This Privacy Policy describes how ReadMyBlot ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the ReadMyBlot service (the "Service"). It applies globally to all users. We are committed to protecting your privacy and processing your personal data in accordance with applicable data protection laws worldwide, including the European Union General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), Australia's Privacy Act 1988, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable privacy frameworks.
Please read this Privacy Policy carefully. By using the Service, you acknowledge that you have read and understood how we handle your personal data.
ReadMyBlot is the data controller responsible for your personal data collected through the Service. If you have any questions about how we process your data, please contact us at [email protected].
If you are located in the European Economic Area (EEA) or United Kingdom, ReadMyBlot is the data controller under the GDPR and UK GDPR respectively. Our legal basis for processing your data is described in Section 3 below.
When you register for and use the Service, we collect:
Name: To personalise your portrait and the service experience
Email address: For account creation, authentication, and communications
Password: Stored in encrypted form; we do not have access to your plaintext password
Inkblot responses: The text (and, if used, voice transcriptions) you provide in response to the inkblot images. These are highly personal and treated as sensitive data
Generated portrait data: The psychological portrait created from your responses
When you use the Service, we may automatically collect:
Device and browser information: Browser type, operating system, screen resolution
Usage data: Pages visited, features used, time spent, and interaction patterns
IP address: Used for security, fraud prevention, and approximate geolocation
Log data: Server logs including access times, error reports, and diagnostic data
We do not collect or process:
Precise geolocation data
Financial or payment information (the Service is free to use)
Biometric data beyond voice transcriptions where you choose to use the voice input feature
Data from third-party social media platforms
For users in the EEA and United Kingdom, we process your personal data on the following legal bases:
Contract performance: Processing your account data and responses is necessary to provide the Service you have requested
Legitimate interests: Processing usage data to maintain security, prevent fraud, and improve the Service, where this does not override your rights
Legal obligation: Retaining certain data to comply with legal requirements
Consent: Where we seek your consent for optional processing (such as marketing communications), which you may withdraw at any time
Where we process special categories of data — which may include data inferred from your psychological responses — we do so on the basis of your explicit consent, which you provide by choosing to use the Service and submit your responses.
We use your personal data for the following purposes:
To create and manage your account
To process your inkblot responses and generate your personalised portrait
To store your portrait so you can access it when you return to the Service
To operate, maintain, secure, and improve the Service
To detect and prevent fraud, abuse, and security incidents
To respond to your enquiries and provide customer support
To send you service-related communications (account confirmations, updates)
To comply with applicable legal obligations
To conduct aggregated, anonymised research to improve the interpretive quality of the Service (where data is de-identified and cannot be linked back to you)
We do not use your response data or portrait to make automated decisions that produce legal or similarly significant effects on you, beyond generating the portrait itself.
Your inkblot responses and the resulting psychological portrait may constitute sensitive personal data under applicable law, as they relate to your psychological characteristics and inner life. We treat this data with the highest level of care.
We do not use your response data or portrait for employment screening, insurance assessment, credit decisions, law enforcement purposes, or any other purpose that could cause you harm. Your portrait is for your personal use only.
We do not sell, rent, or share your response data or portrait with third parties for marketing, advertising, or commercial profiling purposes.
To provide the Service, we work with carefully selected third-party service providers who process data on our behalf. These include:
Artificial intelligence providers: Your responses are processed by third-party AI models to generate your portrait. These providers are bound by data processing agreements and may not use your data for their own training or commercial purposes beyond providing the Service to us
Cloud infrastructure providers: For secure hosting and data storage
Analytics providers: For anonymised usage analytics to help us improve the Service
All third-party processors are contractually required to maintain appropriate technical and organisational security measures and to process your data only as instructed by us. Where required by law, we ensure that data transfers outside the EEA or UK are protected by appropriate safeguards, including Standard Contractual Clauses.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:
Account data (name, email): Retained for as long as your account is active, plus a reasonable period thereafter to comply with legal obligations
Inkblot responses and portrait: Retained for as long as your account is active and for a period not exceeding 12 months after account deletion, after which they are permanently deleted
Usage and log data: Retained for up to 12 months for security and diagnostic purposes
You may request the deletion of your data at any time (see Section 9). Upon account deletion, we will permanently delete your responses and portrait within 30 days, unless retention is required by applicable law.
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:
Encryption of passwords at rest using industry-standard hashing algorithms
Encrypted transmission of data using TLS/HTTPS
Access controls limiting who within our organisation can access personal data
Regular security reviews and monitoring
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. If you become aware of any security vulnerability or breach, please contact us immediately at [email protected].
Depending on your jurisdiction, you have the following rights with respect to your personal data. We are committed to honouring these rights regardless of where you are located.
Right of access: To receive a copy of the personal data we hold about you
Right to rectification: To have inaccurate or incomplete data corrected
Right to erasure ("right to be forgotten"): To request deletion of your personal data
Right to restriction: To request that we limit processing of your data in certain circumstances
Right to data portability: To receive your data in a structured, machine-readable format
Right to object: To object to processing based on legitimate interests
Rights related to automated decision-making: To not be subject to solely automated decisions with significant effects
Right to withdraw consent: At any time, where processing is based on consent
Right to know: What personal information we collect, use, disclose, and sell
Right to delete: Your personal information, subject to certain exceptions
Right to opt-out: We do not sell your personal information
Right to non-discrimination: For exercising your privacy rights
Users in Australia, Canada, and other jurisdictions retain rights consistent with their applicable local privacy laws. We apply reasonable efforts to honour equivalent rights for all users globally.
To exercise any of your rights, please contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request. We will not charge a fee for reasonable requests, but may charge a reasonable fee for manifestly unfounded or excessive requests.
The Service uses local browser storage (localStorage) to save your session data, preferences, and portrait on your device. This data is stored locally on your device and is not transmitted to our servers unless you explicitly interact with the Service. We do not use tracking cookies for advertising or cross-site tracking purposes.
We may use minimal analytics tools to understand aggregate usage patterns. Where required by law, we will seek your consent before placing non-essential cookies or tracking technologies.
The Service is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you believe that a child under 18 has provided us with personal data, please contact us at [email protected] and we will take prompt steps to delete that data.
ReadMyBlot operates globally, and your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.
Where we transfer personal data outside the EEA or United Kingdom, we ensure that appropriate safeguards are in place in accordance with applicable law, including the use of Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms.
By using the Service, you acknowledge and consent to the transfer of your data internationally as described in this Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the effective date at the top of this document and, where appropriate, by email notification. We encourage you to review this Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.
If you are located in the EEA and believe that we have not addressed your concern satisfactorily, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at https://edpb.europa.eu. UK users may contact the Information Commissioner's Office at https://ico.org.uk.
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us:
ReadMyBlot
Email: [email protected]
Website: https://readmyblot.com