Privacy Policy
We don't ask for your name, email, or any personal information to take our cognitive tests or get a certificate. We do use Google AdSense to show ads (which uses cookies), and we use anonymized analytics to improve the site. That's it — no accounts, no payments, no personal data stored.
Contents
01 Who we are
Cortextest is an online provider of free cognitive assessments based on established psychometric research. The website at cortextest.com is operated by:
For the purposes of EU/EEA data protection law (the General Data Protection Regulation, "GDPR") and Norwegian data protection law (personopplysningsloven), the data controller named above is responsible for your personal data.
02 What we collect
When you visit the site
We automatically collect limited technical information that virtually every website logs:
- Approximate location (country and region, derived from IP address)
- Device type, browser, and operating system
- Pages you visit and how long you stay
- Referring site (the page that brought you here)
When you take a test
Your answers are processed in your browser to compute your score. We do not link test results to your identity. Aggregated, anonymized performance data may be retained to improve our items (for example, to calibrate item difficulty).
When you generate a certificate
The certificate is generated entirely in your browser. The name you type is used only to render the PDF on your own device — it is never sent to or stored on our servers. We don't collect your name, email, or any other personal information for the certificate.
What we don't collect
We don't ask for your name, email, address, phone number, date of birth, ID number, or payment details. There are no user accounts.
03 Why we collect it
Under GDPR, we need a lawful basis to process personal data. Ours are:
- Legitimate interest — basic site analytics and security logging, in a way that does not override your privacy rights
- Consent — for advertising cookies and any non-essential cookies (you give this through our cookie banner)
04 Cookies and tracking
A cookie is a small text file stored on your device by a website. We use cookies in two categories:
Essential cookies (always active)
- Session cookies — keep you logged into your test session
- Preference cookies — remember whether you've accepted or declined the cookie banner
These are necessary for the site to function and do not require your consent under GDPR.
Optional cookies (require your consent)
- Advertising cookies — set by Google AdSense to show you relevant ads
- Analytics cookies — help us understand which pages are popular and where users have difficulty
You'll see a cookie banner the first time you visit. You can accept, reject, or customize your choices, and change your mind at any time using the "Cookie Settings" link in the footer.
05 Advertising (Google AdSense)
This site is supported by ads served through Google AdSense. Google is a third-party advertising vendor that uses cookies to show ads based on your prior visits to this and other websites. Specifically:
- Google uses the DoubleClick DART cookie to serve ads based on your visit to this site and other sites on the Internet
- You may opt out of personalized advertising by visiting Google Ads Settings
- You may opt out of third-party vendors' use of cookies by visiting aboutads.info
- For users in the EEA, UK, and Switzerland, Google operates under the IAB Transparency and Consent Framework. You can manage your consent through our cookie banner.
If you decline advertising cookies, you'll still see ads — they'll just be non-personalized (less targeted to your interests).
Google's own privacy policy is available at policies.google.com/privacy.
06 Analytics
We use a privacy-respecting analytics tool to understand how visitors use the site. Analytics data is aggregated and does not identify individuals. We measure things like:
- Which pages are visited and in what order
- How long visitors spend on each page
- Which tests are completed and which are abandoned
- What browsers and devices visitors use
If you decline analytics cookies, we don't track this information for your visits.
07 How we share data
We do not sell your personal data to anyone. We share limited technical data with the following providers, only as needed to operate the site:
- Netlify — our website hosting provider (sees your IP and request data, as any hosting provider does)
- Google AdSense — advertising (sees your IP and cookie data if you've consented)
These providers process data only as described here. We may also disclose data if required by Norwegian law, a court order, or to protect our legal rights.
08 How long we keep data
- Anonymous test data — kept indefinitely in aggregated form for item calibration; cannot be linked to individuals
- Server logs — automatically deleted after 30 days
- Analytics data — aggregated reports kept for up to 14 months
- Email correspondence with us — kept for 12 months unless ongoing
09 Your rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:
- Right to access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — ask us to delete your data
- Right to restrict processing — ask us to limit how we use your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — change your cookie or marketing preferences at any time
- Right to lodge a complaint — with the Norwegian Data Protection Authority (Datatilsynet)
To exercise any of these rights, email us at privacy@cortextest.com. We aim to respond within 30 days. There's no charge for exercising your rights.
10 Security
We take reasonable technical and organizational measures to protect your data:
- All data in transit is encrypted with HTTPS/TLS
- Payment data is handled directly by Stripe under PCI-DSS Level 1 standards
- Access to administrative tools is protected by strong authentication
- Third-party providers are chosen for their security track records
No system is perfectly secure. If we ever discover a breach affecting your personal data, we will notify you and Datatilsynet without undue delay, as required by GDPR Article 33.
11 Children
Cortextest is intended for adults. We do not knowingly collect personal data from children under 16. Since we don't collect personal data at all for the tests or certificates, this is largely moot — but if you have concerns, please contact us.
Minors may take the cognitive tests and generate certificates without providing any personal information.
12 International transfers
Some of our service providers (notably Google and Netlify) are based outside the EEA, primarily in the United States. Where data is transferred outside the EEA, we rely on:
- Standard Contractual Clauses approved by the European Commission
- The EU-US Data Privacy Framework where applicable
- The provider's own certified compliance programs
You can request copies of these safeguards by emailing privacy@cortextest.com.
13 Changes to this policy
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top. For material changes, we'll post a notice on the site or ask for renewed consent where required. The current version is always available at cortextest.com/privacy.
14 Contact and complaints
For any privacy questions or to exercise your rights, contact:
If you're not satisfied with our response, you have the right to lodge a complaint with the Norwegian Data Protection Authority: