Skip to content

Privacy Policy

Your data is yours. Here's exactly what we collect, why, and how you can delete it.

Last updated: March 20, 2026

Our commitment

iamaudhd is a self-screening tool for people exploring whether they may have co-occurring ADHD and Autism. We understand the sensitivity of this data. Our privacy practices are built on three principles:

  • Minimal collection — we collect only what is necessary to deliver your results.
  • No monetization of your data — we will never sell, share, or use your data for advertising.
  • Full deletion on request — you can delete all your data at any time, permanently.

What we collect

During the assessment (anonymous)

  • Your responses to the screening and assessment questions, stored server-side and linked to an anonymous session token.
  • No name, email, IP address, or any personally identifiable information is collected during the assessment.
  • A session cookie is stored in your browser to allow you to save progress and resume later. This cookie contains only an anonymous session identifier.

If you purchase the full report

  • Your email address, collected before checkout to create your account and deliver your report.
  • Payment is processed by Stripe. We never see, store, or have access to your credit card number, CVV, or billing address. Stripe handles all payment data under their own privacy policy.
  • We store a Stripe customer ID and payment ID to verify your purchase status. No financial details are stored on our servers.

If you access the community forum

  • Your display name and email are shared with our Discourse forum via Single Sign-On (SSO) to create your forum account. Your real name is never required.
  • Forum activity (posts, replies) is governed by the Discourse instance's own privacy practices.

What we don't collect

  • No third-party analytics. We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.
  • No advertising trackers. There are no ad networks, retargeting pixels, or behavioral tracking on this site.
  • No fingerprinting. We do not use browser fingerprinting, device identification, or any cross-site tracking.
  • No profiling. Your assessment data is used solely to generate your screening results. It is never used for user profiling, ad targeting, or algorithmic recommendation.

How we store your data

  • Assessment responses and user accounts are stored in a PostgreSQL database on our self-hosted infrastructure.
  • All traffic to the site is encrypted in transit via HTTPS (TLS), enforced through Cloudflare.
  • The database is backed up daily with a 7-day retention window. Backups are stored on the same self-hosted infrastructure.
  • Anonymous session data (assessment responses without a linked account) is retained indefinitely to allow resume functionality. Sessions can be deleted on request.

Cookies

We use only essential cookies:

  • Session token — an anonymous identifier that allows you to save progress and resume the assessment. Contains no personal information.
  • Authentication cookie — if you create an account (after purchasing the full report), a JWT cookie maintains your login session. Secure flag is enabled in production; SameSite is set to Strict.

We do not use any tracking cookies, advertising cookies, or third-party cookies.

Your rights (GDPR)

If you have created an account, you have the right to request complete deletion of all data associated with your account. This includes:

  • Your user account and email address
  • All assessment sessions and individual responses
  • All scoring results and reports
  • Your Stripe customer and payment identifiers (from our database)
  • Your Discourse forum account (anonymized)

Deletion is performed via a single API call (DELETE /api/account) and cascades through all related records. This action is permanent and irreversible.

To request deletion, log into your account and use the account deletion option, or contact us at [email protected].

Third-party services

We use the following third-party services:

  • Stripe — payment processing. Stripe receives your email and payment information when you purchase the full report. See Stripe's privacy policy.
  • Resend — transactional email (welcome emails, password reset). Receives your email address only. See Resend's privacy policy.
  • Cloudflare — DNS, DDoS protection, and SSL termination. Cloudflare processes request metadata (IP addresses, headers) as part of its network services. See Cloudflare's privacy policy.
  • Discourse — community forum. Receives your display name and email via SSO if you access the forum. Governed by its own privacy practices.

We will never sell your data

This is not a hedge or a legal formality. We will never sell, license, rent, or otherwise commercially transfer your personal information or assessment data to any third party, for any reason, under any circumstance.

Our revenue comes from the $19.99 report purchase. That's it. Your data is not our product.

Changes to this policy

If we make material changes to this privacy policy, we will update the “Last updated” date at the top of this page. For significant changes that affect how your data is handled, we will notify registered users by email.

Contact

For questions about this privacy policy or to request data deletion, contact us at [email protected].

Ready to understand your mind?

Free to start. No account required. 20-question screener with instant results.

Begin the Assessment