Privacy Policy

1. Who We Are

Insightable Mind operates the Insightable Mind platform (the "Service"), a free online tool for psychological and wellbeing assessments. We are the entity responsible for handling your personal information under this policy.

If you have any questions about how we handle your information, you can reach us at: legal@insightablemind.com

2. What Information We Collect

We collect the minimum information necessary to provide the Service. We do not ask for more than we need.

2.1 Health Information (Sensitive)

The assessments you complete generate psychological and wellbeing data, including scores, severity ratings, percentile benchmarks, subscale results, interpretive explanations, identified strengths, and diagnostic or risk indicators. Under the Privacy Act 1988 (Cth), this constitutes health information — a category of sensitive information that attracts heightened protection. We handle it accordingly.

This information is linked only to a temporary random identifier for your session, not to your name or identity, unless you choose to provide those separately.

2.2 Session Data

When you use the Service, we automatically collect:

• A temporary random identifier for your session, and an identifier for the assessment you're completing.
• An optional display name, if you choose to provide one.
• An optional email address, if you choose to provide one.
• Timestamps recording when your session started and ended.
• Your individual responses: question number, answer index, score, and the time each response was recorded.

2.3 Identity Information

You can complete an assessment entirely anonymously. We do not require your name at any point in the main assessment flow. Identity information is only collected when you actively choose to provide it:

• Email address: if you opt in to receive your results by email.
• Email address and your first name: if you join our waitlist.

2.4 Approximate Location

When you provide your email address (either to receive results or to join the waitlist), we may use a geolocation service (ipinfo.io) to derive your approximate city and country from your IP address. We do not store your full IP address. This approximate location is passed to Mailchimp alongside your email address when we add or update you in our audience, so we can keep audience records meaningful and contextual.

2.5 Analytics Data

We collect usage and navigation data to understand how the Service is being used and to improve it over time. This includes information about pages visited, how you move through the assessment, and which parts of your results you view. We do not send your individual question responses or scores to our analytics provider as separate data points. We have enabled session replay, which means our analytics provider may capture a visual recording of what appears on your screen during your visit – including results content if you're viewing it at the time. If you provide your email address to receive or unlock your results, that address may also be shared with our analytics provider so your activity can be connected to a consistent profile. See Section 6 for more detail.

2.6 Information We Do Not Collect

We do not collect:

• Your full name (during the main assessment flow).
• Date of birth, gender, or other demographic attributes.
• Payment or financial information. The Service is free.
• Data processed by artificial intelligence. No AI tools are used anywhere in the Service.

3. How We Collect Your Information

We collect information directly from you when you use the Service — by completing an assessment, entering your email address, or signing up to the waitlist. We also collect limited technical data automatically — session identifiers and analytics / usage events as described in Section 2.5 — as part of operating the platform.

We do not collect personal information from third parties or combine your data with externally sourced datasets.

4. Why We Collect Your Information

Under Australian Privacy Principle 3, we collect personal information only where it is reasonably necessary for one or more of our functions or activities. Here is specifically why we collect each type:

4.1 Health and Assessment Data

Collected to generate and display your assessment results. This is the core purpose of the Service. Without this data, results cannot be produced. Where you provide your email address, this data is also used to deliver your results to you. After your results email is sent, all underlying assessment data is deleted (see Section 5).

4.2 Email Address

Collected, with your consent, for one or more of the following purposes:

• To send you your assessment results.
• To notify you of product news or updates, where you have joined the waitlist.

You may withdraw consent and unsubscribe at any time. See Section 8 for your rights.

4.3 Approximate Location

Collected to enrich audience records in Mailchimp (approximate city and country) when you opt in to results by email or join the waitlist. Your results email itself is delivered through Resend (see Section 6).

4.4 Analytics Data

Collected to measure traffic, navigation, and product usage so we can improve the Service, diagnose issues, and understand real journeys through the platform — including through session replay, where on-screen content may be recorded. If you provide your email address to receive or unlock results, that address may also be shared with our analytics provider. See Section 6 for more detail.

4.5 De-identified Research

We may use de-identified, aggregated assessment data — data that cannot be traced back to any individual — to inform our understanding of mental wellbeing patterns across communities. This is not personal information. No identifiable data is shared with researchers or third parties for this purpose. If this ever changes, we will update this policy and give you a meaningful choice.

5. How Long We Keep Your Information

We keep your personal information only for as long as is necessary. Our approach:

5.1 Session and Assessment Data

Your session exists only while your browser tab is open. Closing the tab ends the session. Your responses and scored results are stored temporarily for the sole purpose of generating and delivering your results. As soon as your results email is triggered, all session, response, and result data — including your results URL — is automatically and permanently deleted from our systems.

5.2 Email Address

Transactional email (your results): your email address, your results link, and related message details are processed by Resend for as long as needed to send the email and resolve delivery issues, in line with Resend's retention practices. Audience and ongoing communications: your email address (and, where applicable, your first name and approximate location) is retained in Mailchimp for as long as you remain on our audience and subscribed to communications we send through that platform. You may unsubscribe from marketing-style messages using the link in those emails; you may also contact us directly to request deletion or to discuss what we hold.

5.3 Analytics Data

Our analytics providers retain data according to their own settings, including any session replay recordings. Where your email address has been shared with PostHog, that information is retained under PostHog's policies and our arrangements with them. We treat any replay recordings that include health-related or results content with the same care as all other sensitive information described in this policy.

6. Who We Share Your Information With

We do not sell your personal information, and we do not share it with advertisers. The providers listed below are tools we use to run the Service – each chosen carefully, and each receiving only the information they need to do their job.

6.1 Resend (Transactional Email)

Provider: Resend, Inc. Location: United States.

We use Resend to deliver your results email. When you opt in to receive your results, we share your email address, a link to your results page, and the name of the assessment you completed. Resend acts as a data processor on our behalf.

6.2 Mailchimp (Audience / CRM)

Provider: The Rocket Science Group LLC d/b/a Mailchimp. Location: United States.

We use Mailchimp to manage our email audience. When you opt in to results by email or join the waitlist, we share your email address and the name of the assessment you completed. We may also share your approximate city and country (see Section 6.5), and your first name if you join the waitlist. Your results email itself is sent through Resend, not Mailchimp. Mailchimp acts as a data processor on our behalf under its Data Processing Addendum.

6.3 PostHog (Analytics)

Provider: PostHog, Inc. Location: United States (us.i.posthog.com).

We use PostHog to understand how people move through the Service, diagnose issues, and improve the experience over time.

Usage data: We collect pageview and page-leave events, including the full URL of pages visited – which on results pages may include a unique identifier in the path. We also collect specific product events, such as when certain results screens are shown or when you submit your email to unlock insights. We do not send your individual question responses or scores to PostHog as separate event payloads.

Session replay: We have enabled PostHog's session replay feature, which captures a visual recording of your session – including content visible on screen at the time. If you are viewing your results when a recording is active, that content may appear in the replay. PostHog applies standard masking for certain field types such as passwords; other on-screen content depends on what the Service renders and our PostHog project settings.

Identity: If you submit your email address to receive or unlock your results, we share that address with PostHog so your activity can be associated with a consistent profile.

PostHog initialises only after your first interaction with the page or a short timeout, and does not run on local development environments. In-app surveys are currently disabled.

6.4 Google Analytics (Optional)

Provider: Google LLC. Location: United States.

Where enabled, we use Google Analytics to collect standard anonymised usage data – page visits and session duration. This complements our PostHog data and does not include personal or assessment information.

6.5 ipinfo.io (Geolocation)

Provider: IPinfo, LLC. Location: United States.

When you provide your email address, we use ipinfo.io to derive your approximate city and country from your IP address. We do not store your IP address – only the approximate location, which is passed to Mailchimp as described in Section 6.2.

6.6 New Relic (Infrastructure Monitoring, Optional)

Provider: New Relic, Inc. Location: United States.

Where enabled, we use New Relic to monitor the reliability and performance of the Service. Only server-side operational data is shared – response times, error rates, and similar metrics. No personal information or assessment data is involved.

6.7 Fly.io (Hosting and Database)

Provider: Fly.io, Inc. Location: Australia (Sydney region).

All Service data is processed and stored on Fly.io infrastructure in Sydney. Fly.io acts as a data processor and has no independent access to your data.

7. Overseas Disclosure of Personal Information

Australian Privacy Principle 8 requires us to be transparent when we disclose personal information to overseas recipients. Several of our third-party providers are located in the United States, as described in Section 6.

We take care in selecting overseas providers and take reasonable steps to ensure they are subject to privacy obligations that reflect the standards of the Australian Privacy Principles – through contractual arrangements, their own binding commitments, or applicable law. A list of these providers and their locations is in Section 6.

When you use the Service, your information may be handled by overseas providers as described in this policy. You should be aware that Australian Privacy Law may not apply to the overseas handling of that information, and you may not be able to seek redress under Australian law in relation to such handling. However, we select providers with strong data protection practices and maintain contractual safeguards wherever possible.

8. Your Privacy Rights

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, you have the following rights in relation to your personal information:

8.1 Right of Access (APP 12)

You have the right to request access to the personal information we hold about you. Because we delete assessment data immediately after your results email is sent, personal information may thereafter be held by Mailchimp (if you remain on our audience), Resend (for a period consistent with email delivery and the provider's retention practices), and PostHog (including your email address if you submitted it to unlock or receive results, and pseudonymous analytics otherwise). You can request access by contacting us at the address below and we will help you understand which provider may hold relevant information.

8.2 Right to Correction (APP 13)

If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will respond within a reasonable time and correct the information where we agree it requires correction.

8.3 Right to Unsubscribe

You may withdraw consent to receive marketing or results-related communications from us at any time by using the unsubscribe link in any email we send, or by contacting us directly. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to withdrawal.

8.4 Right to Complain (APP 1)

If you believe we have handled your personal information in a way that does not comply with the Privacy Act or the Australian Privacy Principles, you have the right to make a complaint. You should first contact us directly so we can attempt to resolve the issue. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

8.5 Anonymity and Pseudonymity (APP 2)

Where lawful and practicable, you have the option to interact with us anonymously or using a pseudonym. The core assessment flow supports this by design: you are not required to provide your name or any identifying information to complete an assessment and view your results.

9. How We Protect Your Information

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access.

All data is stored in Australia on Fly.io infrastructure in Sydney. Access to our systems is protected by secure authentication. Assessment data is automatically deleted as soon as your results email is sent, which substantially limits how long sensitive information is held. We do not store your IP address.

No method of transmission over the internet is completely secure, and we cannot guarantee absolute security. If you believe your information has been compromised, please contact us straight away.

10. Cookies and Tracking Technologies

We use a temporary random identifier to manage your assessment session while you're using the Service. This is not a long-lived tracking cookie – it exists only for the duration of your visit.

Our analytics providers – PostHog and, where enabled, Google Analytics – may set their own cookies or use similar technologies to track usage over time. If you submit your email address to receive or unlock results, PostHog may link that identifier to your email address. Session replay recordings are stored by PostHog under its own retention practices. You may be able to manage these through your browser settings.

Access to our platform's backend uses a secure session cookie for administrative purposes only. This does not affect your experience as a user of the Service.

11. Children and Young People

The Service does not have an age-gating mechanism. We do not knowingly collect personal information from children in a manner inconsistent with applicable law.

Because the Service collects health information — a sensitive category — parents or guardians who have concerns about a young person's use of the Service are encouraged to contact us. We will work with you to address those concerns appropriately.

12. No Artificial Intelligence Processing

Your personal information, including your assessment responses and results, is never processed by artificial intelligence or machine learning systems. We have no integrations with AI providers. All scoring, interpretation, and results logic is produced by validated, human-designed assessment instruments.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this document. For material changes – particularly any change to how we handle health information or overseas disclosures – we will take steps to notify affected users where reasonably practicable.

In our March 2026 update, we enabled PostHog session replay and updated Sections 2.5, 6.3, and 10 to reflect this. Our previous clarifications about Resend, Mailchimp, and PostHog identity also remain in effect.

Your continued use of the Service after any update constitutes acknowledgement of the revised policy. We encourage you to review this policy periodically.

14. Contact Us and How to Make a Complaint

We take privacy seriously and welcome any questions, concerns, or feedback about how we handle your personal information. Please reach out — we will respond thoughtfully and promptly.

Privacy enquiries and complaints:
Insightable Mind
Email: legal@insightablemind.com

If you make a complaint, we will acknowledge it within a reasonable time and aim to resolve it within 30 days. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001