related to automated decision-making: To not be subject to solely automated decisions with significant effects.
Right to withdraw consent: At any time, where processing is based on consent. You may withdraw consent by deleting your account or contacting us.
Right to know: What personal information we collect, use, disclose, and sell.
Right to delete: Your personal information, subject to certain exceptions.
Right to opt-out: We do not sell your personal information.
Right to non-discrimination: For exercising your privacy rights.
Sensitive personal information: Under the CPRA, data revealing psychological characteristics may constitute "sensitive personal information." You have the right to limit the use and disclosure of sensitive personal information. As we only use such data to provide the Service to you, no additional opt-out mechanism is required; however, you may contact us to exercise this right.
As an Australian-based entity, we comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). In particular, APP 8 (cross-border disclosure) applies to our transfers of personal data to overseas processors including Anthropic, Stripe, and Resend (United States). We take reasonable steps to ensure overseas recipients handle your data consistently with the APPs.
Users in South Africa are protected under the Protection of Personal Information Act (POPIA). You have the right to access, correct, and delete your personal information, and to object to processing. To exercise these rights, contact us at [email protected].
Users in Canada, India, and other jurisdictions retain rights consistent with their applicable local privacy laws, including emerging frameworks such as India's Digital Personal Data Protection Act 2023. We apply reasonable efforts to honour equivalent rights for all users globally and will comply with new requirements as they take effect.
To exercise any of your rights, please contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request. We will not charge a fee for reasonable requests, but may charge a reasonable fee for manifestly unfounded or excessive requests.
You may also delete your account and all associated data directly through the Service using the "Delete Account" option in the Account menu.
The Service uses the following browser storage mechanisms:
Session cookie: A single HTTP cookie is used to keep you signed in. This cookie is HttpOnly, Secure, and has a duration of 30 days. It is a strictly necessary cookie required for the Service to function and does not require consent under the ePrivacy Directive.
Local storage (localStorage): The Service stores your language preference and cookie consent status in your browser's localStorage. Your portrait data may also be stored locally on your device for display purposes.
PDF export: When you export your portrait as a PDF, the file is generated and saved directly to your device. No data is transmitted to our servers during this process.
We do not use tracking cookies for advertising or cross-site tracking purposes. We do not use any third-party analytics services at this time.
The Service is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. Age verification is performed during registration. If you believe that a child under 18 has provided us with personal data, please contact us at [email protected] and we will take prompt steps to delete that data.
ReadMyBlot operates globally, and your personal data may be transferred to and processed in countries other than your country of residence. Specifically, your data may be processed in the United States (Anthropic, Stripe, Resend) and globally distributed Cloudflare infrastructure. These countries may have data protection laws that differ from those in your jurisdiction.
Where we transfer personal data outside the EEA or United Kingdom, we ensure that appropriate safeguards are in place in accordance with applicable law, including the use of Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms.
By using the Service, you acknowledge and consent to the transfer of your data internationally as described in this Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the effective date at the top of this document and, where appropriate, by email notification. We encourage you to review this Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.
If you are located in the EEA and believe that we have not addressed your concern satisfactorily, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu. UK users may contact the Information Commissioner's Office at https://ico.org.uk. Australian users may contact the Office of the Australian Information Commissioner at https://www.oaic.gov.au.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:
Pinchysoft (operating as ReadMyBlot)
PO Box 8610, Perth WA 6849, Australia
Email: [email protected]
Website: https://readmyblot.com