Privacy & Data Handling
The assessment collects responses from real people about how their team operates. The privacy model is built around two rules: respondents are told up front who can see what, and we never sell or share the data.
The AI Quiz
The AI Quiz is 100% free and asks for no personal details to show your results: no email, no sign-up. It stores only your quiz answers and the org-size and hours inputs you provide, plus your result (kept under a private, unguessable link so you can reopen it), and it saves a copy in your own browser. If you choose the optional “email me a copy” button on the result page, that email address is used only to send you that one message. It is never added to a list.
What we store
- Engagement metadata: company name, industry, headcount band.
- Respondent list: first name, email, assessment status (invited / in_progress / completed).
- Per-respondent answers, scored.
- Aggregate scores and the AI-generated narrative for the engagement.
- Email log of invites and reminders sent.
Where it lives
Data is stored in Vercel KV (Upstash Redis). It sits inside the same private project as the rest of the SaaS. There is no third-party CRM, analytics pipeline, or warehouse on the path.
Bot protection (Cloudflare Turnstile)
To stop automated bots from flooding the quiz and assessment forms, we use Cloudflare Turnstile, a privacy-first alternative to CAPTCHA. It runs invisibly in your browser to distinguish humans from bots and processes only the minimal signals needed to do that. It does not show you ads, track you across the web, or build an advertising profile. Cloudflare acts as our service provider for this check. For details on what Turnstile processes, see Cloudflare’s Turnstile Privacy Addendum.
Who can see it
- The respondent sees their own answers as they take the assessment. Once submitted, they cannot re-open them.
- The company admin sees aggregate scores, narrative, and per-respondent completion status. They do NOT see other respondents' raw answers from the client portal. Those stay admin-only on the operator side.
- NathanaelTyre.ai (Nate) has operator access to debug, regenerate reports, and resolve issues. We disclose this explicitly to every respondent before they start.
- The Tyred Bot in engagement mode sees aggregate context only: no per-respondent data, narratives capped at 600 chars per section.
What we never do
- We never sell the data.
- We never share it with another company without explicit written consent.
- We never use respondent answers as training data for any model.
- We never publish company names or quotes from the assessment without consent.
Retention
Engagement records persist while the engagement is active and for the report-token TTL afterward. On request we will purge an engagement and all associated respondent records. Email-log entries are retained for audit purposes.