Privacy Policy

The Coordinated House of Enkian ("Enkian", "we", "us", "our") is committed to protecting your privacy and processing your personal data lawfully, fairly, and transparently. This policy explains what data we collect, why, how we use it, who we share it with, and what rights you have.

We are the data controller for the personal data described in this policy. If you have any questions, contact us at privacy@enkian.com.

1. Data We Collect

1.1 Account Data

When you create an account, we collect your email address and optional display name. If you sign in via a magic link, we process your email to authenticate you.

1.2 Assessment Data

When you complete a cognitive assessment (48-question or 96-question), we collect your responses to each question. From these responses, we derive your cognitive coordinates — twelve numerical values representing your position across the Enkian cognitive framework. We may also derive secondary values including threshold determination, dimensional gap data, and shape descriptions of your coordinate configuration.

1.3 Reports

When a report is generated for you, we store the full text of that report. Reports are generated individually for your specific coordinate set by an AI system (see Section 5) and are not pre-written templates.

1.4 Purchase Data

When you make a purchase, we record the product purchased, the amount paid, currency, and a reference to the payment transaction. We do not store your credit card number, CVV, or full card details — these are handled entirely by our payment processor, Stripe (see Section 4).

1.5 Technical and Usage Data

We use browser localStorage to store your authentication session, assessment progress (so you can resume if interrupted), and your theme preference (light/dark mode). We do not use tracking cookies, analytics platforms, advertising pixels, or fingerprinting technologies. We do not track your behaviour across other websites.

1.6 Consent Records

We record when you give or withdraw consent for data processing, including timestamps and the specific consent given. This is required for our own accountability under data protection law.

2. Why We Process Your Data (Lawful Basis)

Purpose	Data Used	Lawful Basis
Create and manage your account	Email, display name	Contract
Generate your cognitive coordinates	Assessment responses	Consent
Generate personalised reports	Coordinates, assessment tier	Contract (paid) / Consent (free)
Process payments	Email, purchase details	Contract
Send you your report and account emails	Email, report content	Contract
Display your dashboard and coordinates	Coordinates, snapshot data	Contract
Maintain consent and audit records	Consent timestamps, actions	Legal obligation

We do not process your data for marketing, advertising, profiling for third parties, or automated decision-making with legal or similarly significant effects.

3. AI-Generated Content

Your cognitive profile reports are generated by an AI system (Claude, developed by Anthropic). When a report is generated:

• Your cognitive coordinates (twelve numbers) and assessment tier are sent to the AI system as input
• The AI generates a personalised narrative report based on those coordinates
• Your email address, name, and raw assessment responses are not sent to the AI system
• The generated report is stored in our database and associated with your account

Reports are reflective tools designed to help you understand how your mind works. They are not clinical diagnoses, psychological assessments, or medical advice. No automated decisions with legal or similarly significant effects are made based on your data.

Each report includes a visible disclosure confirming it was generated by AI.

4. Third-Party Services

Service	Purpose	Data Shared	Location
Supabase	Database, authentication, server functions	All account and assessment data	EU (Frankfurt)
Stripe	Payment processing	Email, payment card details	EU/US (PCI DSS Level 1 certified)
Anthropic (Claude)	AI report generation	Cognitive coordinates and assessment tier only	US
SendGrid	Transactional email delivery	Email address, report content (when emailed)	US
Cloudflare	Website hosting and CDN	Standard web request data (IP address, user agent)	Global edge network

Where data is transferred outside the UK/EEA, we rely on adequacy decisions, Standard Contractual Clauses (SCCs), or equivalent safeguards provided by each service. Anthropic's API terms include data handling commitments — your coordinates are processed for report generation only and are not used to train AI models.

5. Data Retention

• Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
• Assessment data and coordinates: Retained while your account is active. Deleted with your account.
• Generated reports: Retained while your account is active. Deleted with your account.
• Purchase records: Retained for 7 years after the transaction date to comply with UK tax and accounting obligations.
• Consent records: Retained for 7 years as evidence of lawful processing.
• localStorage data: Stored in your browser only. Cleared when you clear browser data or sign out.

6. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to legal retention requirements).
• Restriction: Request that we limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

You can exercise your right to erasure directly by using the "Delete My Account" button on your Dashboard. For all other requests, contact privacy@enkian.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

7. Cookies and Local Storage

We do not use tracking cookies, analytics cookies, or advertising cookies.

We use browser localStorage (not cookies) for the following strictly necessary purposes:

Item	Purpose	Duration
Authentication session	Keep you signed in	Until sign-out or browser clear
Assessment progress	Allow you to resume an interrupted assessment	Until assessment completed or browser clear
Theme preference	Remember light/dark mode choice	Until browser clear

Our hosting provider (Cloudflare) may set a strictly necessary security cookie (__cflb or cf_clearance) to protect against malicious traffic. This is not used for tracking or analytics.

8. Children

Enkian is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. Our assessment requires an age confirmation before proceeding. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

9. Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Row-level security (RLS) policies ensuring users can only access their own data
• Authentication via Supabase Auth with secure password hashing
• Payment card data handled exclusively by PCI DSS Level 1 certified processors (Stripe)
• AI report generation uses only coordinate data, not personal identifiers

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on the website. The "last updated" date at the top reflects the most recent revision.

11. Contact

The Coordinated House of Enkian
Email: privacy@enkian.com